forked from Azure/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCitrixAnalytics_userProfile_CL.json
57 lines (57 loc) · 1.37 KB
/
CitrixAnalytics_userProfile_CL.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
[{
"tenant_id":"jimex9vbhnya",
"cur_riskscore":25,
"timestamp":"2021-11-05T10:07:33.652Z",
"event_type":"userProfileRiskscore",
"version":2,
"entity_id":"[email protected]",
"entity_type":"user"
},
{
"app":"Remote Desktop Client",
"cnt":1,
"entity_id":"[email protected]",
"entity_type":"user",
"event_type":"userProfileApp",
"session_domain":"CITRITE",
"tenant_id":"jimex9vbhnya",
"timestamp":"2021-12-15T01:00:00Z",
"user_samaccountname":"CITRITE\\robertova",
"version":2
},
{
"data_usage_bytes":49078650,
"deleted_file_cnt":0,
"downloaded_bytes":49078650,
"downloaded_file_cnt":1,
"entity_id":"[email protected]",
"entity_type":"user",
"event_type":"userProfileUsage",
"shared_file_cnt":0,
"tenant_id":"jimex9vbhnya",
"timestamp":"2021-12-12T01:00:00Z",
"uploaded_bytes":0,
"uploaded_file_cnt":0,
"version":2
},
{
"city":"Sydney",
"cnt":1,
"country":"Australia",
"entity_id":"[email protected]",
"entity_type":"user",
"event_type":"userProfileLocation",
"tenant_id":"jimex9vbhnya",
"timestamp":"2021-12-15T13:00:00Z",
"version":2
},
{
"cnt":3,
"device":"iPhone",
"entity_id":"[email protected]",
"entity_type":"user",
"event_type":"userProfileDevice",
"tenant_id":"jimex9vbhnya",
"timestamp":"2021-12-15T01:00:00Z",
"version":2
}]