diff --git a/cisco_umbrella_dns/assets/logs/cisco-umbrella-dns.yaml b/cisco_umbrella_dns/assets/logs/cisco-umbrella-dns.yaml deleted file mode 100644 index 951e27515a890..0000000000000 --- a/cisco_umbrella_dns/assets/logs/cisco-umbrella-dns.yaml +++ /dev/null @@ -1,524 +0,0 @@ -id: cisco-umbrella-dns -metric_id: cisco-umbrella-dns -backend_only: false -facets: - - groups: - - DNS - name: Answer Type - path: dns.answer.type - source: log - - groups: - - DNS - name: Response Code - path: dns.flags.rcode - source: log - - groups: - - DNS - name: Question Name - path: dns.question.name - source: log - - groups: - - Web Access - name: Method - path: http.method - source: log - - groups: - - Web Access - name: Referer - path: http.referer - source: log - - groups: - - Web Access - name: Status Code - path: http.status_code - source: log - - groups: - - Web Access - name: URL Path - path: http.url - source: log - - groups: - - Web Access - name: URL Host - path: http.url_details.host - source: log - - groups: - - Web Access - name: URL Path - path: http.url_details.path - source: log - - groups: - - Web Access - name: URL Port - path: http.url_details.port - source: log - - groups: - - Web Access - name: URL scheme - path: http.url_details.scheme - source: log - - groups: - - Web Access - name: User-Agent - path: http.useragent - source: log - - groups: - - Web Access - name: Browser - path: http.useragent_details.browser.family - source: log - - groups: - - Web Access - name: Device - path: http.useragent_details.device.family - source: log - - groups: - - Web Access - name: OS - path: http.useragent_details.os.family - source: log - - groups: - - Geoip - name: City Name - path: network.client.geoip.city.name - source: log - - groups: - - Geoip - name: Continent Code - path: network.client.geoip.continent.code - source: log - - groups: - - Geoip - name: Continent Name - path: network.client.geoip.continent.name - source: log - - groups: - - Geoip - name: Country ISO Code - path: network.client.geoip.country.iso_code - source: log - - groups: - - Geoip - name: Country Name - path: network.client.geoip.country.name - source: log - - groups: - - Geoip - name: Subdivision ISO Code - path: network.client.geoip.subdivision.iso_code - source: log - - groups: - - Geoip - name: Subdivision Name - path: network.client.geoip.subdivision.name - source: log - - groups: - - Web Access - name: Client IP - path: network.client.ip - source: log - - groups: - - Geoip - name: Destination City Name - path: network.destination.geoip.city.name - source: log - - groups: - - Geoip - name: Destination Continent Code - path: network.destination.geoip.continent.code - source: log - - groups: - - Geoip - name: Destination Continent Name - path: network.destination.geoip.continent.name - source: log - - groups: - - Geoip - name: Destination Country ISO Code - path: network.destination.geoip.country.iso_code - source: log - - groups: - - Geoip - name: Destination Country Name - path: network.destination.geoip.country.name - source: log - - groups: - - Geoip - name: Destination Subdivision ISO Code - path: network.destination.geoip.subdivision.iso_code - source: log - - groups: - - Geoip - name: Destination Subdivision Name - path: network.destination.geoip.subdivision.name - source: log - - groups: - - Web Access - name: Destination IP - path: network.destination.ip - source: log - - facetType: list - groups: - - Cisco Umbrella DNS - name: Category - path: categories.label - source: log - type: string - - facetType: list - groups: - - Cisco Umbrella DNS - name: Client Country Code - path: external.geoip.country.iso_code - source: log - type: string - - facetType: list - groups: - - Cisco Umbrella DNS - name: Isolated State - path: isolated.state - source: log - type: string - - facetType: range - groups: - - Cisco Umbrella DNS - name: Request Size - path: requestsize - source: log - type: integer - unit: - family: bytes - name: byte - - facetType: range - groups: - - Cisco Umbrella DNS - name: Response Size - path: responsesize - source: log - type: integer - unit: - family: bytes - name: byte - - facetType: list - groups: - - Cisco Umbrella DNS - name: Return Message - path: returnmessage - source: log - type: string - - facetType: list - groups: - - Cisco Umbrella DNS - name: Verdict - path: verdict - source: log - type: string - - facetType: list - groups: - - Cisco Umbrella DNS - name: Warn Status - path: warnstatus - source: log - type: string -pipeline: - type: pipeline - name: Cisco Umbrella DNS - enabled: true - filter: - query: "source:cisco-umbrella-dns" - processors: - - type: date-remapper - name: Define `timestamp` as the official date of the log - enabled: true - meta: - last_update: - timestamp: 1704090436181 - user_name: Darshil Surti - user_email: darshil.surti@crestdatasys.com - tags: [] - sources: - - timestamp - - type: service-remapper - name: Define `type` as the official service of the log - enabled: true - meta: - last_update: - timestamp: 1704090104316 - user_name: Darshil Surti - user_email: darshil.surti@crestdatasys.com - tags: [] - sources: - - type - - type: pipeline - name: Cisco Umbrella DNS logs - enabled: true - filter: - query: "service:dns" - processors: - - type: attribute-remapper - name: Map `querytype` to `dns.answer.type` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704087996572 - tags: [] - sources: - - querytype - sourceType: attribute - target: dns.answer.type - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `returncode` to `dns.flags.rcode` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088010451 - tags: [] - sources: - - returncode - sourceType: attribute - target: dns.flags.rcode - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `domain` to `dns.question.name` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088022304 - tags: [] - sources: - - domain - sourceType: attribute - target: dns.question.name - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: geo-ip-parser - name: GeoIP Parser for External IP - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1702622526430 - tags: [] - sources: - - externalip - target: external.geoip - ip_processing_behavior: do-nothing - - name: Lookup on `dns.flags.rcode` (returncode) to `returnmessage` field - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1702622640141 - tags: [] - source: dns.flags.rcode - target: returnmessage - lookupTable: |- - 0, NOERROR - 1, FORMERR - 2, SERVFAIL - 3, NXDOMAIN - 4, NOTIMP - 5, REFUSED - 6, YXDOMAIN - 7, XRRSET - 8, NOTAUTH - 9, NOTZONE - type: lookup-processor - - type: pipeline - name: Cisco Umbrella Proxy logs - enabled: true - filter: - query: "service:proxy" - processors: - - type: attribute-remapper - name: Map `externalip` to `network.client.ip` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704108982693 - tags: [] - sources: - - externalip - sourceType: attribute - target: network.client.ip - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `destinationip` to `network.destination.ip` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088066314 - tags: [] - sources: - - destinationip - sourceType: attribute - target: network.destination.ip - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `url` to `http.url` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088075739 - tags: [] - sources: - - url - sourceType: attribute - target: http.url - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `statuscode` to `http.status_code` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088084552 - tags: [] - sources: - - statuscode - sourceType: attribute - target: http.status_code - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `referer` to `http.referer` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088093347 - tags: [] - sources: - - referer - sourceType: attribute - target: http.referer - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `useragent` to `http.useragent` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088102993 - tags: [] - sources: - - useragent - sourceType: attribute - target: http.useragent - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `requestmethod` to `http.method` - enabled: true - meta: - last_update: - user_id: "5795822" - timestamp: 1704088112370 - tags: [] - sources: - - requestmethod - sourceType: attribute - target: http.method - targetType: attribute - preserveSource: false - overrideOnConflict: false - - type: attribute-remapper - name: Map `requestsize` to `network.bytes_read` - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1704098151264 - tags: [] - sources: - - requestsize - sourceType: attribute - target: network.bytes_read - targetType: attribute - preserveSource: true - overrideOnConflict: false - - type: attribute-remapper - name: Map `responsesize` to `network.bytes_written` - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1704098160175 - tags: [] - sources: - - responsesize - sourceType: attribute - target: network.bytes_written - targetType: attribute - preserveSource: true - overrideOnConflict: false - - type: user-agent-parser - name: Extract details from `http.useragent` - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1704102529700 - tags: [] - sources: - - http.useragent - target: http.useragent_details - encoded: false - combineVersionDetails: false - - type: url-parser - name: Extract details from `http.url` - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1702622703663 - tags: [] - sources: - - http.url - target: http.url_details - normalizeEndingSlashes: false - - type: geo-ip-parser - name: GeoIP Parser for `network.client.ip` (externalip) - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1702623732699 - tags: [] - sources: - - network.client.ip - target: network.client.geoip - ip_processing_behavior: do-nothing - - type: geo-ip-parser - name: GeoIP Parser for `network.destination.ip` (destinationip) - enabled: true - meta: - last_update: - user_id: "5191598" - timestamp: 1702623702414 - tags: [] - sources: - - network.destination.ip - target: network.destination.geoip - ip_processing_behavior: do-nothing diff --git a/cisco_umbrella_dns/assets/logs/cisco-umbrella-dns_tests.yaml b/cisco_umbrella_dns/assets/logs/cisco-umbrella-dns_tests.yaml deleted file mode 100644 index 4a160b28bcd57..0000000000000 --- a/cisco_umbrella_dns/assets/logs/cisco-umbrella-dns_tests.yaml +++ /dev/null @@ -1,1277 +0,0 @@ -id: cisco-umbrella-dns -tests: - - - sample: |- - { - "date" : "2023-12-11", - "returncode" : 0, - "type" : "dns", - "internalip" : "185.64.148.0", - "allapplications" : [ { - "id" : 989025, - "label" : "Some APIs", - "category" : { - "id" : 1, - "label" : "Application Development and Testing" - } - } ], - "identities" : [ { - "deleted" : false, - "id" : 617808138, - "label" : "DESKTOP-Example", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - }, { - "deleted" : false, - "id" : 617804059, - "label" : "Test", - "type" : { - "id" : 1, - "label" : "Networks", - "type" : "network" - } - } ], - "verdict" : "blocked", - "domain" : "optimizationguide-pa.someapis.com", - "time" : "09:47:00", - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 23, - "label" : "Search Engines", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "querytype" : "A", - "timestamp" : 1702288020000 - } - result: - custom: - allapplications: - - - id: 989025 - label: "Some APIs" - category: - id: 1 - label: "Application Development and Testing" - categories: - - - deprecated: true - integration: false - id: 23 - label: "Search Engines" - type: "content" - - - deprecated: false - integration: false - id: 148 - label: "Application" - type: "application" - - - deprecated: false - integration: false - id: 190 - label: "Search Engines and Portals" - type: "content" - date: "2023-12-11" - dns: - answer: - type: "A" - flags: - rcode: 0 - question: - name: "optimizationguide-pa.someapis.com" - external: - geoip: - city: - name: "Paris" - continent: - code: "EU" - name: "Europe" - country: - iso_code: "FR" - name: "France" - ipAddress: "185.64.148.0" - location: - latitude: 48.90654 - longitude: 2.33339 - subdivision: - iso_code: "FR-IDF" - name: "Île-de-France" - timezone: "Europe/Paris" - externalip: "185.64.148.0" - identities: - - - deleted: false - id: 617808138 - label: "DESKTOP-Example" - type: - id: 9 - label: "Roaming Computers" - type: "roaming" - - - deleted: false - id: 617804059 - label: "Test" - type: - id: 1 - label: "Networks" - type: "network" - internalip: "185.64.148.0" - policycategories: - - - deprecated: false - integration: false - id: 190 - label: "Search Engines and Portals" - type: "content" - returnmessage: "NOERROR" - time: "09:47:00" - timestamp: 1702288020000 - type: "dns" - verdict: "blocked" - message: |- - { - "date" : "2023-12-11", - "returncode" : 0, - "type" : "dns", - "internalip" : "185.64.148.0", - "allapplications" : [ { - "id" : 989025, - "label" : "Some APIs", - "category" : { - "id" : 1, - "label" : "Application Development and Testing" - } - } ], - "identities" : [ { - "deleted" : false, - "id" : 617808138, - "label" : "DESKTOP-Example", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - }, { - "deleted" : false, - "id" : 617804059, - "label" : "Test", - "type" : { - "id" : 1, - "label" : "Networks", - "type" : "network" - } - } ], - "verdict" : "blocked", - "domain" : "optimizationguide-pa.someapis.com", - "time" : "09:47:00", - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 23, - "label" : "Search Engines", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "querytype" : "A", - "timestamp" : 1702288020000 - } - tags: - - "source:LOGS_SOURCE" - timestamp: 1702288020000 - - - sample: |- - { - "date" : "2023-12-19", - "returncode" : 0, - "type" : "dns", - "internalip" : "185.64.148.0", - "allapplications" : [ { - "id" : 992107, - "label" : "test.com", - "category" : { - "id" : 47, - "label" : "Media" - } - } ], - "identities" : [ { - "deleted" : false, - "id" : 618368586, - "label" : "DESKTOP-Name", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - } ], - "verdict" : "allowed", - "domain" : "test.com", - "time" : "12:56:56", - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 194, - "label" : "Streaming Video", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 17, - "label" : "Movies", - "type" : "content" - }, { - "deprecated" : true, - "integration" : false, - "id" : 26, - "label" : "Television", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 194, - "label" : "Streaming Video", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "querytype" : "A", - "timestamp" : 1702990616000 - } - result: - custom: - allapplications: - - - id: 992107 - label: "test.com" - category: - id: 47 - label: "Media" - categories: - - - deprecated: true - integration: false - id: 17 - label: "Movies" - type: "content" - - - deprecated: true - integration: false - id: 26 - label: "Television" - type: "content" - - - deprecated: false - integration: false - id: 148 - label: "Application" - type: "application" - - - deprecated: false - integration: false - id: 194 - label: "Streaming Video" - type: "content" - date: "2023-12-19" - dns: - answer: - type: "A" - flags: - rcode: 0 - question: - name: "test.com" - external: - geoip: - city: - name: "Paris" - continent: - code: "EU" - name: "Europe" - country: - iso_code: "FR" - name: "France" - ipAddress: "185.64.148.0" - location: - latitude: 48.90654 - longitude: 2.33339 - subdivision: - iso_code: "FR-IDF" - name: "Île-de-France" - timezone: "Europe/Paris" - externalip: "185.64.148.0" - identities: - - - deleted: false - id: 618368586 - label: "DESKTOP-Name" - type: - id: 9 - label: "Roaming Computers" - type: "roaming" - internalip: "185.64.148.0" - policycategories: - - - deprecated: false - integration: false - id: 194 - label: "Streaming Video" - type: "content" - returnmessage: "NOERROR" - time: "12:56:56" - timestamp: 1702990616000 - type: "dns" - verdict: "allowed" - message: |- - { - "date" : "2023-12-19", - "returncode" : 0, - "type" : "dns", - "internalip" : "185.64.148.0", - "allapplications" : [ { - "id" : 992107, - "label" : "test.com", - "category" : { - "id" : 47, - "label" : "Media" - } - } ], - "identities" : [ { - "deleted" : false, - "id" : 618368586, - "label" : "DESKTOP-Name", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - } ], - "verdict" : "allowed", - "domain" : "test.com", - "time" : "12:56:56", - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 194, - "label" : "Streaming Video", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 17, - "label" : "Movies", - "type" : "content" - }, { - "deprecated" : true, - "integration" : false, - "id" : 26, - "label" : "Television", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 194, - "label" : "Streaming Video", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "querytype" : "A", - "timestamp" : 1702990616000 - } - tags: - - "source:LOGS_SOURCE" - timestamp: 1702990616000 - - - sample: |- - { - "date" : "2023-12-19", - "returncode" : 0, - "type" : "dns", - "internalip" : "185.64.148.0", - "allapplications" : [ { - "id" : 987820, - "label" : "Social Media Platform", - "category" : { - "id" : 33, - "label" : "Social Networking" - } - } ], - "identities" : [ { - "deleted" : false, - "id" : 618368586, - "label" : "DESKTOP-Test", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - } ], - "verdict" : "proxied", - "domain" : "instagram.com", - "time" : "12:56:56", - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 24, - "label" : "Social Networking", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 20, - "label" : "Photo Sharing", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 24, - "label" : "Social Networking", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - } ], - "externalip" : "185.64.148.0", - "querytype" : "A", - "timestamp" : 1702990616000 - } - result: - custom: - allapplications: - - - id: 987820 - label: "Social Media Platform" - category: - id: 33 - label: "Social Networking" - categories: - - - deprecated: true - integration: false - id: 20 - label: "Photo Sharing" - type: "content" - - - deprecated: false - integration: false - id: 24 - label: "Social Networking" - type: "content" - - - deprecated: false - integration: false - id: 148 - label: "Application" - type: "application" - date: "2023-12-19" - dns: - answer: - type: "A" - flags: - rcode: 0 - question: - name: "instagram.com" - external: - geoip: - city: - name: "Paris" - continent: - code: "EU" - name: "Europe" - country: - iso_code: "FR" - name: "France" - ipAddress: "185.64.148.0" - location: - latitude: 48.90654 - longitude: 2.33339 - subdivision: - iso_code: "FR-IDF" - name: "Île-de-France" - timezone: "Europe/Paris" - externalip: "185.64.148.0" - identities: - - - deleted: false - id: 618368586 - label: "DESKTOP-Test" - type: - id: 9 - label: "Roaming Computers" - type: "roaming" - internalip: "185.64.148.0" - policycategories: - - - deprecated: false - integration: false - id: 24 - label: "Social Networking" - type: "content" - returnmessage: "NOERROR" - time: "12:56:56" - timestamp: 1702990616000 - type: "dns" - verdict: "proxied" - message: |- - { - "date" : "2023-12-19", - "returncode" : 0, - "type" : "dns", - "internalip" : "185.64.148.0", - "allapplications" : [ { - "id" : 987820, - "label" : "Social Media Platform", - "category" : { - "id" : 33, - "label" : "Social Networking" - } - } ], - "identities" : [ { - "deleted" : false, - "id" : 618368586, - "label" : "DESKTOP-Test", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - } ], - "verdict" : "proxied", - "domain" : "instagram.com", - "time" : "12:56:56", - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 24, - "label" : "Social Networking", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 20, - "label" : "Photo Sharing", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 24, - "label" : "Social Networking", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - } ], - "externalip" : "185.64.148.0", - "querytype" : "A", - "timestamp" : 1702990616000 - } - tags: - - "source:LOGS_SOURCE" - timestamp: 1702990616000 - - - sample: |- - { - "date" : "2023-12-11", - "referer" : "", - "requestmethod" : "POST", - "sha256" : "", - "amp" : { - "score" : 0, - "disposition" : "", - "malware" : "" - }, - "useragent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81", - "isolated" : { - "fileaction" : "", - "state" : "not-isolated" - }, - "bundleid" : 14367283, - "requestsize" : 517, - "type" : "proxy", - "internalip" : "185.64.148.0", - "egress" : { - "ip" : "185.64.148.0", - "type" : "shared" - }, - "statuscode" : 303, - "datalossprevention" : { - "state" : "" - }, - "tenantcontrols" : false, - "identities" : [ { - "deleted" : false, - "id" : 617808138, - "label" : "DESKTOP-Test", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - }, { - "deleted" : false, - "id" : 617804059, - "label" : "Test", - "type" : { - "id" : 1, - "label" : "Networks", - "type" : "network" - } - } ], - "responsesize" : 746, - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 23, - "label" : "Search Engines", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "policy" : { - "timebasedrule" : false - }, - "timestamp" : 1702288841000, - "securityoverridden" : false, - "forwardingmethod" : "", - "warnstatus" : "", - "datacenter" : { - "label" : "Singapore, SG", - "id" : "SIN" - }, - "url" : "https://www.bing.com/api/shopping/v1/savings/user/readNotifications", - "contenttype" : "text/html", - "destinationip" : "", - "port" : 443, - "blockedfiletype" : "", - "verdict" : "blocked", - "time" : "10:00:41", - "responsefilename" : "" - } - result: - custom: - amp: - disposition: "" - malware: "" - score: 0 - blockedfiletype: "" - bundleid: 14367283 - categories: - - - deprecated: true - integration: false - id: 23 - label: "Search Engines" - type: "content" - - - deprecated: false - integration: false - id: 148 - label: "Application" - type: "application" - - - deprecated: false - integration: false - id: 190 - label: "Search Engines and Portals" - type: "content" - contenttype: "text/html" - datacenter: - id: "SIN" - label: "Singapore, SG" - datalossprevention: - state: "" - date: "2023-12-11" - egress: - ip: "185.64.148.0" - type: "shared" - forwardingmethod: "" - http: - method: "POST" - referer: "" - status_code: 303 - url: "https://www.bing.com/api/shopping/v1/savings/user/readNotifications" - url_details: - host: "www.bing.com" - path: "/api/shopping/v1/savings/user/readNotifications" - scheme: "https" - useragent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81" - useragent_details: - browser: - family: "Edge" - major: "116" - minor: "0" - patch: "1938" - patch_minor: "81" - device: - category: "Desktop" - family: "Other" - os: - family: "Windows" - major: "10" - identities: - - - deleted: false - id: 617808138 - label: "DESKTOP-Test" - type: - id: 9 - label: "Roaming Computers" - type: "roaming" - - - deleted: false - id: 617804059 - label: "Test" - type: - id: 1 - label: "Networks" - type: "network" - internalip: "185.64.148.0" - isolated: - fileaction: "" - state: "not-isolated" - network: - bytes_read: 517 - bytes_written: 746 - client: - geoip: - city: - name: "Paris" - continent: - code: "EU" - name: "Europe" - country: - iso_code: "FR" - name: "France" - ipAddress: "185.64.148.0" - location: - latitude: 48.90654 - longitude: 2.33339 - subdivision: - iso_code: "FR-IDF" - name: "Île-de-France" - timezone: "Europe/Paris" - ip: "185.64.148.0" - destination: - ip: "" - policy: - timebasedrule: false - policycategories: - - - deprecated: false - integration: false - id: 190 - label: "Search Engines and Portals" - type: "content" - port: 443 - requestsize: 517 - responsefilename: "" - responsesize: 746 - securityoverridden: false - sha256: "" - tenantcontrols: false - time: "10:00:41" - timestamp: 1702288841000 - type: "proxy" - verdict: "blocked" - warnstatus: "" - message: |- - { - "date" : "2023-12-11", - "referer" : "", - "requestmethod" : "POST", - "sha256" : "", - "amp" : { - "score" : 0, - "disposition" : "", - "malware" : "" - }, - "useragent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81", - "isolated" : { - "fileaction" : "", - "state" : "not-isolated" - }, - "bundleid" : 14367283, - "requestsize" : 517, - "type" : "proxy", - "internalip" : "185.64.148.0", - "egress" : { - "ip" : "185.64.148.0", - "type" : "shared" - }, - "statuscode" : 303, - "datalossprevention" : { - "state" : "" - }, - "tenantcontrols" : false, - "identities" : [ { - "deleted" : false, - "id" : 617808138, - "label" : "DESKTOP-Test", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - }, { - "deleted" : false, - "id" : 617804059, - "label" : "Test", - "type" : { - "id" : 1, - "label" : "Networks", - "type" : "network" - } - } ], - "responsesize" : 746, - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 23, - "label" : "Search Engines", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "policy" : { - "timebasedrule" : false - }, - "timestamp" : 1702288841000, - "securityoverridden" : false, - "forwardingmethod" : "", - "warnstatus" : "", - "datacenter" : { - "label" : "Singapore, SG", - "id" : "SIN" - }, - "url" : "https://www.bing.com/api/shopping/v1/savings/user/readNotifications", - "contenttype" : "text/html", - "destinationip" : "", - "port" : 443, - "blockedfiletype" : "", - "verdict" : "blocked", - "time" : "10:00:41", - "responsefilename" : "" - } - tags: - - "source:LOGS_SOURCE" - timestamp: 1702288841000 - - - sample: |- - { - "date" : "2023-12-07", - "referer" : "", - "requestmethod" : "POST", - "sha256" : "", - "amp" : { - "score" : 0, - "disposition" : "", - "malware" : "" - }, - "useragent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81", - "isolated" : { - "fileaction" : "", - "state" : "not-isolated" - }, - "bundleid" : 14367283, - "requestsize" : 517, - "type" : "proxy", - "internalip" : "185.64.148.0", - "egress" : { - "ip" : "185.64.148.0", - "type" : "shared" - }, - "statuscode" : 303, - "datalossprevention" : { - "state" : "" - }, - "tenantcontrols" : false, - "identities" : [ { - "deleted" : false, - "id" : 617808138, - "label" : "DESKTOP-Test", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - }, { - "deleted" : false, - "id" : 617804059, - "label" : "Test", - "type" : { - "id" : 1, - "label" : "Networks", - "type" : "network" - } - } ], - "responsesize" : 746, - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 23, - "label" : "Search Engines", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "policy" : { - "timebasedrule" : false - }, - "timestamp" : 1701943235000, - "securityoverridden" : false, - "forwardingmethod" : "", - "warnstatus" : "", - "datacenter" : { - "label" : "Singapore, SG", - "id" : "SIN" - }, - "url" : "https://www.bing.com/api/shopping/v1/savings/user/readNotifications", - "contenttype" : "text/html", - "destinationip" : "", - "port" : 443, - "blockedfiletype" : "", - "verdict" : "allowed", - "time" : "10:00:35", - "responsefilename" : "" - } - result: - custom: - amp: - disposition: "" - malware: "" - score: 0 - blockedfiletype: "" - bundleid: 14367283 - categories: - - - deprecated: true - integration: false - id: 23 - label: "Search Engines" - type: "content" - - - deprecated: false - integration: false - id: 148 - label: "Application" - type: "application" - - - deprecated: false - integration: false - id: 190 - label: "Search Engines and Portals" - type: "content" - contenttype: "text/html" - datacenter: - id: "SIN" - label: "Singapore, SG" - datalossprevention: - state: "" - date: "2023-12-07" - egress: - ip: "185.64.148.0" - type: "shared" - forwardingmethod: "" - http: - method: "POST" - referer: "" - status_code: 303 - url: "https://www.bing.com/api/shopping/v1/savings/user/readNotifications" - url_details: - host: "www.bing.com" - path: "/api/shopping/v1/savings/user/readNotifications" - scheme: "https" - useragent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81" - useragent_details: - browser: - family: "Edge" - major: "116" - minor: "0" - patch: "1938" - patch_minor: "81" - device: - category: "Desktop" - family: "Other" - os: - family: "Windows" - major: "10" - identities: - - - deleted: false - id: 617808138 - label: "DESKTOP-Test" - type: - id: 9 - label: "Roaming Computers" - type: "roaming" - - - deleted: false - id: 617804059 - label: "Test" - type: - id: 1 - label: "Networks" - type: "network" - internalip: "185.64.148.0" - isolated: - fileaction: "" - state: "not-isolated" - network: - bytes_read: 517 - bytes_written: 746 - client: - geoip: - city: - name: "Paris" - continent: - code: "EU" - name: "Europe" - country: - iso_code: "FR" - name: "France" - ipAddress: "185.64.148.0" - location: - latitude: 48.90654 - longitude: 2.33339 - subdivision: - iso_code: "FR-IDF" - name: "Île-de-France" - timezone: "Europe/Paris" - ip: "185.64.148.0" - destination: - ip: "" - policy: - timebasedrule: false - policycategories: - - - deprecated: false - integration: false - id: 190 - label: "Search Engines and Portals" - type: "content" - port: 443 - requestsize: 517 - responsefilename: "" - responsesize: 746 - securityoverridden: false - sha256: "" - tenantcontrols: false - time: "10:00:35" - timestamp: 1701943235000 - type: "proxy" - verdict: "allowed" - warnstatus: "" - message: |- - { - "date" : "2023-12-07", - "referer" : "", - "requestmethod" : "POST", - "sha256" : "", - "amp" : { - "score" : 0, - "disposition" : "", - "malware" : "" - }, - "useragent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81", - "isolated" : { - "fileaction" : "", - "state" : "not-isolated" - }, - "bundleid" : 14367283, - "requestsize" : 517, - "type" : "proxy", - "internalip" : "185.64.148.0", - "egress" : { - "ip" : "185.64.148.0", - "type" : "shared" - }, - "statuscode" : 303, - "datalossprevention" : { - "state" : "" - }, - "tenantcontrols" : false, - "identities" : [ { - "deleted" : false, - "id" : 617808138, - "label" : "DESKTOP-Test", - "type" : { - "id" : 9, - "label" : "Roaming Computers", - "type" : "roaming" - } - }, { - "deleted" : false, - "id" : 617804059, - "label" : "Test", - "type" : { - "id" : 1, - "label" : "Networks", - "type" : "network" - } - } ], - "responsesize" : 746, - "policycategories" : [ { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "categories" : [ { - "deprecated" : true, - "integration" : false, - "id" : 23, - "label" : "Search Engines", - "type" : "content" - }, { - "deprecated" : false, - "integration" : false, - "id" : 148, - "label" : "Application", - "type" : "application" - }, { - "deprecated" : false, - "integration" : false, - "id" : 190, - "label" : "Search Engines and Portals", - "type" : "content" - } ], - "externalip" : "185.64.148.0", - "policy" : { - "timebasedrule" : false - }, - "timestamp" : 1701943235000, - "securityoverridden" : false, - "forwardingmethod" : "", - "warnstatus" : "", - "datacenter" : { - "label" : "Singapore, SG", - "id" : "SIN" - }, - "url" : "https://www.bing.com/api/shopping/v1/savings/user/readNotifications", - "contenttype" : "text/html", - "destinationip" : "", - "port" : 443, - "blockedfiletype" : "", - "verdict" : "allowed", - "time" : "10:00:35", - "responsefilename" : "" - } - tags: - - "source:LOGS_SOURCE" - timestamp: 1701943235000