diff --git a/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json index 3b27b1d5ef2..40362eb020f 100644 --- a/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json +++ b/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json @@ -75,7 +75,7 @@ }, { "Name": "breach_date", - "Type": "int" + "Type": "Int32" }, { "Name": "breach_description", @@ -119,7 +119,7 @@ }, { "Name": "cci", - "Type": "int" + "Type": "Int32" }, { "Name": "ccl", @@ -127,23 +127,23 @@ }, { "Name": "client_bytes", - "Type": "int" + "Type": "Int32" }, { "Name": "compliance_standards", - "Type": "dynamic" + "Type": "Object" }, { "Name": "conn_duration", - "Type": "int" + "Type": "Int32" }, { "Name": "conn_endtime", - "Type": "int" + "Type": "Int32" }, { "Name": "conn_starttime", - "Type": "int" + "Type": "Int32" }, { "Name": "connectionid", @@ -155,7 +155,7 @@ }, { "Name": "count_i", - "Type": "int" + "Type": "Int32" }, { "Name": "data_type", @@ -199,7 +199,7 @@ }, { "Name": "dlp_rule_count", - "Type": "int" + "Type": "Int32" }, { "Name": "dlp_rule_severity", @@ -207,7 +207,7 @@ }, { "Name": "dlp_unique_count", - "Type": "int" + "Type": "Int32" }, { "Name": "domain", @@ -219,11 +219,11 @@ }, { "Name": "dst_geoip_src", - "Type": "int" + "Type": "Int32" }, { "Name": "dst_latitude", - "Type": "int" + "Type": "Int32" }, { "Name": "dst_location", @@ -231,7 +231,7 @@ }, { "Name": "dst_longitude", - "Type": "int" + "Type": "Int32" }, { "Name": "dst_region", @@ -255,7 +255,7 @@ }, { "Name": "dstport", - "Type": "int" + "Type": "Int32" }, { "Name": "email_source", @@ -275,15 +275,15 @@ }, { "Name": "external_collaborator_count", - "Type": "int" + "Type": "Int32" }, { "Name": "external_email", - "Type": "int" + "Type": "Int32" }, { "Name": "file_cls_encrypted", - "Type": "boolean" + "Type": "SByte" }, { "Name": "file_lang", @@ -295,7 +295,7 @@ }, { "Name": "file_size", - "Type": "int" + "Type": "Int32" }, { "Name": "file_type", @@ -315,11 +315,11 @@ }, { "Name": "http_transaction_count", - "Type": "int" + "Type": "Int32" }, { "Name": "iaas_asset_tags", - "Type": "dynamic" + "Type": "Object" }, { "Name": "iaas_remediated", @@ -335,7 +335,7 @@ }, { "Name": "internal_collaborator_count", - "Type": "int" + "Type": "Int32" }, { "Name": "justification_reason", @@ -367,7 +367,7 @@ }, { "Name": "last_timestamp", - "Type": "int" + "Type": "Int32" }, { "Name": "log_file_name", @@ -379,7 +379,7 @@ }, { "Name": "malsite_category", - "Type": "dynamic" + "Type": "Object" }, { "Name": "malsite_country", @@ -395,11 +395,11 @@ }, { "Name": "malsite_latitude", - "Type": "int" + "Type": "Int32" }, { "Name": "malsite_longitude", - "Type": "int" + "Type": "Int32" }, { "Name": "malsite_region", @@ -427,7 +427,7 @@ }, { "Name": "modified", - "Type": "int" + "Type": "Int32" }, { "Name": "netskope_activity", @@ -447,7 +447,7 @@ }, { "Name": "numbytes", - "Type": "int" + "Type": "Int32" }, { "Name": "object", @@ -487,11 +487,11 @@ }, { "Name": "other_categories", - "Type": "dynamic" + "Type": "Object" }, { "Name": "outer_doc_type", - "Type": "int" + "Type": "Int32" }, { "Name": "owner", @@ -519,7 +519,7 @@ }, { "Name": "policy_actions", - "Type": "dynamic" + "Type": "Object" }, { "Name": "policy_id", @@ -547,7 +547,7 @@ }, { "Name": "req_cnt", - "Type": "int" + "Type": "Int32" }, { "Name": "requestid", @@ -563,11 +563,11 @@ }, { "Name": "resp_cnt", - "Type": "int" + "Type": "Int32" }, { "Name": "sa_profile_id", - "Type": "int" + "Type": "Int32" }, { "Name": "sa_profile_name", @@ -603,7 +603,7 @@ }, { "Name": "server_bytes", - "Type": "int" + "Type": "Int32" }, { "Name": "sessionid", @@ -619,7 +619,7 @@ }, { "Name": "severity_level_id", - "Type": "int" + "Type": "Int32" }, { "Name": "sfwder", @@ -647,11 +647,11 @@ }, { "Name": "src_geoip_src", - "Type": "int" + "Type": "Int32" }, { "Name": "src_latitude", - "Type": "int" + "Type": "Int32" }, { "Name": "src_location", @@ -659,7 +659,7 @@ }, { "Name": "src_longitude", - "Type": "int" + "Type": "Int32" }, { "Name": "src_region", @@ -683,7 +683,7 @@ }, { "Name": "suppression_end_time", - "Type": "int" + "Type": "Int32" }, { "Name": "suppression_key", @@ -691,7 +691,7 @@ }, { "Name": "suppression_start_time", - "Type": "int" + "Type": "Int32" }, { "Name": "telemetry_app", @@ -707,19 +707,19 @@ }, { "Name": "threat_source_id", - "Type": "int" + "Type": "Int32" }, { "Name": "threshold", - "Type": "int" + "Type": "Int32" }, { "Name": "threshold_time", - "Type": "int" + "Type": "Int32" }, { "Name": "timestamp", - "Type": "int" + "Type": "Int32" }, { "Name": "title_s", @@ -731,7 +731,7 @@ }, { "Name": "total_collaborator_count", - "Type": "int" + "Type": "Int32" }, { "Name": "traffic_type", @@ -804,6 +804,22 @@ { "Name": "web_universal_connector", "Type": "string" + }, + { + "Name": "TenantId", + "Type": "string" + }, + { + "Name": "Type", + "Type": "string" + }, + { + "Name": "_ResourceId", + "Type": "string" + }, + { + "Name": "_ItemId", + "Type": "string" } ] } \ No newline at end of file diff --git a/ASIM/dev/ASimTester/ASimTester.csv b/ASIM/dev/ASimTester/ASimTester.csv index 3c77e44d7b9..835348a78b1 100644 --- a/ASIM/dev/ASimTester/ASimTester.csv +++ b/ASIM/dev/ASimTester/ASimTester.csv @@ -221,7 +221,7 @@ AttackRemediationSteps,string,Recommended,AlertEvent,,,,, AttackTactics,string,Recommended,AlertEvent,,,,, AttackTechniques,string,Recommended,AlertEvent,,,,, CommandLine,string,Alias,ProcessEvent,,,TargetProcessCommandLine,, -DetectionMethod,string,Optional,AlertEvent,Enumerated,EDR|Behavioral Analytics|Reputation|Threat Intelligence|Intrusion Detection|Automated Investigation|Antivirus|Data Loss Prevention|User Defined Blocked List|Cloud Security Posture Management,,, +DetectionMethod,string,Optional,AlertEvent,Enumerated,EDR|Behavioral Analytics|Reputation|Threat Intelligence|Intrusion Detection|Automated Investigation|Antivirus|Data Loss Prevention|User Defined Blocked List|Cloud Security Posture Management|Cloud Application Security|Scheduled Alerts|Other,,, DhcpCircuitId,string,Optional,DhcpEvent,,,,, DhcpLeaseDuration,int,Optional,DhcpEvent,,,,, DhcpSessionDuration,int,Optional,DhcpEvent,,,,, diff --git a/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json b/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json index fb469969b89..f389e5d7991 100644 --- a/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json +++ b/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json @@ -27,7 +27,7 @@ "displayName": "Alert Event ASIM parser", "category": "ASIM", "FunctionAlias": "ASimAlertEvent", - "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeASimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser| where isnotempty(SourceSpecificParser));\nlet ASimBuiltInDisabled=toscalar('ExcludeASimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(pack:bool=false){\nunion isfuzzy=true\n vimAlertEventEmpty,\n ASimAlertEventBitdefenderGravityZone (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n ASimAlertEventMicrosoftDefenderXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventMicrosoftDefenderXDR' in (DisabledParsers)))),\n ASimAlertEventSentinelOneSingularity (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventSentinelOneSingularity' in (DisabledParsers)))),\n ASimAlertEventCiscoSecureEndpoint (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack)\n}; \nparser (pack=pack)\n", + "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeASimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser| where isnotempty(SourceSpecificParser));\nlet ASimBuiltInDisabled=toscalar('ExcludeASimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(pack:bool=false){\nunion isfuzzy=true\n vimAlertEventEmpty,\n ASimAlertEventBitdefenderGravityZone (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n ASimAlertEventMicrosoftDefenderXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventMicrosoftDefenderXDR' in (DisabledParsers)))),\n ASimAlertEventSentinelOneSingularity (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventSentinelOneSingularity' in (DisabledParsers)))),\n ASimAlertEventCiscoSecureEndpoint (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack),\n ASimAlertEventNetskopeSecurityCloud (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack)\n}; \nparser (pack=pack)\n", "version": 1, "functionParameters": "pack:bool=False" } diff --git a/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json new file mode 100644 index 00000000000..2d3309fa1cf --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "Workspace": { + "type": "string", + "metadata": { + "description": "The Microsoft Sentinel workspace into which the function will be deployed. Has to be in the selected Resource Group." + } + }, + "WorkspaceRegion": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The region of the selected workspace. The default value will use the Region selection above." + } + } + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2020-08-01", + "name": "[concat(parameters('Workspace'), '/ASimAlertEventNetskopeSecurityCloud')]", + "location": "[parameters('WorkspaceRegion')]", + "properties": { + "etag": "*", + "displayName": "Alert Event ASIM parser for Netskope Security Cloud", + "category": "ASIM", + "FunctionAlias": "ASimAlertEventNetskopeSecurityCloud", + "query": "let parser = (\n disabled:bool = false,\n pack:bool = false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"Antivirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic({})\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n disabled = disabled,\n pack = pack\n)", + "version": 1, + "functionParameters": "disabled:bool=False,pack:bool=False" + } + } + ] +} \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md new file mode 100644 index 00000000000..bd1c8f70142 --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md @@ -0,0 +1,21 @@ +# Netskope Security Cloud ASIM AlertEvent Normalization Parser + +ARM template for ASIM AlertEvent schema parser for Netskope Security Cloud. + +This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. + + +The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace. + +For more information, see: + +- [Normalization and the Advanced Security Information Model (ASIM)](https://aka.ms/AboutASIM) +- [Deploy all of ASIM](https://aka.ms/DeployASIM) +- [ASIM AlertEvent normalization schema reference](https://aka.ms/ASimAlertEventDoc) + +For the changelog, see: +- [CHANGELOG](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md) + +
+ +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FASimAlertEventNetskopeSecurityCloud%2FASimAlertEventNetskopeSecurityCloud.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FASimAlertEventNetskopeSecurityCloud%2FASimAlertEventNetskopeSecurityCloud.json) diff --git a/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json b/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json index 116a6320df8..ddec760b3c0 100644 --- a/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json +++ b/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json @@ -98,6 +98,26 @@ } } }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "linkedASimAlertEventNetskopeSecurityCloud", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "Workspace": { + "value": "[parameters('Workspace')]" + }, + "WorkspaceRegion": { + "value": "[parameters('WorkspaceRegion')]" + } + } + } + }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", @@ -238,6 +258,26 @@ } } }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "linkedvimAlertEventNetskopeSecurityCloud", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "Workspace": { + "value": "[parameters('Workspace')]" + }, + "WorkspaceRegion": { + "value": "[parameters('WorkspaceRegion')]" + } + } + } + }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", diff --git a/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json b/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json index f27cd3a9228..e8070a32928 100644 --- a/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json +++ b/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json @@ -27,7 +27,7 @@ "displayName": "Alert Event ASIM filtering parser", "category": "ASIM", "FunctionAlias": "imAlertEvent", - "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser | where isnotempty(SourceSpecificParser));\nlet vimBuiltInDisabled=toscalar('ExcludevimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(\n starttime: datetime=datetime(null), \n endtime: datetime=datetime(null), \n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n pack:bool=false)\n{\nunion isfuzzy=true\n vimAlertEventEmpty,\n vimAlertEventBitdefenderGravityZone (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n vimAlertEventMicrosoftDefenderXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertMicrosoftDefenderXDR' in (DisabledParsers)))),\n vimAlertEventSentinelOneSingularity (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertSentinelOneSingularity' in (DisabledParsers)))),\n vimAlertEventCiscoSecureEndpoint (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack)\n};\nparser (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, pack=pack)\n", + "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser | where isnotempty(SourceSpecificParser));\nlet vimBuiltInDisabled=toscalar('ExcludevimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(\n starttime: datetime=datetime(null), \n endtime: datetime=datetime(null), \n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n pack:bool=false)\n{\nunion isfuzzy=true\n vimAlertEventEmpty,\n vimAlertEventBitdefenderGravityZone (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n vimAlertEventMicrosoftDefenderXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertMicrosoftDefenderXDR' in (DisabledParsers)))),\n vimAlertEventSentinelOneSingularity (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertSentinelOneSingularity' in (DisabledParsers)))),\n vimAlertEventCiscoSecureEndpoint (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack),\n vimAlertEventNetskopeSecurityCloud (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack)\n};\nparser (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, pack=pack)\n", "version": 1, "functionParameters": "starttime:datetime=datetime(null),endtime:datetime=datetime(null),ipaddr_has_any_prefix:dynamic=dynamic([]),hostname_has_any:dynamic=dynamic([]),username_has_any:dynamic=dynamic([]),attacktactics_has_any:dynamic=dynamic([]),attacktechniques_has_any:dynamic=dynamic([]),threatcategory_has_any:dynamic=dynamic([]),alertverdict_has_any:dynamic=dynamic([]),eventseverity_has_any:dynamic=dynamic([]),pack:bool=False" } diff --git a/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md new file mode 100644 index 00000000000..d38392cddc1 --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md @@ -0,0 +1,21 @@ +# Netskope Security Cloud ASIM AlertEvent Normalization Parser + +ARM template for ASIM AlertEvent schema parser for Netskope Security Cloud. + +This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. + + +The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace. + +For more information, see: + +- [Normalization and the Advanced Security Information Model (ASIM)](https://aka.ms/AboutASIM) +- [Deploy all of ASIM](https://aka.ms/DeployASIM) +- [ASIM AlertEvent normalization schema reference](https://aka.ms/ASimAlertEventDoc) + +For the changelog, see: +- [CHANGELOG](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md) + +
+ +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FvimAlertEventNetskopeSecurityCloud%2FvimAlertEventNetskopeSecurityCloud.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FvimAlertEventNetskopeSecurityCloud%2FvimAlertEventNetskopeSecurityCloud.json) diff --git a/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json new file mode 100644 index 00000000000..701913b5648 --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "Workspace": { + "type": "string", + "metadata": { + "description": "The Microsoft Sentinel workspace into which the function will be deployed. Has to be in the selected Resource Group." + } + }, + "WorkspaceRegion": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The region of the selected workspace. The default value will use the Region selection above." + } + } + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2020-08-01", + "name": "[concat(parameters('Workspace'), '/vimAlertEventNetskopeSecurityCloud')]", + "location": "[parameters('WorkspaceRegion')]", + "properties": { + "etag": "*", + "displayName": "Alert Event ASIM parser for Netskope Security Cloud", + "category": "ASIM", + "FunctionAlias": "vimAlertEventNetskopeSecurityCloud", + "query": "let parser = (\n starttime: datetime=datetime(null),\n endtime: datetime=datetime(null),\n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n disabled: bool=false,\n pack: bool=false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | where (\n (isnull(starttime) or TimeGenerated >= starttime)\n and (isnull(endtime) or TimeGenerated <= endtime)\n and ((array_length(ipaddr_has_any_prefix) == 0) or (has_any_ipv4_prefix(userip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(srcip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(dstip, ipaddr_has_any_prefix)))\n and ((array_length(hostname_has_any) == 0) or (hostname has_any (hostname_has_any)))\n and ((array_length(username_has_any) == 0) or (user has_any (username_has_any)))\n and ((array_length(attacktactics_has_any) == 0)) // AttackTactics detail not available in this parser.\n and ((array_length(attacktechniques_has_any) == 0)) // AttackTechniques detail not available in this parser.\n // ThreatCategory filtering done later in the parser\n and ((array_length(alertverdict_has_any) == 0)) // AlertVerdict detail not available in this parser.\n // EventSeverity filtering done later in the parser\n )\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | where ((array_length(threatcategory_has_any) == 0) or (ThreatCategory has_any (threatcategory_has_any)))\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | where ((array_length(eventseverity_has_any) == 0 or EventSeverity has_any (eventseverity_has_any)))\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"Antivirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic({})\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n starttime = starttime,\n endtime = endtime,\n ipaddr_has_any_prefix = ipaddr_has_any_prefix,\n hostname_has_any = hostname_has_any,\n username_has_any = username_has_any,\n attacktactics_has_any = attacktactics_has_any,\n attacktechniques_has_any = attacktechniques_has_any,\n threatcategory_has_any = threatcategory_has_any,\n alertverdict_has_any = alertverdict_has_any,\n eventseverity_has_any = eventseverity_has_any,\n disabled = disabled,\n pack = pack\n)", + "version": 1, + "functionParameters": "starttime:datetime=datetime(null),endtime:datetime=datetime(null),ipaddr_has_any_prefix:dynamic=dynamic([]),hostname_has_any:dynamic=dynamic([]),username_has_any:dynamic=dynamic([]),attacktactics_has_any:dynamic=dynamic([]),attacktechniques_has_any:dynamic=dynamic([]),threatcategory_has_any:dynamic=dynamic([]),alertverdict_has_any:dynamic=dynamic([]),eventseverity_has_any:dynamic=dynamic([]),disabled:bool=False,pack:bool=False" + } + } + ] +} \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md index ea83ef1b344..65832a23a3d 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md @@ -1,5 +1,9 @@ # Changelog for ASimAlertEvent.yaml +## Version 0.1.4 + +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) + ## Version 0.1.3 - (2026-06-04) Palo Alto XDR - AlertEvent ASIM Parser - [PR #14401](https://github.com/Azure/Azure-Sentinel/pull/14401) diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md new file mode 100644 index 00000000000..779d96fac49 --- /dev/null +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md @@ -0,0 +1,5 @@ +# Changelog for ASimAlertEventNetskopeSecurityCloud.yaml + +## Version 0.1.0 + +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md index 638cc76d24a..f1348c2cb63 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md @@ -1,5 +1,9 @@ # Changelog for imAlertEvent.yaml +## Version 0.1.4 + +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) + ## Version 0.1.3 - (2026-06-04) Palo Alto XDR - AlertEvent ASIM Parser - [PR #14401](https://github.com/Azure/Azure-Sentinel/pull/14401) diff --git a/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md new file mode 100644 index 00000000000..41ae840a0a7 --- /dev/null +++ b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md @@ -0,0 +1,5 @@ +# Changelog for vimAlertEventNetskopeSecurityCloud.yaml + +## Version 0.1.0 + +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml b/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml index 025da4f35e0..d4ebd6e15b8 100644 --- a/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml +++ b/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml @@ -1,7 +1,7 @@ Parser: Title: Alert Event ASIM parser - Version: '0.1.3' - LastUpdated: Jun 03, 2026 + Version: '0.1.4' + LastUpdated: Jun 16, 2026 Product: Name: Source agnostic Normalization: @@ -23,6 +23,7 @@ Parsers: - _ASim_AlertEvent_SentinelOneSingularity - _ASim_AlertEvent_CiscoSecureEndpoint - _ASim_AlertEvent_PaloAltoXDR + - _ASim_AlertEvent_NetskopeSecurityCloud ParserParams: - Name: pack Type: bool @@ -37,6 +38,7 @@ ParserQuery: | ASimAlertEventMicrosoftDefenderXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventMicrosoftDefenderXDR' in (DisabledParsers)))), ASimAlertEventSentinelOneSingularity (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventSentinelOneSingularity' in (DisabledParsers)))), ASimAlertEventCiscoSecureEndpoint (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack), - ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack) + ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack), + ASimAlertEventNetskopeSecurityCloud (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack) }; parser (pack=pack) diff --git a/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml b/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml new file mode 100644 index 00000000000..6b61072e581 --- /dev/null +++ b/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml @@ -0,0 +1,215 @@ +Parser: + Title: Alert Event ASIM parser for Netskope Security Cloud + Version: '0.1.0' + LastUpdated: Jun 16, 2026 +Product: + Name: Netskope Security Cloud +Normalization: + Schema: AlertEvent + Version: '0.1' +References: +- Title: ASIM Alert Schema + Link: https://aka.ms/ASimAlertEventDoc +- Title: ASIM + Link: https://aka.ms/AboutASIM +- Title: Developer + Link: https://www.bluevoyant.com/ +- Title: Netskope Data Connector + Link: https://gist.githubusercontent.com/mitchellgulledge2/1a91f1aec2fc9ff6e053fb32cb1de897/raw/bc9f580e9c5c0234e72a383efd5ff6d28f05b496/sentinel_ccp_arm.json +Description: | + This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. +ParserName: ASimAlertEventNetskopeSecurityCloud +EquivalentBuiltInParser: _ASim_AlertEvent_NetskopeSecurityCloud +ParserParams: + - Name: disabled + Type: bool + Default: false + - Name: pack + Type: bool + Default: false +ParserQuery: | + let parser = ( + disabled:bool = false, + pack:bool = false + ) + { + NetskopeAlerts_CL + | where not(disabled) + | extend + EventStartTime = unixtime_seconds_todatetime(timestamp), + ThreatCategory = case( + category =~ "Blocked Risky URLs", "MaliciousUrl", + category in~ ("Aggressive", "Online Ads"), "Adware", + category in~ ( + "Forums", + "Web Hosting, ISP & Telco", + "Games", + "Customer Relationship Management", + "Pay To Surf", + "Real Estate", + "Finance/Accounting", + "App Admin Console", + "URL Shorteners", + "Financial News", + "Religion", + "Social & Affiliation Organizations", + "Auctions & Marketplaces", + "Entertainment", + "Gambling", + "Trading & Investing", + "Drugs" + ), "Security Policy Violation", + "Unknown" + ) + | extend + EventEndTime = EventStartTime, + TimeGenerated = EventStartTime, + EventSeverity = case( + severity =~ "high", "High", + severity =~ "medium", "Medium", + severity =~ "low", "Low", + severity =~ "informational", "Informational", + "Informational" + ) + | extend + EventSubType = case( + alert_type in~ ("malware", "c2", "malsite", "ips", "compromised credential"), "Threat", + alert_type in~ ("dlp", "policy"), "Compliance Violation", + alert_type =~ "uba", "Anomaly", + "" + ), + DetectionMethod = case( + alert_type =~ "dlp", "Data Loss Prevention", + alert_type =~ "malware", "Antivirus", + alert_type =~ "policy", "Cloud Application Security", + alert_type in~ ("c2", "ips"), "Intrusion Detection", + alert_type =~ "compromised credential", "Threat Intelligence", + alert_type =~ "uba", "Behavioral Analytics", + alert_type =~ "malsite", "Reputation", + "Other" + ), + FileName = iff( + tolower(tostring(object_type)) == "file", tostring(object), + "" + ), + DvcOriginalAction = tostring(action), + DvcAction = case( + action =~ "block", "Block", + action in~ ("allow", "proceed", "bypass", "alert", "useralert"), "Allow", + action in~ ("anomaly_detection", "detection"), "Detect", + "" + ), + EventResult = case( + action =~ "block", "Failure", + action in~ ("allow", "proceed", "bypass", "alert", "useralert", "anomaly_detection", "detection"), "Success", + "NA" + ), + _cat = tostring(category), + _app = tostring(app), + _desc = tostring(breach_description), + DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''), + DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '') + | extend + EventMessage = strcat( + trim(" ", tostring(alert_name)), + iff(isnotempty(_cat), strcat(" | Category: ", _cat), ""), + iff(isnotempty(_app), strcat(" | App: ", _app), ""), + iff(isnotempty(_desc), strcat(" | Breach Description: ", _desc), "") + ) + | project + TimeGenerated, + EventType = "Alert", + EventSchema = "AlertEvent", + EventSchemaVersion = "0.1", + EventVendor = "Netskope", + EventProduct = "Security Cloud", + EventCount = int(1), + EventStartTime, + EventEndTime, + EventSeverity, + EventOriginalSeverity = severity, + EventSubType, + EventResult, + EventOriginalResultDetails = action, + DvcId, + DvcIdType, + DvcIpAddr = userip, + DvcHostname = hostname, + DvcAction, + EventUid = _ItemId, + EventOriginalSubType = tostring(alert_type), + ThreatOriginalCategory = tostring(category), + ThreatCategory, + EventMessage, + DvcOs = case( + os has "windows", "Windows", + os_version startswith "windows", "Windows", + os has "Mac OS", "macOS", + os_version startswith "Mac", "macOS", + "" + ), + DvcOsVersion = os_version, + DetectionMethod, + AlertName = tostring(alert_name), + RuleName = tostring(policy), + DvcOriginalAction, + Username = tostring(user), + FileName, + FileSHA256 = sha256, + FileMD5 = md5, + Url = url, + Type, + AdditionalFields = iff( + pack, + bag_pack( + "AccessMethod", access_method, + "AlertType", alert_type, + "Action", action, + "Activity", activity, + "App", app, + "AppSessionId", tostring(coalesce(columnifexists("app_sessionid", ""), "")), + "AppCategory", appcategory, + "AppSuite", appsuite, + "Browser", browser, + "BrowserSessionId", tostring(coalesce(columnifexists("browser_sessionid", ""), "")), + "BrowserVersion", browser_version, + "CloudConfidenceIndex", cci, + "CloudConfidenceLevel", ccl, + "ConnectionId", tostring(coalesce(columnifexists("connectionid", ""), "")), + "MalsiteCategory", malsite_category, + "MalsiteCountry", malsite_country, + "Referer", referer, + "ObjectType", object_type, + "SourceIP", srcip, + "DestinationIP", dstip + ), + dynamic({}) + ) + | extend + UsernameType = case( + Username has "@", "UPN", + Username has @"\", "Windows", + isnotempty(Username), "Simple", + "" + ), + UserType = case( + isempty(Username), "Anonymous", + Username startswith "svc_" or Username startswith "svc-" or Username startswith "svc." or Username has "_svc@", "Service", + Username startswith "adm_" or Username startswith "adm-" or Username has "admin@", "Admin", + "Regular" + ) + //Aliases + | extend + AlertId = EventUid, + AlertDescription = EventMessage, + Rule = RuleName, + Hostname = DvcHostname, + IpAddr = DvcIpAddr, + User = Username, + Dvc = DvcHostname, + EventResultDetails = EventOriginalResultDetails + }; + parser( + disabled = disabled, + pack = pack + ) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml b/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml index 67b66f60b4d..20ddab9e775 100644 --- a/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml +++ b/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml @@ -1,7 +1,7 @@ Parser: Title: Alert Event ASIM filtering parser - Version: '0.1.3' - LastUpdated: Jun 03, 2026 + Version: '0.1.4' + LastUpdated: Jun 16, 2026 Product: Name: Source agnostic Normalization: @@ -23,6 +23,7 @@ Parsers: - _Im_AlertEvent_SentinelOneSingularity - _Im_AlertEvent_CiscoSecureEndpoint - _Im_AlertEvent_PaloAltoXDR + - _Im_AlertEvent_NetskopeSecurityCloud ParserParams: - Name: starttime Type: datetime @@ -79,6 +80,7 @@ ParserQuery: | vimAlertEventMicrosoftDefenderXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertMicrosoftDefenderXDR' in (DisabledParsers)))), vimAlertEventSentinelOneSingularity (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertSentinelOneSingularity' in (DisabledParsers)))), vimAlertEventCiscoSecureEndpoint (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack), - vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack) + vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack), + vimAlertEventNetskopeSecurityCloud (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack) }; parser (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, pack=pack) diff --git a/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml b/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml new file mode 100644 index 00000000000..234d363058c --- /dev/null +++ b/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml @@ -0,0 +1,279 @@ +Parser: + Title: Alert Event ASIM parser for Netskope Security Cloud + Version: '0.1.0' + LastUpdated: Jun 16, 2026 +Product: + Name: Netskope Security Cloud +Normalization: + Schema: AlertEvent + Version: '0.1' +References: +- Title: ASIM Alert Schema + Link: https://aka.ms/ASimAlertEventDoc +- Title: ASIM + Link: https://aka.ms/AboutASIM +- Title: Developer + Link: https://www.bluevoyant.com/ +- Title: Netskope Data Connector + Link: https://gist.githubusercontent.com/mitchellgulledge2/1a91f1aec2fc9ff6e053fb32cb1de897/raw/bc9f580e9c5c0234e72a383efd5ff6d28f05b496/sentinel_ccp_arm.json +Description: | + This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. +ParserName: vimAlertEventNetskopeSecurityCloud +EquivalentBuiltInParser: _Im_AlertEvent_NetskopeSecurityCloud +ParserParams: + - Name: starttime + Type: datetime + Default: datetime(null) + - Name: endtime + Type: datetime + Default: datetime(null) + - Name: ipaddr_has_any_prefix + Type: dynamic + Default: dynamic([]) + - Name: hostname_has_any + Type: dynamic + Default: dynamic([]) + - Name: username_has_any + Type: dynamic + Default: dynamic([]) + - Name: attacktactics_has_any + Type: dynamic + Default: dynamic([]) + - Name: attacktechniques_has_any + Type: dynamic + Default: dynamic([]) + - Name: threatcategory_has_any + Type: dynamic + Default: dynamic([]) + - Name: alertverdict_has_any + Type: dynamic + Default: dynamic([]) + - Name: eventseverity_has_any + Type: dynamic + Default: dynamic([]) + - Name: disabled + Type: bool + Default: false + - Name: pack + Type: bool + Default: false +ParserQuery: | + let parser = ( + starttime: datetime=datetime(null), + endtime: datetime=datetime(null), + ipaddr_has_any_prefix: dynamic=dynamic([]), + hostname_has_any: dynamic=dynamic([]), + username_has_any: dynamic=dynamic([]), + attacktactics_has_any: dynamic=dynamic([]), + attacktechniques_has_any: dynamic=dynamic([]), + threatcategory_has_any: dynamic=dynamic([]), + alertverdict_has_any: dynamic=dynamic([]), + eventseverity_has_any: dynamic=dynamic([]), + disabled: bool=false, + pack: bool=false + ) + { + NetskopeAlerts_CL + | where not(disabled) + | where ( + (isnull(starttime) or TimeGenerated >= starttime) + and (isnull(endtime) or TimeGenerated <= endtime) + and ((array_length(ipaddr_has_any_prefix) == 0) or (has_any_ipv4_prefix(userip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(srcip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(dstip, ipaddr_has_any_prefix))) + and ((array_length(hostname_has_any) == 0) or (hostname has_any (hostname_has_any))) + and ((array_length(username_has_any) == 0) or (user has_any (username_has_any))) + and ((array_length(attacktactics_has_any) == 0)) // AttackTactics detail not available in this parser. + and ((array_length(attacktechniques_has_any) == 0)) // AttackTechniques detail not available in this parser. + // ThreatCategory filtering done later in the parser + and ((array_length(alertverdict_has_any) == 0)) // AlertVerdict detail not available in this parser. + // EventSeverity filtering done later in the parser + ) + | extend + EventStartTime = unixtime_seconds_todatetime(timestamp), + ThreatCategory = case( + category =~ "Blocked Risky URLs", "MaliciousUrl", + category in~ ("Aggressive", "Online Ads"), "Adware", + category in~ ( + "Forums", + "Web Hosting, ISP & Telco", + "Games", + "Customer Relationship Management", + "Pay To Surf", + "Real Estate", + "Finance/Accounting", + "App Admin Console", + "URL Shorteners", + "Financial News", + "Religion", + "Social & Affiliation Organizations", + "Auctions & Marketplaces", + "Entertainment", + "Gambling", + "Trading & Investing", + "Drugs" + ), "Security Policy Violation", + "Unknown" + ) + | where ((array_length(threatcategory_has_any) == 0) or (ThreatCategory has_any (threatcategory_has_any))) + | extend + EventEndTime = EventStartTime, + TimeGenerated = EventStartTime, + EventSeverity = case( + severity =~ "high", "High", + severity =~ "medium", "Medium", + severity =~ "low", "Low", + severity =~ "informational", "Informational", + "Informational" + ) + | where ((array_length(eventseverity_has_any) == 0 or EventSeverity has_any (eventseverity_has_any))) + | extend + EventSubType = case( + alert_type in~ ("malware", "c2", "malsite", "ips", "compromised credential"), "Threat", + alert_type in~ ("dlp", "policy"), "Compliance Violation", + alert_type =~ "uba", "Anomaly", + "" + ), + DetectionMethod = case( + alert_type =~ "dlp", "Data Loss Prevention", + alert_type =~ "malware", "Antivirus", + alert_type =~ "policy", "Cloud Application Security", + alert_type in~ ("c2", "ips"), "Intrusion Detection", + alert_type =~ "compromised credential", "Threat Intelligence", + alert_type =~ "uba", "Behavioral Analytics", + alert_type =~ "malsite", "Reputation", + "Other" + ), + FileName = iff( + tolower(tostring(object_type)) == "file", tostring(object), + "" + ), + DvcOriginalAction = tostring(action), + DvcAction = case( + action =~ "block", "Block", + action in~ ("allow", "proceed", "bypass", "alert", "useralert"), "Allow", + action in~ ("anomaly_detection", "detection"), "Detect", + "" + ), + EventResult = case( + action =~ "block", "Failure", + action in~ ("allow", "proceed", "bypass", "alert", "useralert", "anomaly_detection", "detection"), "Success", + "NA" + ), + _cat = tostring(category), + _app = tostring(app), + _desc = tostring(breach_description), + DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''), + DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '') + | extend + EventMessage = strcat( + trim(" ", tostring(alert_name)), + iff(isnotempty(_cat), strcat(" | Category: ", _cat), ""), + iff(isnotempty(_app), strcat(" | App: ", _app), ""), + iff(isnotempty(_desc), strcat(" | Breach Description: ", _desc), "") + ) + | project + TimeGenerated, + EventType = "Alert", + EventSchema = "AlertEvent", + EventSchemaVersion = "0.1", + EventVendor = "Netskope", + EventProduct = "Security Cloud", + EventCount = int(1), + EventStartTime, + EventEndTime, + EventSeverity, + EventOriginalSeverity = severity, + EventSubType, + EventResult, + EventOriginalResultDetails = action, + DvcId, + DvcIdType, + DvcIpAddr = userip, + DvcHostname = hostname, + DvcAction, + EventUid = _ItemId, + EventOriginalSubType = tostring(alert_type), + ThreatOriginalCategory = tostring(category), + ThreatCategory, + EventMessage, + DvcOs = case( + os has "windows", "Windows", + os_version startswith "windows", "Windows", + os has "Mac OS", "macOS", + os_version startswith "Mac", "macOS", + "" + ), + DvcOsVersion = os_version, + DetectionMethod, + AlertName = tostring(alert_name), + RuleName = tostring(policy), + DvcOriginalAction, + Username = tostring(user), + FileName, + FileSHA256 = sha256, + FileMD5 = md5, + Url = url, + Type, + AdditionalFields = iff( + pack, + bag_pack( + "AccessMethod", access_method, + "AlertType", alert_type, + "Action", action, + "Activity", activity, + "App", app, + "AppSessionId", tostring(coalesce(columnifexists("app_sessionid", ""), "")), + "AppCategory", appcategory, + "AppSuite", appsuite, + "Browser", browser, + "BrowserSessionId", tostring(coalesce(columnifexists("browser_sessionid", ""), "")), + "BrowserVersion", browser_version, + "CloudConfidenceIndex", cci, + "CloudConfidenceLevel", ccl, + "ConnectionId", tostring(coalesce(columnifexists("connectionid", ""), "")), + "MalsiteCategory", malsite_category, + "MalsiteCountry", malsite_country, + "Referer", referer, + "ObjectType", object_type, + "SourceIP", srcip, + "DestinationIP", dstip + ), + dynamic({}) + ) + | extend + UsernameType = case( + Username has "@", "UPN", + Username has @"\", "Windows", + isnotempty(Username), "Simple", + "" + ), + UserType = case( + isempty(Username), "Anonymous", + Username startswith "svc_" or Username startswith "svc-" or Username startswith "svc." or Username has "_svc@", "Service", + Username startswith "adm_" or Username startswith "adm-" or Username has "admin@", "Admin", + "Regular" + ) + //Aliases + | extend + AlertId = EventUid, + AlertDescription = EventMessage, + Rule = RuleName, + Hostname = DvcHostname, + IpAddr = DvcIpAddr, + User = Username, + Dvc = DvcHostname, + EventResultDetails = EventOriginalResultDetails + }; + parser( + starttime = starttime, + endtime = endtime, + ipaddr_has_any_prefix = ipaddr_has_any_prefix, + hostname_has_any = hostname_has_any, + username_has_any = username_has_any, + attacktactics_has_any = attacktactics_has_any, + attacktechniques_has_any = attacktechniques_has_any, + threatcategory_has_any = threatcategory_has_any, + alertverdict_has_any = alertverdict_has_any, + eventseverity_has_any = eventseverity_has_any, + disabled = disabled, + pack = pack + ) \ No newline at end of file diff --git a/Sample Data/ASIM/Netskope_Security Cloud_AlertEvent_IngestedLogs.csv b/Sample Data/ASIM/Netskope_Security Cloud_AlertEvent_IngestedLogs.csv new file mode 100644 index 00000000000..6efd6bca031 --- /dev/null +++ b/Sample Data/ASIM/Netskope_Security Cloud_AlertEvent_IngestedLogs.csv @@ -0,0 +1,101 @@ +TimeGenerated [UTC],access_method,account_id,account_name,acked,action,activity,alert,alert_id,alert_name,alert_type,app,app_activity,app_sessionid,appcategory,appsuite,asset_id,asset_object_id,breach_date,breach_description,breach_id,breach_media_references,breach_score,breach_target_references,browser,browser_sessionid,browser_version,bypass_traffic,category,cci,ccl,client_bytes,compliance_standards,conn_duration,conn_endtime,conn_starttime,connectionid,CononicalName,count_i,data_type,device,device_classification,dlp_file,dlp_incidentid,dlp_is_unique_count,dlp_mail_parent_id,dlp_parentid,dlp_profile,dlp_rule,dlp_rule_count,dlp_rule_severity,dlp_unique_count,domain,dst_country,dst_geoip_src,dst_latitude,dst_location,dst_longitude,dst_region,dst_timezone,dst_zipcode,dstip,dsthost,dstport,email_source,event_type,evt_src_chnl,exposure,external_collaborator_count,external_email,file_cls_encrypted,file_lang,file_path,file_size,file_type,from_user,fromlogs,hostname,http_transaction_count,iaas_asset_tags,iaas_remediated,instance,instance_id,internal_collaborator_count,justification_reason,justification_type,last_app,last_country,last_device,last_location,last_region,last_timestamp,log_file_name,malicious,malsite_category,malsite_country,malsite_id,malsite_ip_host,malsite_latitude,malsite_longitude,malsite_region,managed_app,managementID,matched_username,md5,mime_type,modified,netskope_activity,netskope_pop,notify_template,nsdeviceuid,numbytes,object,object_id,object_type,org,organization_unit,orig_ty,orignal_file_path,os,os_version,other_categories,outer_doc_type,owner,page,page_site,parent_id,password_type,policy,policy_actions,policy_id,profile_id,protocol,referer,region_id,region_name,req_cnt,requestid,resource_category,resource_group,resp_cnt,sa_profile_id,sa_profile_name,sa_rule_id,sa_rule_name,sa_rule_severity,sAMAccountName,sanctioned_instance,scan_type,serial,server_bytes,sessionid,severity,severity_level,severity_level_id,sfwder,sha256,shared_domains,shared_with,site,src_country,src_geoip_src,src_latitude,src_location,src_longitude,src_region,src_time,src_timezone,src_zipcode,srcip,suppression_end_time,suppression_key,suppression_start_time,telemetry_app,threat_match_field,threat_match_value,threat_source_id,threshold,threshold_time,timestamp,title_s,to_object,total_collaborator_count,traffic_type,transactionid,true_obj_category,true_obj_type,tss_mode,two_factor_auth,type_s,universal_connector,ur_normalized,url,user,user_generated,user_id,useragent,userip,userkey,userPrincipalName,web_universal_connector,TenantId,Type,_ResourceId +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,52.138.229.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,,,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852352174846977,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Hendon,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,NW4,82.30.253.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,vanessa.kumar@corporate.com,eu-teams.events.data.microsoft.com,Pramodini.Nayak@corporate.com,,,,192.168.0.14,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,13.69.239.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-office.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852357233413889,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:41 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,thomas.wilson@corporate.com,eu-office.events.data.microsoft.com,reuben.ramesh@corporate.com,,,,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,22747,48.211.4.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,settings-win.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853375819866113,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,50,Brighton,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,N/A,217.65.134.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,sarah.patel@corporate.com,settings-win.data.microsoft.com,james.heath@corporate.com,,,,10.101.3.13,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Response,yes,,[WEB] All Sector Web Access,policy,Anthropic Claude,,4446167814681716819,Generative AI,,,,,,,,,,,5761591961372255990,,,All Sector Websites,83,high,0,,0,,,8016351051001150293,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,160.79.104.0,,443,,,,,0,,,,,1414,text/plain,,,Corporate-9364,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,5254500b6c6747d3e7c808bff4cf5303,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,Message,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""Engineering"",""Generative AI"",""Generative AI - Tools and Stores""]",,,api.anthropic.com,Anthropic,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,585895169767630047,,,0,,,,,,,,,,0,,,,,,,,,Anthropic,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:42 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,1552339606481747543,,,,,nspolicy,,derek.johnson@corporate.com,api.anthropic.com/v1/messages,Mansi.Pandey@corporate.com,,,"claude-cli/2.1.177 (external, cli)",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,N/A,20.42.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,self.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852504461628673,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,50,Haywards Heath,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,RH16,109.150.120.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,linda.martinez@corporate.com,self.events.data.microsoft.com,Anthony.Newman@corporate.com,,,,192.168.68.70,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4431870242258108579,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:41 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591201,,,0,Web,4431870242258108579,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:40.000",Client,,,FALSE,alert,Upload,yes,,[WEB] All Sector Web Access,policy,Microsoft Edge,,4177921831347134248,Technology,,,,,,,,,,Chrome,119298968245144067,,,All Sector Websites,72,medium,0,,0,,,0,,1,application/octet-stream,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.27.0,,443,,,,,0,,,,,5266,Plain Text file,,,Corporate-93266,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,dc848a6dec2ca7a14082d6fd628dab94,,0,,,,BD462FDF-D4FB-9286-8C32-4322B768C431,0,,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=uYKogYRfE0ceE%2FJzrJPt7w%3D%3D,microsoft,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,5287969727838090829,,,0,,,,,,,,,,0,,unknown,,,,d2c10b214515b4a115f1244e6d621c634776fcb08099a20132c562c8860f6be0,,,Microsoft Edge,GB,0,52,Birmingham,-2,England,Tue Jun 16 07:26:40 2026,Europe/London,B6,31.94.70.0,0,,0,,,,0,,,1781591200,,,0,CloudApp,5287969727838090829,,,inline,,nspolicy,yes,emma.fitzgerald@corporate.com,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/,francis.purcell@corporate.com,,,Chrome WIN 149.0.4022.62 (068a180137b01f28d261b1343e49c85b6348d4f5) channel(stable),192.168.1.29,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4997919106262660520,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:41 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591201,,,0,Web,4997919106262660520,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,block,Browse,yes,,[WEB] Prohibited Sites,policy,Atlassian Jira Software,,4487093888799611826,Development Tools,Atlassian,,,,,,,,,Safari,3743399434542224550,26.5,,Prohibited Sites,84,high,0,,0,,,0,,1,,Mac Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,98073,13.107.137.0,,443,,,,,0,,,,,0,,,,HP42MPQD23,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,1.html,8273DDC0-5708-50CF-BBAE-010879101BA8,0,,,,,,,,Mac OS,Mac OSX 26.5.0,"[""Prohibited Sites"",""All Categories"",""DLP All Categories "",""Marketing"",""File Transfers"",""Cloud Storage"",""Engineering"",""Development Tools""]",,,onedrive.live.com/favicon.ico,live,,,[WEB] Prohibited Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,https://myhouse.atlassian.net/,,,0,1853767612842718881,,,0,,,,,,,,,,0,,unknown,,,,,,,Atlassian - JIRA,IN,0,18,Pune,73,Maharashtra,Tue Jun 16 11:56:41 2026,Asia/Kolkata,411007,49.36.56.0,0,,0,Microsoft OneDrive,,,0,,,1781591201,,,0,CloudApp,1853767612842718881,,,,,nspolicy,,robert.sharma@corporate.com,onedrive.live.com/favicon.ico,priyanka.burde@corporate.com,,,"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.5 Safari/605.1.15",192.168.29.13,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Arlington,-78,Virginia,America/New_York,22226,52.188.247.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,eastus-8.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852796418741505,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,52,Coalville,-2,England,Tue Jun 16 07:26:41 2026,Europe/London,LE67,90.248.115.0,0,,0,,,,0,,,1781591201,,,0,CloudApp,0,,,,,nspolicy,,jessica.turner@corporate.com,eastus-8.in.applicationinsights.azure.com,Lucy.Crook@corporate.com,,,,192.168.1.75,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.113.176.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westeurope-5.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852295803588097,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,Tottenham,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,N17,94.2.57.0,0,,0,,,,0,,,1781591201,,,0,CloudApp,0,,,,,nspolicy,,nathan.cole@corporate.com,westeurope-5.in.applicationinsights.azure.com,oliver.thompson@corporate.com,,,,192.168.68.65,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,FR,0,48,Paris,2,Île-de-France,Europe/Paris,75001,51.11.192.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393849919520560897,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,53,Chorley,-3,England,Tue Jun 16 07:26:43 2026,Europe/London,PR7,86.179.133.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,maria.edwards@corporate.com,eu-teams.events.data.microsoft.com,Peter.Norris@corporate.com,,,,192.168.1.237,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852768745043459,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591202,,,0,Web,0,,,,,nspolicy,,daniel.hayes@corporate.com,winatp-gw-neu.microsoft.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.109.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,res.cdn.office.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852922936047105,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,0,,,,,nspolicy,,daniel.hayes@corporate.com,res.cdn.office.net,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,832221445352398182,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,832221445352398182,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:22.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Microsoft Office 365 Sharepoint Online,,6394965475309242090,Collaboration,Office365,,,,,,,,,Native,3375680068702254064,,,All Sector Websites,91,excellent,0,,0,,,5089105323273154939,,2,,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,98073,13.107.138.0,,443,,,,,0,,,,,0,application/x-empty,john.peters@corporate.com,,Corporate-4485,,,,,Corporate,0,,,,,,,,,,,[],,,,,,,no,,,d41d8cd98f00b204e9800998ecf8427e,,0,,,,39538DFA-6902-EAE4-1635-294AF4E2A4CE,0,creditreportxlsx,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""BDMs"",""Marketing"",""Underwriting and Recoveries"",""Relationship Managers"",""Custom-123"",""Corporate No DLP User Alerts"",""All Categories"",""Asset Finance"",""Technology"",""Collaboration""]",,,Corporate.sharepoint.com,Microsoft Office 365 Sharepoint Sites,/sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,9019506608313725876,,,0,,,,,,,Yes,,,0,,unknown,,,,,,,Microsoft Office 365 Sharepoint Sites,GB,0,51,Windsor,-1,England,Tue Jun 16 07:26:22 2026,Europe/London,SL4,134.65.142.0,1781591202,,1781591182,,,,0,,,1781591182,,,0,CloudApp,9019506608313725876,,,,,nspolicy,,patricia.roy@corporate.com,Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService,john.peters@corporate.com,,,Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb),192.168.68.115,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,23,Ahmedabad,72,Gujarat,Asia/Kolkata,380001,23.58.95.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,res.cdn.office.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852411591326979,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,IN,0,23,Ahmedabad,72,Gujarat,Tue Jun 16 11:56:42 2026,Asia/Kolkata,380008,106.194.78.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,0,,,,,nspolicy,,amit.verma@corporate.com,res.cdn.office.net,Piyush.Jayswal@corporate.com,,,,172.20.10.4,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,97742837984121794,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,97742837984121794,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8790388499610240949,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,8790388499610240949,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,1026375107878931682,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,1026375107878931682,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,1708876711254208367,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,3815549169259536272,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-4573,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,01738383-705F-1C08-CA58-1B9D8FA51971,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469985555.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,5577809861853533151,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,51,Greenwich,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,SE10,82.5.65.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,5577809861853533151,,,,,nspolicy,,brian.foster@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Josh.Eldridge@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.0.204,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v20.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853441897066243,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Kensington,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,SW3,62.49.203.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,rachel.dean@corporate.com,eu-v20.events.data.microsoft.com,NICK.VOSS@corporate.com,,,,192.168.68.52,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Microsoft Office 365 Sharepoint Online,,6394965475309242090,Collaboration,Office365,,,,,,,,,Native,3375680068702254064,,,All Sector Websites,91,excellent,0,,0,,,5089105323273154939,,1,,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,98073,13.107.138.0,,443,,,,,0,,,,,0,application/x-empty,john.peters@corporate.com,,Corporate-4485,,,,,Corporate,0,,,,,,,,,,,[],,,,,,,no,,,d41d8cd98f00b204e9800998ecf8427e,,0,,,,39538DFA-6902-EAE4-1635-294AF4E2A4CE,0,creditreportxlsx,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""BDMs"",""Marketing"",""Underwriting and Recoveries"",""Relationship Managers"",""Custom-123"",""Corporate No DLP User Alerts"",""All Categories"",""Asset Finance"",""Technology"",""Collaboration""]",,,Corporate.sharepoint.com,Microsoft Office 365 Sharepoint Sites,/sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7993109372101449573,,,0,,,,,,,Yes,,,0,,unknown,,,,,,,Microsoft Office 365 Sharepoint Sites,GB,0,51,Windsor,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,SL4,134.65.142.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,7993109372101449573,,,,,nspolicy,,patricia.roy@corporate.com,Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService,john.peters@corporate.com,,,Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb),192.168.68.115,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6585949069064830580,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,6585949069064830580,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,W1U,2.18.190.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,statics.teams.cdn.office.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853439925762305,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,50,Dawlish,-4,England,Tue Jun 16 07:26:43 2026,Europe/London,EX7,2.123.56.0,0,,0,,,,0,,,1781591203,,,0,CloudApp,0,,,,,nspolicy,,steven.murphy@corporate.com,statics.teams.cdn.office.net,Danny.McMurdo@corporate.com,,,,192.168.0.113,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,13.89.179.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853328290418689,,,0,,,,,,,,,,0,,,,,,,,,,PL,0,51,Lubartów,22,Lublin,Tue Jun 16 08:26:44 2026,Europe/Warsaw,21-100,46.151.187.0,0,,0,,,,0,,,1781591204,,,0,Web,0,,,,,nspolicy,,pawel.kowalski@corporate.com,mobile.events.data.microsoft.com,Tomasz.Kucharzyk@corporate.com,,,,192.168.68.53,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852734913787393,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591203,,,0,CloudApp,0,,,,,nspolicy,,daniel.hayes@corporate.com,login.microsoftonline.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,W1U,23.214.208.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,iadsdk.apple.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393849215380776961,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:43 2026,Europe/London,G12,81.157.158.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,vikram.reddy@corporate.com,iadsdk.apple.com,anudeep.kattamuri@corporate.com,,,,192.168.1.120,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,18,Pune,73,Maharashtra,Asia/Kolkata,411005,20.190.146.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852945408803585,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:44 2026,Asia/Kolkata,562130,122.172.83.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,sneha.nair@corporate.com,login.microsoftonline.com,Hridya.Raj@corporate.com,,,,192.168.1.2,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.113.176.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westeurope-5.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852402590403841,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:44 2026,Europe/London,EC4R,18.168.47.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,jordan.cooper@corporate.com,westeurope-5.in.applicationinsights.azure.com,Ashley.Bailey@corporate.com,,,,192.168.23.18,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,72.145.59.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853444547744257,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:44 2026,Asia/Kolkata,562130,223.181.111.0,0,,0,,,,0,,,1781591204,,,0,Web,0,,,,,nspolicy,,rajesh.iyer@corporate.com,winatp-gw-neu.microsoft.com,Sasidhar.Shenoy@corporate.com,,,,192.168.1.20,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.189.172.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westus-0.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853446410073857,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,Canary Wharf,-1,England,Tue Jun 16 07:26:44 2026,Europe/London,E14,5.253.252.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,timothy.flynn@corporate.com,westus-0.in.applicationinsights.azure.com,John.Duggan@corporate.com,,,,10.16.1.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852808112669441,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Ilford,0,England,Tue Jun 16 07:26:43 2026,Europe/London,IG1,31.94.56.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,paul.harrison@corporate.com,winatp-gw-neu.microsoft.com,ian.francis@corporate.com,,,,10.0.98.139,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:40.000",Client,,,FALSE,alert,Upload,yes,,[WEB] All Sector Web Access,policy,Microsoft Edge,,6055177101387891139,Technology,,,,,,,,,,Chrome,2382959896824642836,,,All Sector Websites,72,medium,0,,0,,,0,,1,application/octet-stream,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.28.0,,443,,,,,0,,,,,53575,Unicode text file,,,Corporate-7590,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,920f709968056934a89704455278e76e,,0,,,,0EDF2337-221C-FC1F-F183-623715444C2D,0,,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=oxgtO83ZD8SfssrA5F4LGQ%3D%3D,microsoft,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,2618767518737324206,,,0,,,,,,,,,,0,,unknown,,,,d1bf1904c6f9d79f0fd8551fa711831cd71cb61535619066a051e6f952286182,,,Microsoft Edge,GB,0,53,Liverpool,-3,England,Tue Jun 16 07:26:40 2026,Europe/London,L1,2.125.131.0,0,,0,,,,0,,,1781591200,,,0,CloudApp,2618767518737324206,,,inline,,nspolicy,yes,alan.douglas@corporate.com,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/,Mike.Gribben@corporate.com,,,Chrome WIN 149.0.4022.69 (6c7df6d8a61da958d863a718cc0403efd161d40d) channel(stable),192.168.0.31,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8663864056354055490,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,8663864056354055490,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,3706353385689057456,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,3706353385689057456,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,74.178.240.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,tas02.cws.update.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853425304355073,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:44 2026,Europe/London,G14,46.65.52.0,0,,0,,,,0,,,1781591204,,,0,Web,0,,,,,nspolicy,,marcus.grant@corporate.com,tas02.cws.update.microsoft.com,Brian.Bovell@corporate.com,,,,192.168.0.137,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6056427765594716528,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,6056427765594716528,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,52.236.189.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,r.manage.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852955701949953,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,daniel.hayes@corporate.com,r.manage.microsoft.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,19,Mumbai,72,Maharashtra,Asia/Kolkata,400017,17.253.18.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,ocsp2.apple.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852930451994113,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,11,Coimbatore,76,Tamil Nadu,Tue Jun 16 11:56:43 2026,Asia/Kolkata,641011,223.185.26.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,arjun.krishnan@corporate.com,ocsp2.apple.com,Jai.Senthilkumar@corporate.com,,,,192.168.0.149,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,ChatGPT,,0,Generative AI,,,,,,,,,,,0,,,Generative AI,64,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,104.18.32.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""Generative AI"",""Engineering"",""Marketing"",""DLP All Categories "",""All Categories"",""Technology""]",,,ab.chatgpt.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852189176228097,,,0,,,,,,,,,,0,,,,,,,,,ChatGPT,DE,0,49,Nuremberg,11,Bavaria,Tue Jun 16 08:26:44 2026,Europe/Berlin,90419,77.25.22.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,felix.weber@corporate.com,ab.chatgpt.com,Alexander.Schmolck@corporate.com,,,,192.168.0.162,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,block,Browse,yes,,[Utility] DNS over HTTPS,policy,DNS Over HTTPS,,5754666634689974621,General,,,,,,,,,,Chrome,3663950846471756290,,,General,,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,Mountain View,-123,California,America/Los_Angeles,N/A,8.8.8.0,,443,,,,,0,,,,,0,,,,Corporate-6069,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,silent_block.html,4738C42D-C0B6-D106-5B14-2A66FDD66B73,0,,,,,,,,Windows 11,Windows NT 11.0,"[""General"",""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,dns,,,[Utility] DNS over HTTPS,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7651958669119122990,,,0,,,,,,,,,,0,,unknown,,,,,,,DOH,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:44 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,7651958669119122990,,,,,nspolicy,,thomas.wilson@corporate.com,dns.google/dns-query,reuben.ramesh@corporate.com,,,Chrome,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853341284074245,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,52,Bedford,-1,England,Tue Jun 16 07:26:44 2026,Europe/London,MK42,5.69.118.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,jason.miller@corporate.com,login.microsoftonline.com,steve.smith@corporate.com,,,,192.168.0.25,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8584411413143272213,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,8584411413143272213,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,2234760899676255905,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,2234760899676255905,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853432996767233,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,London,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,N/A,31.94.18.0,0,,0,,,,0,,,1781591202,,,0,Web,0,,,,,nspolicy,,dimitri.stavros@corporate.com,winatp-gw-neu.microsoft.com,Konstantinos.Pagonas@corporate.com,,,,172.20.10.8,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,73473666834719211,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,73473666834719211,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,block,Browse,yes,,[Utility] DNS over HTTPS,policy,DNS Over HTTPS,,5754666634689974621,General,,,,,,,,,,Chrome,3663950846471756290,,,General,,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,Mountain View,-123,California,America/Los_Angeles,N/A,8.8.8.0,,443,,,,,0,,,,,0,,,,Corporate-6069,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,silent_block.html,4738C42D-C0B6-D106-5B14-2A66FDD66B73,0,,,,,,,,Windows 11,Windows NT 11.0,"[""General"",""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,dns,,,[Utility] DNS over HTTPS,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,1122210977986776659,,,0,,,,,,,,,,0,,unknown,,,,,,,DOH,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:44 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,1122210977986776659,,,,,nspolicy,,thomas.wilson@corporate.com,dns.google/dns-query,reuben.ramesh@corporate.com,,,Chrome,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,13.69.109.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852540901754113,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,South Croydon,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,CR2,90.253.104.0,0,,0,,,,0,,,1781591205,,,0,Web,0,,,,,nspolicy,,claire.robinson@corporate.com,eu-mobile.events.data.microsoft.com,Morgan.Walker@corporate.com,,,,192.168.1.178,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,13.89.179.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853455964664335,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,19,Pālghar,72,Maharashtra,Tue Jun 16 11:56:45 2026,Asia/Kolkata,401404,103.217.128.0,0,,0,,,,0,,,1781591205,,,0,Web,0,,,,,nspolicy,,neha.kapoor@corporate.com,mobile.events.data.microsoft.com,Mittali.Taurani@corporate.com,,,,192.168.1.39,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure DevOps,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,29,San Antonio,-99,Texas,America/Chicago,78288,23.100.122.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Engineering"",""Marketing"",""Development Tools"",""Platforms"",""All Categories"",""Technology""]",,,rt.services.visualstudio.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393850142254775809,,,0,,,,,,,,,,0,,,,,,,,,Visual Studio,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:45 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,derek.johnson@corporate.com,rt.services.visualstudio.com,Mansi.Pandey@corporate.com,,,,192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Post,yes,,[WEB] All Sector Web Access,policy,Anthropic Claude,,9115015412155731128,Generative AI,,,,,,,,,,,722979866996278186,,,All Sector Websites,83,high,0,,0,,,9215221511256502607,,1,,Mac Device,managed,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,160.79.104.0,,443,,,,,0,,,,,962,text/plain,,,HP6VRPXG3P6,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,54c809c37479543154c3640e32d872cc,,0,,,,D0FE0218-8F8A-53B2-0DEB-281635052363,0,,,Message,,,,,Mac OS,Mac OSX 26.5.1,"[""All Sector Websites"",""Engineering"",""Generative AI"",""Generative AI - Tools and Stores""]",,,api.anthropic.com,Anthropic,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,3650952565633792930,,,0,,,,,,,,,,0,,,,,,8cea17bdc1bc01cae94ea1d9c61adcee16229e39593ddd47de3f54a7e90f0b0c,,,Anthropic,IN,0,28,Gurugram,77,Haryana,Tue Jun 16 11:56:45 2026,Asia/Kolkata,122001,182.69.182.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,3650952565633792930,,,,,nspolicy,,anita.singh@corporate.com,api.anthropic.com/v1/messages,Priya.Mehrotra@corporate.com,,,"claude-cli/2.1.177 (external, claude-vscode, agent-sdk/0.3.177)",192.168.1.15,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.38.81.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,agents.amsub0202.manage.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852617724683521,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,50,Wimborne Minster,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,BH21,94.0.33.0,0,,0,,,,0,,,1781591202,,,0,Web,0,,,,,nspolicy,,emily.stewart@corporate.com,agents.amsub0202.manage.microsoft.com,Rachael.Baker@corporate.com,,,,192.168.0.16,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.113.176.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westeurope-5.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853456635777281,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,Reading,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,RG1,90.241.124.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,rohan.desai@corporate.com,westeurope-5.in.applicationinsights.azure.com,Dipesh.Halai@corporate.com,,,,192.168.1.81,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,72.145.59.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853443943794179,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,52,Kettering,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,NN16,86.31.94.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,stefan.ionescu@corporate.com,winatp-gw-neu.microsoft.com,George.Tiganila@corporate.com,,,,192.168.0.225,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853449882906113,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,50,Southampton,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,SO32,94.6.58.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,andrew.bell@corporate.com,login.microsoftonline.com,michael.mann@corporate.com,,,,192.168.0.29,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,N/A,20.42.65.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852850190038529,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,daniel.hayes@corporate.com,teams.events.data.microsoft.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,13.89.179.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853444908526083,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Brent,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,N/A,143.58.186.0,0,,0,,,,0,,,1781591205,,,0,Web,0,,,,,nspolicy,,rebecca.fox@corporate.com,mobile.events.data.microsoft.com,catherine.wright@corporate.com,,,,192.168.1.138,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8710398816070853195,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:45 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591205,,,0,Web,8710398816070853195,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.126.32.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853459462706433,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,50,Haywards Heath,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,RH16,109.150.120.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,linda.martinez@corporate.com,login.microsoftonline.com,Anthony.Newman@corporate.com,,,,192.168.68.70,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.184.175.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852410878348563,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,EC4R,18.168.47.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,jordan.cooper@corporate.com,teams.events.data.microsoft.com,Ashley.Bailey@corporate.com,,,,192.168.23.18,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,3515517376565558726,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,3515517376565558726,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7863247045738140501,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:45 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591205,,,0,Web,7863247045738140501,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] Engineering Teams,policy,GitHub,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,75,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,18,Pune,73,Maharashtra,Asia/Kolkata,411005,20.207.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""Engineering"",""Development Tools"",""All Categories"",""DLP All Categories ""]",,,api.github.com,,,,[WEB] Engineering Teams,,,,,,,,0,3393853449572849153,,,0,,,,,,,,,,0,,,,,,,,,GitHub,IN,0,28,Gurugram,77,Haryana,Tue Jun 16 11:56:45 2026,Asia/Kolkata,122001,182.69.182.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,anita.singh@corporate.com,api.github.com,Priya.Mehrotra@corporate.com,,,,192.168.1.15,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,72.145.59.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852831265311235,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,Sonīpat,77,Haryana,Tue Jun 16 11:56:46 2026,Asia/Kolkata,131001,223.185.58.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,sanjay.gupta@corporate.com,winatp-gw-neu.microsoft.com,pankaj.kumar@corporate.com,,,,192.168.1.9,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8089903761584793704,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,8089903761584793704,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,LinkedIn,,0,Professional Networking,,,,,,,,,,,0,,,Professional Networking,65,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,104.18.41.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Professional Networking"",""All Categories"",""Risk and Crime"",""CapitalMarkets_and_Corporate Allow"",""DLP All Categories "",""Engineering"",""Marketing"",""Executives"",""Social Media""]",,,rum22.perf.linkedin.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393850907195427841,,,0,,,,,,,,,,0,,,,,,,,,Linkedin,GB,0,54,Newcastle upon Tyne,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,NE5,86.8.36.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,douglas.reed1@corporate.com,rum22.perf.linkedin.com,Craig.Smith1@corporate.com,,,,192.168.0.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Atlassian Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,86,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1016,185.166.141.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Technology""]",,,web-security-reports.services.atlassian.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393851267536473089,,,0,,,,,,,,,,0,,,,,,,,,Atlassian App Suite,GB,0,54,Newcastle upon Tyne,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,NE5,86.8.36.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,douglas.reed1@corporate.com,web-security-reports.services.atlassian.com,Craig.Smith1@corporate.com,,,,192.168.0.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.109.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,xpaywalletcdn-prod.azureedge.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853307310394369,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,54,Newcastle upon Tyne,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,NE5,86.8.36.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,douglas.reed1@corporate.com,xpaywalletcdn-prod.azureedge.net,Craig.Smith1@corporate.com,,,,192.168.0.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,block,Browse,yes,,[Utility] DNS over HTTPS,policy,DNS Over HTTPS,,5754666634689974621,General,,,,,,,,,,Chrome,3663950846471756290,,,General,,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,Mountain View,-123,California,America/Los_Angeles,N/A,8.8.8.0,,443,,,,,0,,,,,0,,,,Corporate-6069,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,silent_block.html,4738C42D-C0B6-D106-5B14-2A66FDD66B73,0,,,,,,,,Windows 11,Windows NT 11.0,"[""General"",""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,dns,,,[Utility] DNS over HTTPS,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8701724296648252667,,,0,,,,,,,,,,0,,unknown,,,,,,,DOH,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:44 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,8701724296648252667,,,,,nspolicy,,thomas.wilson@corporate.com,dns.google/dns-query,reuben.ramesh@corporate.com,,,Chrome,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,4696698913580918274,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,5761591961372255990,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-9364,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6943950510830566618,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,6943950510830566618,,,,,nspolicy,,derek.johnson@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Mansi.Pandey@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Edit,yes,,[WEB] Kriya Temp Access,policy,Google Drive,,8755455595597889721,Cloud Storage,Google App,,,,,,,,,Chrome,4054711562922334474,149.0.0.0,,Kriya Allow List,87,high,0,,0,,,2046601412204286866,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,142.251.30.0,,443,,,,,0,,,,,0,,k.histrov@corporate.com,,Corporate-3999,,,,,corporate.com,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,1617321A-ED0C-EA46-D03D-EA95CCD285EA,0,,17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA,Document,,,,,Windows 11,Windows NT 11.0,"[""Kriya Allow List"",""All Categories"",""CapitalMarkets_and_Corporate Allow"",""DLP All Categories "",""Marketing"",""Potentially malicious sites"",""G-Suite Access"",""File Transfers"",""Executives"",""Prohibited Sites"",""Cloud Storage""]",,,docs.google.com,Google Drive,,,[WEB] Kriya Temp Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,https://docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/edit?gid=1708606351,,,0,4252780909104881950,,,0,,,,,,,,,,0,,unknown,,,,,,,Google Drive,GB,0,51,London,-1,England,Tue Jun 16 07:26:46 2026,Europe/London,N/A,185.238.222.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,3954089612998707774,,,,,nspolicy,,m.petrov@corporate.com,docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/save,k.histrov@corporate.com,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36",192.168.1.111,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,22747,52.168.117.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852547193188355,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,103.163.65.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,anil.bhosale@corporate.com,mobile.events.data.microsoft.com,Om.Karnewar@corporate.com,,,,10.12.167.87,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,13,Chennai,80,Tamil Nadu,Asia/Kolkata,600001,20.190.174.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Technology""]",,,graph.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852953075976449,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,103.163.65.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,anil.bhosale@corporate.com,graph.microsoft.com,Om.Karnewar@corporate.com,,,,10.12.167.88,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v20.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853462902347267,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,New Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:46 2026,Asia/Kolkata,110005,110.235.234.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,rahul.yadav@corporate.com,eu-v20.events.data.microsoft.com,Vicky.Poonia@corporate.com,,,,192.168.1.7,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4469587467134532459,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,4469587467134532459,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,9123703410329835033,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,9123703410329835033,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,4696698913580918274,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,5761591961372255990,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-9364,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6943950510830566618,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:47 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,4383192372529799292,,,,,nspolicy,,derek.johnson@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Mansi.Pandey@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure DevOps,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,29,San Antonio,-99,Texas,America/Chicago,78288,23.100.122.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Engineering"",""Marketing"",""Development Tools"",""Platforms"",""All Categories"",""Technology""]",,,rt.services.visualstudio.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393849119910334465,,,0,,,,,,,,,,0,,,,,,,,,Visual Studio,PL,0,51,Lubartów,22,Lublin,Tue Jun 16 08:26:46 2026,Europe/Warsaw,21-100,46.151.187.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,pawel.kowalski@corporate.com,rt.services.visualstudio.com,Tomasz.Kucharzyk@corporate.com,,,,192.168.68.53,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,104.208.16.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,self.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852546840951297,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,53,St Helens,-3,England,Tue Jun 16 07:26:46 2026,Europe/London,WA9,94.0.129.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,susan.barker@corporate.com,self.events.data.microsoft.com,gill.hillier@corporate.com,,,,192.168.0.161,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.184.175.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852547218341123,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,IN,0,23,Ahmedabad,72,Gujarat,Tue Jun 16 11:56:46 2026,Asia/Kolkata,380008,106.194.78.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,amit.verma@corporate.com,teams.events.data.microsoft.com,Piyush.Jayswal@corporate.com,,,,172.20.10.2,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v10c.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853466140066561,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Windsor,-1,England,Tue Jun 16 07:26:46 2026,Europe/London,SL4,134.65.142.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,patricia.roy@corporate.com,eu-v10c.events.data.microsoft.com,john.peters@corporate.com,,,,192.168.68.115,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8286237362536754167,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,8286237362536754167,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.184.175.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,browser.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852322596851457,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:46 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,thomas.wilson@corporate.com,browser.events.data.microsoft.com,reuben.ramesh@corporate.com,,,,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.80.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v20.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853478295121665,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Newport,-3,Wales,Tue Jun 16 07:26:47 2026,Europe/London,NP19,81.102.150.0,0,,0,,,,0,,,1781591207,,,0,Web,0,,,,,nspolicy,,sam.crawford@corporate.com,eu-v20.events.data.microsoft.com,Dev.Alexander@corporate.com,,,,192.168.0.13,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,4696698913580918274,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,5761591961372255990,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-9364,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6943950510830566618,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,5086099446527205840,,,,,nspolicy,,derek.johnson@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Mansi.Pandey@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,13.69.239.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-office.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852402347080961,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,23,Ahmedabad,72,Gujarat,Tue Jun 16 11:56:47 2026,Asia/Kolkata,380008,106.194.78.0,0,,0,,,,0,,,1781591207,,,0,Web,0,,,,,nspolicy,,amit.verma@corporate.com,eu-office.events.data.microsoft.com,Piyush.Jayswal@corporate.com,,,,172.20.10.2,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,20.50.201.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852418696812037,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,IN,0,28,Gurugram,77,Haryana,Tue Jun 16 11:56:47 2026,Asia/Kolkata,122001,182.69.182.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,0,,,,,nspolicy,,anita.singh@corporate.com,teams.events.data.microsoft.com,Priya.Mehrotra@corporate.com,,,,192.168.1.15,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,1621617486991627159,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,6532044925164558210,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-0393,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,30E11FC1-2EC7-9412-66A6-CDBDFF40D487,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,1998436724571375512,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,51,Fulham,-1,England,Tue Jun 16 07:26:47 2026,Europe/London,SW6,140.228.75.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,1998436724571375512,,,,,nspolicy,,katrina.berzina@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Agnese.Ruskule@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.52.126,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Atlassian MCP,,0,MCP Server,,,,,,,,,,,0,,,MCP Server,70,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1016,185.166.143.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""MCP Server"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Technology""]",,,mcp.atlassian.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853437585578753,,,0,,,,,,,,,,0,,,,,,,,,Atlassian MCP,PL,0,50,Katowice,18,Silesia,Tue Jun 16 08:26:47 2026,Europe/Warsaw,40-872,195.177.85.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,0,,,,,nspolicy,,marek.nowak@corporate.com,mcp.atlassian.com,andrzej.globisz@corporate.com,,,,192.168.1.27,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852845911628545,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Waltham Cross,-1,England,Tue Jun 16 07:26:47 2026,Europe/London,EN8,82.9.161.0,0,,0,,,,0,,,1781591207,,,0,Web,0,,,,,nspolicy,,owen.phillips@corporate.com,winatp-gw-neu.microsoft.com,Gareth.Anderson@corporate.com,,,,192.168.0.64,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Live Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,70,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Risk and Crime"",""CapitalMarkets_and_Corporate Allow"",""Technology""]",,,login.live.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852424627345153,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Live Suite,GB,0,53,Chorley,-3,England,Tue Jun 16 07:26:47 2026,Europe/London,PR7,86.179.133.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,0,,,,,nspolicy,,maria.edwards@corporate.com,login.live.com,Peter.Norris@corporate.com,,,,192.168.1.237,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,3418830011869835973,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,6370962430820221408,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-6098,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,E718A4BE-BD27-5206-730B-5790C5F4FD8B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6366309692230137085,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,52,Leicester,-2,England,Tue Jun 16 07:26:48 2026,Europe/London,LE3,176.248.214.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,846928520315636649,,,,,nspolicy,,chris.davies@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Andy.Sutton@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.68.55,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4552805259691069610,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:47 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591207,,,0,Web,4552805259691069610,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6988357283908119751,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,6988357283908119751,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure DevOps,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,29,San Antonio,-99,Texas,America/Chicago,78288,23.100.122.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Engineering"",""Marketing"",""Development Tools"",""Platforms"",""All Categories"",""Technology""]",,,rt.services.visualstudio.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393851970317026819,,,0,,,,,,,,,,0,,,,,,,,,Visual Studio,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:48 2026,Europe/London,N/A,148.252.148.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,0,,,,,nspolicy,,luke.harrison@corporate.com,rt.services.visualstudio.com,adam.wrightson@corporate.com,,,,10.80.83.1,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,3418830011869835973,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,6370962430820221408,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-6098,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,E718A4BE-BD27-5206-730B-5790C5F4FD8B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6366309692230137085,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,52,Leicester,-2,England,Tue Jun 16 07:26:48 2026,Europe/London,LE3,176.248.214.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,6366309692230137085,,,,,nspolicy,,chris.davies@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Andy.Sutton@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.68.55,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,8474345048791532673,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,2375969179232529120,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-3436,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,B9C1AE09-E254-CCD6-3CCF-4AA3298EEA10,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,5384370215151327567,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:48 2026,Europe/London,N/A,148.252.148.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,5384370215151327567,,,,,nspolicy,,luke.harrison@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,adam.wrightson@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",10.80.83.3,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,2855143298923339489,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,2064547398725143804,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-2731,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,73699F49-EB38-1294-ED45-9ACC1AE015EE,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7925420924444153094,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,52,Milton Keynes,-1,England,Tue Jun 16 07:26:48 2026,Europe/London,MK6,94.10.125.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,7925420924444153094,,,,,nspolicy,,nicole.ward@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,hayley.Jarvis@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.0.35,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Delete,yes,,[WEB] All Sector Web Access,policy,Microsoft Office 365 Outlook.com,,5653566044705553090,Webmail,Office365,,,,,,,,,Edge,5199259246582574824,149.0.0.0,,All Sector Websites,81,high,0,,0,,,277779316245107090,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,W1U,40.99.205.0,,443,,,,,0,,,,,0,,steve.smith@corporate.com,,Corporate-2583,,,,,Corporate,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,D75790AE-F0D9-D54E-905B-99BA85FA8F7B,0,,AAkALgAAAAAAHYQDEapmEc2byACqAC/EWg0ALbG3BAwvpk293U7kYeVIZgAG1CnCUQAA,Mail,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""All Categories"",""DLP All Categories "",""Webmail""]",,,outlook.office.com,Microsoft Office 365 Outlook.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7339957861114475334,,,0,,,,,,,Yes,,,0,,unknown,,,,,,,Microsoft Office 365 Outlook.com,GB,0,52,Bedford,-1,England,Tue Jun 16 07:26:48 2026,Europe/London,MK42,5.69.118.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,7339957861114475334,,,,,nspolicy,,jason.miller@corporate.com,outlook.office.com/owa/service.svc,steve.smith@corporate.com,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 Edg/149.0.0.0 OneOutlook/1.2026.602.400",192.168.0.25,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, \ No newline at end of file