From 93a95032f5a8be4a6ef767d6eff95194d8a23731 Mon Sep 17 00:00:00 2001 From: Steve Miller <56824624+Steve1145@users.noreply.github.com> Date: Tue, 16 Jun 2026 13:32:17 +0100 Subject: [PATCH 1/4] [ASIM] Netskope AlertEvent Parser --- .../CustomTables/NetskopeAlerts_CL.json | 418 +++++++++--------- ASIM/dev/ASimTester/ASimTester.csv | 2 +- .../ARM/ASimAlertEvent/ASimAlertEvent.json | 2 +- .../ASimAlertEventNetskopeSecurityCloud.json | 36 ++ .../README.md | 21 + .../ARM/FullDeploymentAlertEvent.json | 40 ++ .../ARM/imAlertEvent/imAlertEvent.json | 2 +- .../README.md | 21 + .../vimAlertEventNetskopeSecurityCloud.json | 36 ++ .../CHANGELOG/ASimAlertEvent.md | 4 + .../ASimAlertEventNetskopeSecurityCloud.md | 5 + .../ASimAlertEvent/CHANGELOG/imAlertEvent.md | 4 + .../vimAlertEventNetskopeSecurityCloud.md | 5 + .../Parsers/ASimAlertEvent.yaml | 8 +- .../ASimAlertEventNetskopeSecurityCloud.yaml | 215 +++++++++ .../ASimAlertEvent/Parsers/imAlertEvent.yaml | 8 +- .../vimAlertEventNetskopeSecurityCloud.yaml | 279 ++++++++++++ ...Security Cloud_AlertEvent_IngestedLogs.csv | 101 +++++ 18 files changed, 997 insertions(+), 210 deletions(-) create mode 100644 Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json create mode 100644 Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md create mode 100644 Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md create mode 100644 Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json create mode 100644 Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md create mode 100644 Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md create mode 100644 Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml create mode 100644 Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml create mode 100644 Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv diff --git a/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json index 3b27b1d5ef2..86cfcd0b976 100644 --- a/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json +++ b/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json @@ -3,807 +3,823 @@ "Properties": [ { "Name": "TimeGenerated", - "Type": "datetime" + "Type": "DateTime" }, { "Name": "access_method", - "Type": "string" + "Type": "String" }, { "Name": "account_id", - "Type": "string" + "Type": "String" }, { "Name": "account_name", - "Type": "string" + "Type": "String" }, { "Name": "acked", - "Type": "string" + "Type": "String" }, { "Name": "action", - "Type": "string" + "Type": "String" }, { "Name": "activity", - "Type": "string" + "Type": "String" }, { "Name": "alert", - "Type": "string" + "Type": "String" }, { "Name": "alert_id", - "Type": "string" + "Type": "String" }, { "Name": "alert_name", - "Type": "string" + "Type": "String" }, { "Name": "alert_type", - "Type": "string" + "Type": "String" }, { "Name": "app", - "Type": "string" + "Type": "String" }, { "Name": "app_activity", - "Type": "string" + "Type": "String" }, { "Name": "app_sessionid", - "Type": "string" + "Type": "String" }, { "Name": "appcategory", - "Type": "string" + "Type": "String" }, { "Name": "appsuite", - "Type": "string" + "Type": "String" }, { "Name": "asset_id", - "Type": "string" + "Type": "String" }, { "Name": "asset_object_id", - "Type": "string" + "Type": "String" }, { "Name": "breach_date", - "Type": "int" + "Type": "Int32" }, { "Name": "breach_description", - "Type": "string" + "Type": "String" }, { "Name": "breach_id", - "Type": "string" + "Type": "String" }, { "Name": "breach_media_references", - "Type": "string" + "Type": "String" }, { "Name": "breach_score", - "Type": "string" + "Type": "String" }, { "Name": "breach_target_references", - "Type": "string" + "Type": "String" }, { "Name": "browser", - "Type": "string" + "Type": "String" }, { "Name": "browser_sessionid", - "Type": "string" + "Type": "String" }, { "Name": "browser_version", - "Type": "string" + "Type": "String" }, { "Name": "bypass_traffic", - "Type": "string" + "Type": "String" }, { "Name": "category", - "Type": "string" + "Type": "String" }, { "Name": "cci", - "Type": "int" + "Type": "Int32" }, { "Name": "ccl", - "Type": "string" + "Type": "String" }, { "Name": "client_bytes", - "Type": "int" + "Type": "Int32" }, { "Name": "compliance_standards", - "Type": "dynamic" + "Type": "Object" }, { "Name": "conn_duration", - "Type": "int" + "Type": "Int32" }, { "Name": "conn_endtime", - "Type": "int" + "Type": "Int32" }, { "Name": "conn_starttime", - "Type": "int" + "Type": "Int32" }, { "Name": "connectionid", - "Type": "string" + "Type": "String" }, { "Name": "CononicalName", - "Type": "string" + "Type": "String" }, { "Name": "count_i", - "Type": "int" + "Type": "Int32" }, { "Name": "data_type", - "Type": "string" + "Type": "String" }, { "Name": "device", - "Type": "string" + "Type": "String" }, { "Name": "device_classification", - "Type": "string" + "Type": "String" }, { "Name": "dlp_file", - "Type": "string" + "Type": "String" }, { "Name": "dlp_incidentid", - "Type": "string" + "Type": "String" }, { "Name": "dlp_is_unique_count", - "Type": "string" + "Type": "String" }, { "Name": "dlp_mail_parent_id", - "Type": "string" + "Type": "String" }, { "Name": "dlp_parentid", - "Type": "string" + "Type": "String" }, { "Name": "dlp_profile", - "Type": "string" + "Type": "String" }, { "Name": "dlp_rule", - "Type": "string" + "Type": "String" }, { "Name": "dlp_rule_count", - "Type": "int" + "Type": "Int32" }, { "Name": "dlp_rule_severity", - "Type": "string" + "Type": "String" }, { "Name": "dlp_unique_count", - "Type": "int" + "Type": "Int32" }, { "Name": "domain", - "Type": "string" + "Type": "String" }, { "Name": "dst_country", - "Type": "string" + "Type": "String" }, { "Name": "dst_geoip_src", - "Type": "int" + "Type": "Int32" }, { "Name": "dst_latitude", - "Type": "int" + "Type": "Int32" }, { "Name": "dst_location", - "Type": "string" + "Type": "String" }, { "Name": "dst_longitude", - "Type": "int" + "Type": "Int32" }, { "Name": "dst_region", - "Type": "string" + "Type": "String" }, { "Name": "dst_timezone", - "Type": "string" + "Type": "String" }, { "Name": "dst_zipcode", - "Type": "string" + "Type": "String" }, { "Name": "dstip", - "Type": "string" + "Type": "String" }, { "Name": "dsthost", - "Type": "string" + "Type": "String" }, { "Name": "dstport", - "Type": "int" + "Type": "Int32" }, { "Name": "email_source", - "Type": "string" + "Type": "String" }, { "Name": "event_type", - "Type": "string" + "Type": "String" }, { "Name": "evt_src_chnl", - "Type": "string" + "Type": "String" }, { "Name": "exposure", - "Type": "string" + "Type": "String" }, { "Name": "external_collaborator_count", - "Type": "int" + "Type": "Int32" }, { "Name": "external_email", - "Type": "int" + "Type": "Int32" }, { "Name": "file_cls_encrypted", - "Type": "boolean" + "Type": "SByte" }, { "Name": "file_lang", - "Type": "string" + "Type": "String" }, { "Name": "file_path", - "Type": "string" + "Type": "String" }, { "Name": "file_size", - "Type": "int" + "Type": "Int32" }, { "Name": "file_type", - "Type": "string" + "Type": "String" }, { "Name": "from_user", - "Type": "string" + "Type": "String" }, { "Name": "fromlogs", - "Type": "string" + "Type": "String" }, { "Name": "hostname", - "Type": "string" + "Type": "String" }, { "Name": "http_transaction_count", - "Type": "int" + "Type": "Int32" }, { "Name": "iaas_asset_tags", - "Type": "dynamic" + "Type": "Object" }, { "Name": "iaas_remediated", - "Type": "string" + "Type": "String" }, { "Name": "instance", - "Type": "string" + "Type": "String" }, { "Name": "instance_id", - "Type": "string" + "Type": "String" }, { "Name": "internal_collaborator_count", - "Type": "int" + "Type": "Int32" }, { "Name": "justification_reason", - "Type": "string" + "Type": "String" }, { "Name": "justification_type", - "Type": "string" + "Type": "String" }, { "Name": "last_app", - "Type": "string" + "Type": "String" }, { "Name": "last_country", - "Type": "string" + "Type": "String" }, { "Name": "last_device", - "Type": "string" + "Type": "String" }, { "Name": "last_location", - "Type": "string" + "Type": "String" }, { "Name": "last_region", - "Type": "string" + "Type": "String" }, { "Name": "last_timestamp", - "Type": "int" + "Type": "Int32" }, { "Name": "log_file_name", - "Type": "string" + "Type": "String" }, { "Name": "malicious", - "Type": "string" + "Type": "String" }, { "Name": "malsite_category", - "Type": "dynamic" + "Type": "Object" }, { "Name": "malsite_country", - "Type": "string" + "Type": "String" }, { "Name": "malsite_id", - "Type": "string" + "Type": "String" }, { "Name": "malsite_ip_host", - "Type": "string" + "Type": "String" }, { "Name": "malsite_latitude", - "Type": "int" + "Type": "Int32" }, { "Name": "malsite_longitude", - "Type": "int" + "Type": "Int32" }, { "Name": "malsite_region", - "Type": "string" + "Type": "String" }, { "Name": "managed_app", - "Type": "string" + "Type": "String" }, { "Name": "managementID", - "Type": "string" + "Type": "String" }, { "Name": "matched_username", - "Type": "string" + "Type": "String" }, { "Name": "md5", - "Type": "string" + "Type": "String" }, { "Name": "mime_type", - "Type": "string" + "Type": "String" }, { "Name": "modified", - "Type": "int" + "Type": "Int32" }, { "Name": "netskope_activity", - "Type": "string" + "Type": "String" }, { "Name": "netskope_pop", - "Type": "string" + "Type": "String" }, { "Name": "notify_template", - "Type": "string" + "Type": "String" }, { "Name": "nsdeviceuid", - "Type": "string" + "Type": "String" }, { "Name": "numbytes", - "Type": "int" + "Type": "Int32" }, { "Name": "object", - "Type": "string" + "Type": "String" }, { "Name": "object_id", - "Type": "string" + "Type": "String" }, { "Name": "object_type", - "Type": "string" + "Type": "String" }, { "Name": "org", - "Type": "string" + "Type": "String" }, { "Name": "organization_unit", - "Type": "string" + "Type": "String" }, { "Name": "orig_ty", - "Type": "string" + "Type": "String" }, { "Name": "orignal_file_path", - "Type": "string" + "Type": "String" }, { "Name": "os", - "Type": "string" + "Type": "String" }, { "Name": "os_version", - "Type": "string" + "Type": "String" }, { "Name": "other_categories", - "Type": "dynamic" + "Type": "Object" }, { "Name": "outer_doc_type", - "Type": "int" + "Type": "Int32" }, { "Name": "owner", - "Type": "string" + "Type": "String" }, { "Name": "page", - "Type": "string" + "Type": "String" }, { "Name": "page_site", - "Type": "string" + "Type": "String" }, { "Name": "parent_id", - "Type": "string" + "Type": "String" }, { "Name": "password_type", - "Type": "string" + "Type": "String" }, { "Name": "policy", - "Type": "string" + "Type": "String" }, { "Name": "policy_actions", - "Type": "dynamic" + "Type": "Object" }, { "Name": "policy_id", - "Type": "string" + "Type": "String" }, { "Name": "profile_id", - "Type": "string" + "Type": "String" }, { "Name": "protocol", - "Type": "string" + "Type": "String" }, { "Name": "referer", - "Type": "string" + "Type": "String" }, { "Name": "region_id", - "Type": "string" + "Type": "String" }, { "Name": "region_name", - "Type": "string" + "Type": "String" }, { "Name": "req_cnt", - "Type": "int" + "Type": "Int32" }, { "Name": "requestid", - "Type": "string" + "Type": "String" }, { "Name": "resource_category", - "Type": "string" + "Type": "String" }, { "Name": "resource_group", - "Type": "string" + "Type": "String" }, { "Name": "resp_cnt", - "Type": "int" + "Type": "Int32" }, { "Name": "sa_profile_id", - "Type": "int" + "Type": "Int32" }, { "Name": "sa_profile_name", - "Type": "string" + "Type": "String" }, { "Name": "sa_rule_id", - "Type": "string" + "Type": "String" }, { "Name": "sa_rule_name", - "Type": "string" + "Type": "String" }, { "Name": "sa_rule_severity", - "Type": "string" + "Type": "String" }, { "Name": "sAMAccountName", - "Type": "string" + "Type": "String" }, { "Name": "sanctioned_instance", - "Type": "string" + "Type": "String" }, { "Name": "scan_type", - "Type": "string" + "Type": "String" }, { "Name": "serial", - "Type": "string" + "Type": "String" }, { "Name": "server_bytes", - "Type": "int" + "Type": "Int32" }, { "Name": "sessionid", - "Type": "string" + "Type": "String" }, { "Name": "severity", - "Type": "string" + "Type": "String" }, { "Name": "severity_level", - "Type": "string" + "Type": "String" }, { "Name": "severity_level_id", - "Type": "int" + "Type": "Int32" }, { "Name": "sfwder", - "Type": "string" + "Type": "String" }, { "Name": "sha256", - "Type": "string" + "Type": "String" }, { "Name": "shared_domains", - "Type": "string" + "Type": "String" }, { "Name": "shared_with", - "Type": "string" + "Type": "String" }, { "Name": "site", - "Type": "string" + "Type": "String" }, { "Name": "src_country", - "Type": "string" + "Type": "String" }, { "Name": "src_geoip_src", - "Type": "int" + "Type": "Int32" }, { "Name": "src_latitude", - "Type": "int" + "Type": "Int32" }, { "Name": "src_location", - "Type": "string" + "Type": "String" }, { "Name": "src_longitude", - "Type": "int" + "Type": "Int32" }, { "Name": "src_region", - "Type": "string" + "Type": "String" }, { "Name": "src_time", - "Type": "string" + "Type": "String" }, { "Name": "src_timezone", - "Type": "string" + "Type": "String" }, { "Name": "src_zipcode", - "Type": "string" + "Type": "String" }, { "Name": "srcip", - "Type": "string" + "Type": "String" }, { "Name": "suppression_end_time", - "Type": "int" + "Type": "Int32" }, { "Name": "suppression_key", - "Type": "string" + "Type": "String" }, { "Name": "suppression_start_time", - "Type": "int" + "Type": "Int32" }, { "Name": "telemetry_app", - "Type": "string" + "Type": "String" }, { "Name": "threat_match_field", - "Type": "string" + "Type": "String" }, { "Name": "threat_match_value", - "Type": "string" + "Type": "String" }, { "Name": "threat_source_id", - "Type": "int" + "Type": "Int32" }, { "Name": "threshold", - "Type": "int" + "Type": "Int32" }, { "Name": "threshold_time", - "Type": "int" + "Type": "Int32" }, { "Name": "timestamp", - "Type": "int" + "Type": "Int32" }, { "Name": "title_s", - "Type": "string" + "Type": "String" }, { "Name": "to_object", - "Type": "string" + "Type": "String" }, { "Name": "total_collaborator_count", - "Type": "int" + "Type": "Int32" }, { "Name": "traffic_type", - "Type": "string" + "Type": "String" }, { "Name": "transactionid", - "Type": "string" + "Type": "String" }, { "Name": "true_obj_category", - "Type": "string" + "Type": "String" }, { "Name": "true_obj_type", - "Type": "string" + "Type": "String" }, { "Name": "tss_mode", - "Type": "string" + "Type": "String" }, { "Name": "two_factor_auth", - "Type": "string" + "Type": "String" }, { "Name": "type_s", - "Type": "string" + "Type": "String" }, { "Name": "universal_connector", - "Type": "string" + "Type": "String" }, { "Name": "ur_normalized", - "Type": "string" + "Type": "String" }, { "Name": "url", - "Type": "string" + "Type": "String" }, { "Name": "user", - "Type": "string" + "Type": "String" }, { "Name": "user_generated", - "Type": "string" + "Type": "String" }, { "Name": "user_id", - "Type": "string" + "Type": "String" }, { "Name": "useragent", - "Type": "string" + "Type": "String" }, { "Name": "userip", - "Type": "string" + "Type": "String" }, { "Name": "userkey", - "Type": "string" + "Type": "String" }, { "Name": "userPrincipalName", - "Type": "string" + "Type": "String" }, { "Name": "web_universal_connector", - "Type": "string" + "Type": "String" + }, + { + "Name": "TenantId", + "Type": "String" + }, + { + "Name": "Type", + "Type": "String" + }, + { + "Name": "_ResourceId", + "Type": "String" + }, + { + "Name": "_ItemId", + "Type": "String" } ] } \ No newline at end of file diff --git a/ASIM/dev/ASimTester/ASimTester.csv b/ASIM/dev/ASimTester/ASimTester.csv index 3c77e44d7b9..835348a78b1 100644 --- a/ASIM/dev/ASimTester/ASimTester.csv +++ b/ASIM/dev/ASimTester/ASimTester.csv @@ -221,7 +221,7 @@ AttackRemediationSteps,string,Recommended,AlertEvent,,,,, AttackTactics,string,Recommended,AlertEvent,,,,, AttackTechniques,string,Recommended,AlertEvent,,,,, CommandLine,string,Alias,ProcessEvent,,,TargetProcessCommandLine,, -DetectionMethod,string,Optional,AlertEvent,Enumerated,EDR|Behavioral Analytics|Reputation|Threat Intelligence|Intrusion Detection|Automated Investigation|Antivirus|Data Loss Prevention|User Defined Blocked List|Cloud Security Posture Management,,, +DetectionMethod,string,Optional,AlertEvent,Enumerated,EDR|Behavioral Analytics|Reputation|Threat Intelligence|Intrusion Detection|Automated Investigation|Antivirus|Data Loss Prevention|User Defined Blocked List|Cloud Security Posture Management|Cloud Application Security|Scheduled Alerts|Other,,, DhcpCircuitId,string,Optional,DhcpEvent,,,,, DhcpLeaseDuration,int,Optional,DhcpEvent,,,,, DhcpSessionDuration,int,Optional,DhcpEvent,,,,, diff --git a/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json b/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json index fb469969b89..f389e5d7991 100644 --- a/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json +++ b/Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json @@ -27,7 +27,7 @@ "displayName": "Alert Event ASIM parser", "category": "ASIM", "FunctionAlias": "ASimAlertEvent", - "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeASimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser| where isnotempty(SourceSpecificParser));\nlet ASimBuiltInDisabled=toscalar('ExcludeASimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(pack:bool=false){\nunion isfuzzy=true\n vimAlertEventEmpty,\n ASimAlertEventBitdefenderGravityZone (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n ASimAlertEventMicrosoftDefenderXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventMicrosoftDefenderXDR' in (DisabledParsers)))),\n ASimAlertEventSentinelOneSingularity (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventSentinelOneSingularity' in (DisabledParsers)))),\n ASimAlertEventCiscoSecureEndpoint (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack)\n}; \nparser (pack=pack)\n", + "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeASimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser| where isnotempty(SourceSpecificParser));\nlet ASimBuiltInDisabled=toscalar('ExcludeASimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(pack:bool=false){\nunion isfuzzy=true\n vimAlertEventEmpty,\n ASimAlertEventBitdefenderGravityZone (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n ASimAlertEventMicrosoftDefenderXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventMicrosoftDefenderXDR' in (DisabledParsers)))),\n ASimAlertEventSentinelOneSingularity (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventSentinelOneSingularity' in (DisabledParsers)))),\n ASimAlertEventCiscoSecureEndpoint (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack),\n ASimAlertEventNetskopeSecurityCloud (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack)\n}; \nparser (pack=pack)\n", "version": 1, "functionParameters": "pack:bool=False" } diff --git a/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json new file mode 100644 index 00000000000..ae82b416ec7 --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "Workspace": { + "type": "string", + "metadata": { + "description": "The Microsoft Sentinel workspace into which the function will be deployed. Has to be in the selected Resource Group." + } + }, + "WorkspaceRegion": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The region of the selected workspace. The default value will use the Region selection above." + } + } + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2020-08-01", + "name": "[concat(parameters('Workspace'), '/ASimAlertEventNetskopeSecurityCloud')]", + "location": "[parameters('WorkspaceRegion')]", + "properties": { + "etag": "*", + "displayName": "Alert Event ASIM parser for Netskope Security Cloud", + "category": "ASIM", + "FunctionAlias": "ASimAlertEventNetskopeSecurityCloud", + "query": "let parser = (\n disabled:bool = false,\n pack:bool = false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"AntiVirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Netskope Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic([])\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n disabled = disabled,\n pack = pack\n)", + "version": 1, + "functionParameters": "disabled:bool=False,pack:bool=False" + } + } + ] +} \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md new file mode 100644 index 00000000000..bd1c8f70142 --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md @@ -0,0 +1,21 @@ +# Netskope Security Cloud ASIM AlertEvent Normalization Parser + +ARM template for ASIM AlertEvent schema parser for Netskope Security Cloud. + +This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. + + +The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace. + +For more information, see: + +- [Normalization and the Advanced Security Information Model (ASIM)](https://aka.ms/AboutASIM) +- [Deploy all of ASIM](https://aka.ms/DeployASIM) +- [ASIM AlertEvent normalization schema reference](https://aka.ms/ASimAlertEventDoc) + +For the changelog, see: +- [CHANGELOG](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md) + +
+ +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FASimAlertEventNetskopeSecurityCloud%2FASimAlertEventNetskopeSecurityCloud.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FASimAlertEventNetskopeSecurityCloud%2FASimAlertEventNetskopeSecurityCloud.json) diff --git a/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json b/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json index 116a6320df8..ddec760b3c0 100644 --- a/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json +++ b/Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json @@ -98,6 +98,26 @@ } } }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "linkedASimAlertEventNetskopeSecurityCloud", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "Workspace": { + "value": "[parameters('Workspace')]" + }, + "WorkspaceRegion": { + "value": "[parameters('WorkspaceRegion')]" + } + } + } + }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", @@ -238,6 +258,26 @@ } } }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "linkedvimAlertEventNetskopeSecurityCloud", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "Workspace": { + "value": "[parameters('Workspace')]" + }, + "WorkspaceRegion": { + "value": "[parameters('WorkspaceRegion')]" + } + } + } + }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", diff --git a/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json b/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json index f27cd3a9228..e8070a32928 100644 --- a/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json +++ b/Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json @@ -27,7 +27,7 @@ "displayName": "Alert Event ASIM filtering parser", "category": "ASIM", "FunctionAlias": "imAlertEvent", - "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser | where isnotempty(SourceSpecificParser));\nlet vimBuiltInDisabled=toscalar('ExcludevimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(\n starttime: datetime=datetime(null), \n endtime: datetime=datetime(null), \n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n pack:bool=false)\n{\nunion isfuzzy=true\n vimAlertEventEmpty,\n vimAlertEventBitdefenderGravityZone (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n vimAlertEventMicrosoftDefenderXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertMicrosoftDefenderXDR' in (DisabledParsers)))),\n vimAlertEventSentinelOneSingularity (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertSentinelOneSingularity' in (DisabledParsers)))),\n vimAlertEventCiscoSecureEndpoint (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack)\n};\nparser (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, pack=pack)\n", + "query": "let DisabledParsers=materialize(_GetWatchlist('ASimDisabledParsers') | where SearchKey in ('Any', 'ExcludeimAlertEvent') | extend SourceSpecificParser=column_ifexists('SourceSpecificParser','') | distinct SourceSpecificParser | where isnotempty(SourceSpecificParser));\nlet vimBuiltInDisabled=toscalar('ExcludevimAlertEvent' in (DisabledParsers) or 'Any' in (DisabledParsers)); \nlet parser=(\n starttime: datetime=datetime(null), \n endtime: datetime=datetime(null), \n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n pack:bool=false)\n{\nunion isfuzzy=true\n vimAlertEventEmpty,\n vimAlertEventBitdefenderGravityZone (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertBitdefenderGravityZone' in (DisabledParsers))), pack=pack),\n vimAlertEventMicrosoftDefenderXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertMicrosoftDefenderXDR' in (DisabledParsers)))),\n vimAlertEventSentinelOneSingularity (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertSentinelOneSingularity' in (DisabledParsers)))),\n vimAlertEventCiscoSecureEndpoint (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack),\n vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack),\n vimAlertEventNetskopeSecurityCloud (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack)\n};\nparser (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, pack=pack)\n", "version": 1, "functionParameters": "starttime:datetime=datetime(null),endtime:datetime=datetime(null),ipaddr_has_any_prefix:dynamic=dynamic([]),hostname_has_any:dynamic=dynamic([]),username_has_any:dynamic=dynamic([]),attacktactics_has_any:dynamic=dynamic([]),attacktechniques_has_any:dynamic=dynamic([]),threatcategory_has_any:dynamic=dynamic([]),alertverdict_has_any:dynamic=dynamic([]),eventseverity_has_any:dynamic=dynamic([]),pack:bool=False" } diff --git a/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md new file mode 100644 index 00000000000..d38392cddc1 --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md @@ -0,0 +1,21 @@ +# Netskope Security Cloud ASIM AlertEvent Normalization Parser + +ARM template for ASIM AlertEvent schema parser for Netskope Security Cloud. + +This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. + + +The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace. + +For more information, see: + +- [Normalization and the Advanced Security Information Model (ASIM)](https://aka.ms/AboutASIM) +- [Deploy all of ASIM](https://aka.ms/DeployASIM) +- [ASIM AlertEvent normalization schema reference](https://aka.ms/ASimAlertEventDoc) + +For the changelog, see: +- [CHANGELOG](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md) + +
+ +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FvimAlertEventNetskopeSecurityCloud%2FvimAlertEventNetskopeSecurityCloud.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FParsers%2FASimAlertEvent%2FARM%2FvimAlertEventNetskopeSecurityCloud%2FvimAlertEventNetskopeSecurityCloud.json) diff --git a/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json new file mode 100644 index 00000000000..a59bf1dd891 --- /dev/null +++ b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "Workspace": { + "type": "string", + "metadata": { + "description": "The Microsoft Sentinel workspace into which the function will be deployed. Has to be in the selected Resource Group." + } + }, + "WorkspaceRegion": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The region of the selected workspace. The default value will use the Region selection above." + } + } + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2020-08-01", + "name": "[concat(parameters('Workspace'), '/vimAlertEventNetskopeSecurityCloud')]", + "location": "[parameters('WorkspaceRegion')]", + "properties": { + "etag": "*", + "displayName": "Alert Event ASIM parser for Netskope Security Cloud", + "category": "ASIM", + "FunctionAlias": "vimAlertEventNetskopeSecurityCloud", + "query": "let parser = (\n starttime: datetime=datetime(null),\n endtime: datetime=datetime(null),\n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n disabled: bool=false,\n pack: bool=false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | where (\n (isnull(starttime) or TimeGenerated >= starttime)\n and (isnull(endtime) or TimeGenerated <= endtime)\n and ((array_length(ipaddr_has_any_prefix) == 0) or (has_any_ipv4_prefix(userip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(srcip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(dstip, ipaddr_has_any_prefix)))\n and ((array_length(hostname_has_any) == 0) or (hostname has_any (hostname_has_any)))\n and ((array_length(username_has_any) == 0) or (user has_any (username_has_any)))\n and ((array_length(attacktactics_has_any) == 0)) // AttackTactics detail not available in this parser.\n and ((array_length(attacktechniques_has_any) == 0)) // AttackTechniques detail not available in this parser.\n // ThreatCategory filtering done later in the parser\n and ((array_length(alertverdict_has_any) == 0)) // AlertVerdict detail not available in this parser.\n // EventSeverity filtering done later in the parser\n )\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | where ((array_length(threatcategory_has_any) == 0) or (ThreatCategory has_any (threatcategory_has_any)))\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | where ((array_length(eventseverity_has_any) == 0 or EventSeverity has_any (eventseverity_has_any)))\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"AntiVirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Netskope Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic([])\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n starttime = starttime,\n endtime = endtime,\n ipaddr_has_any_prefix = ipaddr_has_any_prefix,\n hostname_has_any = hostname_has_any,\n username_has_any = username_has_any,\n attacktactics_has_any = attacktactics_has_any,\n attacktechniques_has_any = attacktechniques_has_any,\n threatcategory_has_any = threatcategory_has_any,\n alertverdict_has_any = alertverdict_has_any,\n eventseverity_has_any = eventseverity_has_any,\n disabled = disabled,\n pack = pack\n)", + "version": 1, + "functionParameters": "starttime:datetime=datetime(null),endtime:datetime=datetime(null),ipaddr_has_any_prefix:dynamic=dynamic([]),hostname_has_any:dynamic=dynamic([]),username_has_any:dynamic=dynamic([]),attacktactics_has_any:dynamic=dynamic([]),attacktechniques_has_any:dynamic=dynamic([]),threatcategory_has_any:dynamic=dynamic([]),alertverdict_has_any:dynamic=dynamic([]),eventseverity_has_any:dynamic=dynamic([]),disabled:bool=False,pack:bool=False" + } + } + ] +} \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md index ea83ef1b344..e37027c0a26 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md @@ -1,5 +1,9 @@ # Changelog for ASimAlertEvent.yaml +## Version 0.1.4 + +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) + ## Version 0.1.3 - (2026-06-04) Palo Alto XDR - AlertEvent ASIM Parser - [PR #14401](https://github.com/Azure/Azure-Sentinel/pull/14401) diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md new file mode 100644 index 00000000000..d6e8858b49c --- /dev/null +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md @@ -0,0 +1,5 @@ +# Changelog for ASimAlertEventNetskopeSecurityCloud.yaml + +## Version 0.1.0 + +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md index 638cc76d24a..5bfb2246167 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md @@ -1,5 +1,9 @@ # Changelog for imAlertEvent.yaml +## Version 0.1.4 + +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) + ## Version 0.1.3 - (2026-06-04) Palo Alto XDR - AlertEvent ASIM Parser - [PR #14401](https://github.com/Azure/Azure-Sentinel/pull/14401) diff --git a/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md new file mode 100644 index 00000000000..b751984db20 --- /dev/null +++ b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md @@ -0,0 +1,5 @@ +# Changelog for vimAlertEventNetskopeSecurityCloud.yaml + +## Version 0.1.0 + +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml b/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml index 025da4f35e0..d4ebd6e15b8 100644 --- a/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml +++ b/Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml @@ -1,7 +1,7 @@ Parser: Title: Alert Event ASIM parser - Version: '0.1.3' - LastUpdated: Jun 03, 2026 + Version: '0.1.4' + LastUpdated: Jun 16, 2026 Product: Name: Source agnostic Normalization: @@ -23,6 +23,7 @@ Parsers: - _ASim_AlertEvent_SentinelOneSingularity - _ASim_AlertEvent_CiscoSecureEndpoint - _ASim_AlertEvent_PaloAltoXDR + - _ASim_AlertEvent_NetskopeSecurityCloud ParserParams: - Name: pack Type: bool @@ -37,6 +38,7 @@ ParserQuery: | ASimAlertEventMicrosoftDefenderXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventMicrosoftDefenderXDR' in (DisabledParsers)))), ASimAlertEventSentinelOneSingularity (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventSentinelOneSingularity' in (DisabledParsers)))), ASimAlertEventCiscoSecureEndpoint (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack), - ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack) + ASimAlertEventPaloAltoXDR (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack), + ASimAlertEventNetskopeSecurityCloud (disabled=(ASimBuiltInDisabled or ('ExcludeASimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack) }; parser (pack=pack) diff --git a/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml b/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml new file mode 100644 index 00000000000..ff3882cfeec --- /dev/null +++ b/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml @@ -0,0 +1,215 @@ +Parser: + Title: Alert Event ASIM parser for Netskope Security Cloud + Version: '0.1.0' + LastUpdated: Jun 16, 2026 +Product: + Name: Netskope Security Cloud +Normalization: + Schema: AlertEvent + Version: '0.1' +References: +- Title: ASIM Alert Schema + Link: https://aka.ms/ASimAlertEventDoc +- Title: ASIM + Link: https://aka.ms/AboutASIM +- Title: Developer + Link: https://www.bluevoyant.com/ +- Title: Netskope Data Connector + Link: https://gist.githubusercontent.com/mitchellgulledge2/1a91f1aec2fc9ff6e053fb32cb1de897/raw/bc9f580e9c5c0234e72a383efd5ff6d28f05b496/sentinel_ccp_arm.json +Description: | + This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. +ParserName: ASimAlertEventNetskopeSecurityCloud +EquivalentBuiltInParser: _ASim_AlertEvent_NetskopeSecurityCloud +ParserParams: + - Name: disabled + Type: bool + Default: false + - Name: pack + Type: bool + Default: false +ParserQuery: | + let parser = ( + disabled:bool = false, + pack:bool = false + ) + { + NetskopeAlerts_CL + | where not(disabled) + | extend + EventStartTime = unixtime_seconds_todatetime(timestamp), + ThreatCategory = case( + category =~ "Blocked Risky URLs", "MaliciousUrl", + category in~ ("Aggressive", "Online Ads"), "Adware", + category in~ ( + "Forums", + "Web Hosting, ISP & Telco", + "Games", + "Customer Relationship Management", + "Pay To Surf", + "Real Estate", + "Finance/Accounting", + "App Admin Console", + "URL Shorteners", + "Financial News", + "Religion", + "Social & Affiliation Organizations", + "Auctions & Marketplaces", + "Entertainment", + "Gambling", + "Trading & Investing", + "Drugs" + ), "Security Policy Violation", + "Unknown" + ) + | extend + EventEndTime = EventStartTime, + TimeGenerated = EventStartTime, + EventSeverity = case( + severity =~ "high", "High", + severity =~ "medium", "Medium", + severity =~ "low", "Low", + severity =~ "informational", "Informational", + "Informational" + ) + | extend + EventSubType = case( + alert_type in~ ("malware", "c2", "malsite", "ips", "compromised credential"), "Threat", + alert_type in~ ("dlp", "policy"), "Compliance Violation", + alert_type =~ "uba", "Anomaly", + "" + ), + DetectionMethod = case( + alert_type =~ "dlp", "Data Loss Prevention", + alert_type =~ "malware", "AntiVirus", + alert_type =~ "policy", "Cloud Application Security", + alert_type in~ ("c2", "ips"), "Intrusion Detection", + alert_type =~ "compromised credential", "Threat Intelligence", + alert_type =~ "uba", "Behavioral Analytics", + alert_type =~ "malsite", "Reputation", + "Other" + ), + FileName = iff( + tolower(tostring(object_type)) == "file", tostring(object), + "" + ), + DvcOriginalAction = tostring(action), + DvcAction = case( + action =~ "block", "Block", + action in~ ("allow", "proceed", "bypass", "alert", "useralert"), "Allow", + action in~ ("anomaly_detection", "detection"), "Detect", + "" + ), + EventResult = case( + action =~ "block", "Failure", + action in~ ("allow", "proceed", "bypass", "alert", "useralert", "anomaly_detection", "detection"), "Success", + "NA" + ), + _cat = tostring(category), + _app = tostring(app), + _desc = tostring(breach_description), + DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''), + DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '') + | extend + EventMessage = strcat( + trim(" ", tostring(alert_name)), + iff(isnotempty(_cat), strcat(" | Category: ", _cat), ""), + iff(isnotempty(_app), strcat(" | App: ", _app), ""), + iff(isnotempty(_desc), strcat(" | Breach Description: ", _desc), "") + ) + | project + TimeGenerated, + EventType = "Alert", + EventSchema = "AlertEvent", + EventSchemaVersion = "0.1", + EventVendor = "Netskope", + EventProduct = "Security Cloud", + EventCount = int(1), + EventStartTime, + EventEndTime, + EventSeverity, + EventOriginalSeverity = severity, + EventSubType, + EventResult, + EventOriginalResultDetails = action, + DvcId, + DvcIdType, + DvcIpAddr = userip, + DvcHostname = hostname, + DvcAction, + EventUid = _ItemId, + EventOriginalSubType = tostring(alert_type), + ThreatOriginalCategory = tostring(category), + ThreatCategory, + EventMessage, + DvcOs = case( + os has "windows", "Windows", + os_version startswith "windows", "Windows", + os has "Mac OS", "macOS", + os_version startswith "Mac", "macOS", + "" + ), + DvcOsVersion = os_version, + DetectionMethod, + AlertName = tostring(alert_name), + RuleName = tostring(policy), + DvcOriginalAction, + Username = tostring(user), + FileName, + FileSHA256 = sha256, + FileMD5 = md5, + Url = url, + Type, + AdditionalFields = iff( + pack, + bag_pack( + "AccessMethod", access_method, + "AlertType", alert_type, + "Action", action, + "Activity", activity, + "App", app, + "AppSessionId", tostring(coalesce(columnifexists("app_sessionid", ""), "")), + "AppCategory", appcategory, + "AppSuite", appsuite, + "Browser", browser, + "BrowserSessionId", tostring(coalesce(columnifexists("browser_sessionid", ""), "")), + "BrowserVersion", browser_version, + "CloudConfidenceIndex", cci, + "CloudConfidenceLevel", ccl, + "ConnectionId", tostring(coalesce(columnifexists("connectionid", ""), "")), + "MalsiteCategory", malsite_category, + "MalsiteCountry", malsite_country, + "Referer", referer, + "ObjectType", object_type, + "SourceIP", srcip, + "DestinationIP", dstip + ), + dynamic([]) + ) + | extend + UsernameType = case( + Username has "@", "UPN", + Username has @"\", "Windows", + isnotempty(Username), "Simple", + "" + ), + UserType = case( + isempty(Username), "Anonymous", + Username startswith "svc_" or Username startswith "svc-" or Username startswith "svc." or Username has "_svc@", "Service", + Username startswith "adm_" or Username startswith "adm-" or Username has "admin@", "Admin", + "Regular" + ) + //Aliases + | extend + AlertId = EventUid, + AlertDescription = EventMessage, + Rule = RuleName, + Hostname = DvcHostname, + IpAddr = DvcIpAddr, + User = Username, + Dvc = DvcHostname, + EventResultDetails = EventOriginalResultDetails + }; + parser( + disabled = disabled, + pack = pack + ) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml b/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml index 67b66f60b4d..20ddab9e775 100644 --- a/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml +++ b/Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml @@ -1,7 +1,7 @@ Parser: Title: Alert Event ASIM filtering parser - Version: '0.1.3' - LastUpdated: Jun 03, 2026 + Version: '0.1.4' + LastUpdated: Jun 16, 2026 Product: Name: Source agnostic Normalization: @@ -23,6 +23,7 @@ Parsers: - _Im_AlertEvent_SentinelOneSingularity - _Im_AlertEvent_CiscoSecureEndpoint - _Im_AlertEvent_PaloAltoXDR + - _Im_AlertEvent_NetskopeSecurityCloud ParserParams: - Name: starttime Type: datetime @@ -79,6 +80,7 @@ ParserQuery: | vimAlertEventMicrosoftDefenderXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertMicrosoftDefenderXDR' in (DisabledParsers)))), vimAlertEventSentinelOneSingularity (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertSentinelOneSingularity' in (DisabledParsers)))), vimAlertEventCiscoSecureEndpoint (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventCiscoSecureEndpoint' in (DisabledParsers))), pack=pack), - vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack) + vimAlertEventPaloAltoXDR (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventPaloAltoXDR' in (DisabledParsers))), pack=pack), + vimAlertEventNetskopeSecurityCloud (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, disabled=(vimBuiltInDisabled or ('ExcludevimAlertEventNetskopeSecurityCloud' in (DisabledParsers))), pack=pack) }; parser (starttime=starttime, endtime=endtime, ipaddr_has_any_prefix=ipaddr_has_any_prefix, hostname_has_any=hostname_has_any, username_has_any=username_has_any, attacktactics_has_any=attacktactics_has_any, attacktechniques_has_any=attacktechniques_has_any, threatcategory_has_any=threatcategory_has_any, alertverdict_has_any=alertverdict_has_any, eventseverity_has_any=eventseverity_has_any, pack=pack) diff --git a/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml b/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml new file mode 100644 index 00000000000..c6e6d09f577 --- /dev/null +++ b/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml @@ -0,0 +1,279 @@ +Parser: + Title: Alert Event ASIM parser for Netskope Security Cloud + Version: '0.1.0' + LastUpdated: Jun 16, 2026 +Product: + Name: Netskope Security Cloud +Normalization: + Schema: AlertEvent + Version: '0.1' +References: +- Title: ASIM Alert Schema + Link: https://aka.ms/ASimAlertEventDoc +- Title: ASIM + Link: https://aka.ms/AboutASIM +- Title: Developer + Link: https://www.bluevoyant.com/ +- Title: Netskope Data Connector + Link: https://gist.githubusercontent.com/mitchellgulledge2/1a91f1aec2fc9ff6e053fb32cb1de897/raw/bc9f580e9c5c0234e72a383efd5ff6d28f05b496/sentinel_ccp_arm.json +Description: | + This ASIM parser supports normalizing the Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis) to the ASIM Alert normalized schema. +ParserName: vimAlertEventNetskopeSecurityCloud +EquivalentBuiltInParser: _Im_AlertEvent_NetskopeSecurityCloud +ParserParams: + - Name: starttime + Type: datetime + Default: datetime(null) + - Name: endtime + Type: datetime + Default: datetime(null) + - Name: ipaddr_has_any_prefix + Type: dynamic + Default: dynamic([]) + - Name: hostname_has_any + Type: dynamic + Default: dynamic([]) + - Name: username_has_any + Type: dynamic + Default: dynamic([]) + - Name: attacktactics_has_any + Type: dynamic + Default: dynamic([]) + - Name: attacktechniques_has_any + Type: dynamic + Default: dynamic([]) + - Name: threatcategory_has_any + Type: dynamic + Default: dynamic([]) + - Name: alertverdict_has_any + Type: dynamic + Default: dynamic([]) + - Name: eventseverity_has_any + Type: dynamic + Default: dynamic([]) + - Name: disabled + Type: bool + Default: false + - Name: pack + Type: bool + Default: false +ParserQuery: | + let parser = ( + starttime: datetime=datetime(null), + endtime: datetime=datetime(null), + ipaddr_has_any_prefix: dynamic=dynamic([]), + hostname_has_any: dynamic=dynamic([]), + username_has_any: dynamic=dynamic([]), + attacktactics_has_any: dynamic=dynamic([]), + attacktechniques_has_any: dynamic=dynamic([]), + threatcategory_has_any: dynamic=dynamic([]), + alertverdict_has_any: dynamic=dynamic([]), + eventseverity_has_any: dynamic=dynamic([]), + disabled: bool=false, + pack: bool=false + ) + { + NetskopeAlerts_CL + | where not(disabled) + | where ( + (isnull(starttime) or TimeGenerated >= starttime) + and (isnull(endtime) or TimeGenerated <= endtime) + and ((array_length(ipaddr_has_any_prefix) == 0) or (has_any_ipv4_prefix(userip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(srcip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(dstip, ipaddr_has_any_prefix))) + and ((array_length(hostname_has_any) == 0) or (hostname has_any (hostname_has_any))) + and ((array_length(username_has_any) == 0) or (user has_any (username_has_any))) + and ((array_length(attacktactics_has_any) == 0)) // AttackTactics detail not available in this parser. + and ((array_length(attacktechniques_has_any) == 0)) // AttackTechniques detail not available in this parser. + // ThreatCategory filtering done later in the parser + and ((array_length(alertverdict_has_any) == 0)) // AlertVerdict detail not available in this parser. + // EventSeverity filtering done later in the parser + ) + | extend + EventStartTime = unixtime_seconds_todatetime(timestamp), + ThreatCategory = case( + category =~ "Blocked Risky URLs", "MaliciousUrl", + category in~ ("Aggressive", "Online Ads"), "Adware", + category in~ ( + "Forums", + "Web Hosting, ISP & Telco", + "Games", + "Customer Relationship Management", + "Pay To Surf", + "Real Estate", + "Finance/Accounting", + "App Admin Console", + "URL Shorteners", + "Financial News", + "Religion", + "Social & Affiliation Organizations", + "Auctions & Marketplaces", + "Entertainment", + "Gambling", + "Trading & Investing", + "Drugs" + ), "Security Policy Violation", + "Unknown" + ) + | where ((array_length(threatcategory_has_any) == 0) or (ThreatCategory has_any (threatcategory_has_any))) + | extend + EventEndTime = EventStartTime, + TimeGenerated = EventStartTime, + EventSeverity = case( + severity =~ "high", "High", + severity =~ "medium", "Medium", + severity =~ "low", "Low", + severity =~ "informational", "Informational", + "Informational" + ) + | where ((array_length(eventseverity_has_any) == 0 or EventSeverity has_any (eventseverity_has_any))) + | extend + EventSubType = case( + alert_type in~ ("malware", "c2", "malsite", "ips", "compromised credential"), "Threat", + alert_type in~ ("dlp", "policy"), "Compliance Violation", + alert_type =~ "uba", "Anomaly", + "" + ), + DetectionMethod = case( + alert_type =~ "dlp", "Data Loss Prevention", + alert_type =~ "malware", "AntiVirus", + alert_type =~ "policy", "Cloud Application Security", + alert_type in~ ("c2", "ips"), "Intrusion Detection", + alert_type =~ "compromised credential", "Threat Intelligence", + alert_type =~ "uba", "Behavioral Analytics", + alert_type =~ "malsite", "Reputation", + "Other" + ), + FileName = iff( + tolower(tostring(object_type)) == "file", tostring(object), + "" + ), + DvcOriginalAction = tostring(action), + DvcAction = case( + action =~ "block", "Block", + action in~ ("allow", "proceed", "bypass", "alert", "useralert"), "Allow", + action in~ ("anomaly_detection", "detection"), "Detect", + "" + ), + EventResult = case( + action =~ "block", "Failure", + action in~ ("allow", "proceed", "bypass", "alert", "useralert", "anomaly_detection", "detection"), "Success", + "NA" + ), + _cat = tostring(category), + _app = tostring(app), + _desc = tostring(breach_description), + DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''), + DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '') + | extend + EventMessage = strcat( + trim(" ", tostring(alert_name)), + iff(isnotempty(_cat), strcat(" | Category: ", _cat), ""), + iff(isnotempty(_app), strcat(" | App: ", _app), ""), + iff(isnotempty(_desc), strcat(" | Breach Description: ", _desc), "") + ) + | project + TimeGenerated, + EventType = "Alert", + EventSchema = "AlertEvent", + EventSchemaVersion = "0.1", + EventVendor = "Netskope", + EventProduct = "Security Cloud", + EventCount = int(1), + EventStartTime, + EventEndTime, + EventSeverity, + EventOriginalSeverity = severity, + EventSubType, + EventResult, + EventOriginalResultDetails = action, + DvcId, + DvcIdType, + DvcIpAddr = userip, + DvcHostname = hostname, + DvcAction, + EventUid = _ItemId, + EventOriginalSubType = tostring(alert_type), + ThreatOriginalCategory = tostring(category), + ThreatCategory, + EventMessage, + DvcOs = case( + os has "windows", "Windows", + os_version startswith "windows", "Windows", + os has "Mac OS", "macOS", + os_version startswith "Mac", "macOS", + "" + ), + DvcOsVersion = os_version, + DetectionMethod, + AlertName = tostring(alert_name), + RuleName = tostring(policy), + DvcOriginalAction, + Username = tostring(user), + FileName, + FileSHA256 = sha256, + FileMD5 = md5, + Url = url, + Type, + AdditionalFields = iff( + pack, + bag_pack( + "AccessMethod", access_method, + "AlertType", alert_type, + "Action", action, + "Activity", activity, + "App", app, + "AppSessionId", tostring(coalesce(columnifexists("app_sessionid", ""), "")), + "AppCategory", appcategory, + "AppSuite", appsuite, + "Browser", browser, + "BrowserSessionId", tostring(coalesce(columnifexists("browser_sessionid", ""), "")), + "BrowserVersion", browser_version, + "CloudConfidenceIndex", cci, + "CloudConfidenceLevel", ccl, + "ConnectionId", tostring(coalesce(columnifexists("connectionid", ""), "")), + "MalsiteCategory", malsite_category, + "MalsiteCountry", malsite_country, + "Referer", referer, + "ObjectType", object_type, + "SourceIP", srcip, + "DestinationIP", dstip + ), + dynamic([]) + ) + | extend + UsernameType = case( + Username has "@", "UPN", + Username has @"\", "Windows", + isnotempty(Username), "Simple", + "" + ), + UserType = case( + isempty(Username), "Anonymous", + Username startswith "svc_" or Username startswith "svc-" or Username startswith "svc." or Username has "_svc@", "Service", + Username startswith "adm_" or Username startswith "adm-" or Username has "admin@", "Admin", + "Regular" + ) + //Aliases + | extend + AlertId = EventUid, + AlertDescription = EventMessage, + Rule = RuleName, + Hostname = DvcHostname, + IpAddr = DvcIpAddr, + User = Username, + Dvc = DvcHostname, + EventResultDetails = EventOriginalResultDetails + }; + parser( + starttime = starttime, + endtime = endtime, + ipaddr_has_any_prefix = ipaddr_has_any_prefix, + hostname_has_any = hostname_has_any, + username_has_any = username_has_any, + attacktactics_has_any = attacktactics_has_any, + attacktechniques_has_any = attacktechniques_has_any, + threatcategory_has_any = threatcategory_has_any, + alertverdict_has_any = alertverdict_has_any, + eventseverity_has_any = eventseverity_has_any, + disabled = disabled, + pack = pack + ) \ No newline at end of file diff --git a/Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv b/Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv new file mode 100644 index 00000000000..40b4ec01863 --- /dev/null +++ b/Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv @@ -0,0 +1,101 @@ +TimeGenerated [UTC] access_method account_id account_name acked action activity alert alert_id alert_name alert_type app app_activity app_sessionid appcategory appsuite asset_id asset_object_id breach_date breach_description breach_id breach_media_references breach_score breach_target_references browser browser_sessionid browser_version bypass_traffic category cci ccl client_bytes compliance_standards conn_duration conn_endtime conn_starttime connectionid CononicalName count_i data_type device device_classification dlp_file dlp_incidentid dlp_is_unique_count dlp_mail_parent_id dlp_parentid dlp_profile dlp_rule dlp_rule_count dlp_rule_severity dlp_unique_count domain dst_country dst_geoip_src dst_latitude dst_location dst_longitude dst_region dst_timezone dst_zipcode dstip dsthost dstport email_source event_type evt_src_chnl exposure external_collaborator_count external_email file_cls_encrypted file_lang file_path file_size file_type from_user fromlogs hostname http_transaction_count iaas_asset_tags iaas_remediated instance instance_id internal_collaborator_count justification_reason justification_type last_app last_country last_device last_location last_region last_timestamp log_file_name malicious malsite_category malsite_country malsite_id malsite_ip_host malsite_latitude malsite_longitude malsite_region managed_app managementID matched_username md5 mime_type modified netskope_activity netskope_pop notify_template nsdeviceuid numbytes object object_id object_type org organization_unit orig_ty orignal_file_path os os_version other_categories outer_doc_type owner page page_site parent_id password_type policy policy_actions policy_id profile_id protocol referer region_id region_name req_cnt requestid resource_category resource_group resp_cnt sa_profile_id sa_profile_name sa_rule_id sa_rule_name sa_rule_severity sAMAccountName sanctioned_instance scan_type serial server_bytes sessionid severity severity_level severity_level_id sfwder sha256 shared_domains shared_with site src_country src_geoip_src src_latitude src_location src_longitude src_region src_time src_timezone src_zipcode srcip suppression_end_time suppression_key suppression_start_time telemetry_app threat_match_field threat_match_value threat_source_id threshold threshold_time timestamp title_s to_object total_collaborator_count traffic_type transactionid true_obj_category true_obj_type tss_mode two_factor_auth type_s universal_connector ur_normalized url user user_generated user_id useragent userip userkey userPrincipalName web_universal_connector TenantId Type _ResourceId +16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 52.138.229.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852352174846977 0 0 GB 0 51 Hendon -1 England Tue Jun 16 07:26:41 2026 Europe/London NW4 82.30.253.0 0 0 0 1781591201 0 Web 0 nspolicy vanessa.kumar@corporate.com eu-teams.events.data.microsoft.com Pramodini.Nayak@corporate.com 192.168.0.14 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 13.69.239.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-office.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852357233413889 0 0 IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:41 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591201 0 Web 0 nspolicy thomas.wilson@corporate.com eu-office.events.data.microsoft.com reuben.ramesh@corporate.com 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York 22747 48.211.4.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] settings-win.data.microsoft.com [WEB] All Sector Web Access 0 3393853375819866113 0 0 GB 0 50 Brighton -1 England Tue Jun 16 07:26:41 2026 Europe/London N/A 217.65.134.0 0 0 0 1781591201 0 Web 0 nspolicy sarah.patel@corporate.com settings-win.data.microsoft.com james.heath@corporate.com 10.101.3.13 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert Response yes [WEB] All Sector Web Access policy Anthropic Claude 4446167814681716819 Generative AI 5761591961372255990 All Sector Websites 83 high 0 0 8016351051001150293 1 Windows Device managed US 0 37 San Francisco -123 California America/Los_Angeles N/A 160.79.104.0 443 0 1414 text/plain Corporate-9364 0 [] no 5254500b6c6747d3e7c808bff4cf5303 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Message Windows 11 Windows NT 11.0 ["All Sector Websites","Engineering","Generative AI","Generative AI - Tools and Stores"] api.anthropic.com Anthropic [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 585895169767630047 0 0 Anthropic IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:42 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591202 0 CloudApp 1552339606481747543 nspolicy derek.johnson@corporate.com api.anthropic.com/v1/messages Mansi.Pandey@corporate.com claude-cli/2.1.177 (external, cli) 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York N/A 20.42.73.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] self.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852504461628673 0 0 GB 0 50 Haywards Heath -1 England Tue Jun 16 07:26:41 2026 Europe/London RH16 109.150.120.0 0 0 0 1781591201 0 Web 0 nspolicy linda.martinez@corporate.com self.events.data.microsoft.com Anthony.Newman@corporate.com 192.168.68.70 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4431870242258108579 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:41 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591201 0 Web 4431870242258108579 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:40.000 Client FALSE alert Upload yes [WEB] All Sector Web Access policy Microsoft Edge 4177921831347134248 Technology Chrome 119298968245144067 All Sector Websites 72 medium 0 0 0 1 application/octet-stream Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.27.0 443 0 5266 Plain Text file Corporate-93266 0 [] no dc848a6dec2ca7a14082d6fd628dab94 0 BD462FDF-D4FB-9286-8C32-4322B768C431 0 File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=uYKogYRfE0ceE%2FJzrJPt7w%3D%3D microsoft [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 5287969727838090829 0 0 unknown d2c10b214515b4a115f1244e6d621c634776fcb08099a20132c562c8860f6be0 Microsoft Edge GB 0 52 Birmingham -2 England Tue Jun 16 07:26:40 2026 Europe/London B6 31.94.70.0 0 0 0 1781591200 0 CloudApp 5287969727838090829 inline nspolicy yes emma.fitzgerald@corporate.com edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/ francis.purcell@corporate.com Chrome WIN 149.0.4022.62 (068a180137b01f28d261b1343e49c85b6348d4f5) channel(stable) 192.168.1.29 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4997919106262660520 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:41 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591201 0 Web 4997919106262660520 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE block Browse yes [WEB] Prohibited Sites policy Atlassian Jira Software 4487093888799611826 Development Tools Atlassian Safari 3743399434542224550 26.5 Prohibited Sites 84 high 0 0 0 1 Mac Device managed US 0 47 Redmond -123 Washington America/Los_Angeles 98073 13.107.137.0 443 0 0 HP42MPQD23 0 [] no 0 1.html 8273DDC0-5708-50CF-BBAE-010879101BA8 0 Mac OS Mac OSX 26.5.0 ["Prohibited Sites","All Categories","DLP All Categories ","Marketing","File Transfers","Cloud Storage","Engineering","Development Tools"] onedrive.live.com/favicon.ico live [WEB] Prohibited Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 https://myhouse.atlassian.net/ 0 1853767612842718881 0 0 unknown Atlassian - JIRA IN 0 18 Pune 73 Maharashtra Tue Jun 16 11:56:41 2026 Asia/Kolkata 411007 49.36.56.0 0 0 Microsoft OneDrive 0 1781591201 0 CloudApp 1853767612842718881 nspolicy robert.sharma@corporate.com onedrive.live.com/favicon.ico priyanka.burde@corporate.com Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.5 Safari/605.1.15 192.168.29.13 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other US 0 38 Arlington -78 Virginia America/New_York 22226 52.188.247.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] eastus-8.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393852796418741505 0 0 Windows Azure GB 0 52 Coalville -2 England Tue Jun 16 07:26:41 2026 Europe/London LE67 90.248.115.0 0 0 0 1781591201 0 CloudApp 0 nspolicy jessica.turner@corporate.com eastus-8.in.applicationinsights.azure.com Lucy.Crook@corporate.com 192.168.1.75 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:41.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.113.176.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westeurope-5.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393852295803588097 0 0 Windows Azure GB 0 51 Tottenham -1 England Tue Jun 16 07:26:41 2026 Europe/London N17 94.2.57.0 0 0 0 1781591201 0 CloudApp 0 nspolicy nathan.cole@corporate.com westeurope-5.in.applicationinsights.azure.com oliver.thompson@corporate.com 192.168.68.65 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other FR 0 48 Paris 2 Île-de-France Europe/Paris 75001 51.11.192.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393849919520560897 0 0 GB 0 53 Chorley -3 England Tue Jun 16 07:26:43 2026 Europe/London PR7 86.179.133.0 0 0 0 1781591203 0 Web 0 nspolicy maria.edwards@corporate.com eu-teams.events.data.microsoft.com Peter.Norris@corporate.com 192.168.1.237 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852768745043459 0 0 GB 0 51 City of London -1 England Tue Jun 16 07:26:42 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591202 0 Web 0 nspolicy daniel.hayes@corporate.com winatp-gw-neu.microsoft.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.109.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Technology"] res.cdn.office.net [WEB] All Sector Web Access 0 3393852922936047105 0 0 Microsoft Office 365 Suite GB 0 51 City of London -1 England Tue Jun 16 07:26:42 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591202 0 CloudApp 0 nspolicy daniel.hayes@corporate.com res.cdn.office.net Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 832221445352398182 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 832221445352398182 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:22.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Microsoft Office 365 Sharepoint Online 6394965475309242090 Collaboration Office365 Native 3375680068702254064 All Sector Websites 91 excellent 0 0 5089105323273154939 2 Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles 98073 13.107.138.0 443 0 0 application/x-empty john.peters@corporate.com Corporate-4485 Corporate 0 [] no d41d8cd98f00b204e9800998ecf8427e 0 39538DFA-6902-EAE4-1635-294AF4E2A4CE 0 creditreportxlsx File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","BDMs","Marketing","Underwriting and Recoveries","Relationship Managers","Custom-123","Corporate No DLP User Alerts","All Categories","Asset Finance","Technology","Collaboration"] Corporate.sharepoint.com Microsoft Office 365 Sharepoint Sites /sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306 [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 9019506608313725876 0 Yes 0 unknown Microsoft Office 365 Sharepoint Sites GB 0 51 Windsor -1 England Tue Jun 16 07:26:22 2026 Europe/London SL4 134.65.142.0 1781591202 1781591182 0 1781591182 0 CloudApp 9019506608313725876 nspolicy patricia.roy@corporate.com Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService john.peters@corporate.com Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb) 192.168.68.115 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IN 0 23 Ahmedabad 72 Gujarat Asia/Kolkata 380001 23.58.95.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Technology"] res.cdn.office.net [WEB] All Sector Web Access 0 3393852411591326979 0 0 Microsoft Office 365 Suite IN 0 23 Ahmedabad 72 Gujarat Tue Jun 16 11:56:42 2026 Asia/Kolkata 380008 106.194.78.0 0 0 0 1781591202 0 CloudApp 0 nspolicy amit.verma@corporate.com res.cdn.office.net Piyush.Jayswal@corporate.com 172.20.10.4 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 97742837984121794 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 97742837984121794 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8790388499610240949 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 8790388499610240949 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 1026375107878931682 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 1026375107878931682 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 1708876711254208367 Business Intelligence and Data Analytics Amazon 3815549169259536272 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-4573 9.0547E+11 0 [] no 0 01738383-705F-1C08-CA58-1B9D8FA51971 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469985555.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 5577809861853533151 0 0 Amazon Kinesis GB 0 51 Greenwich -1 England Tue Jun 16 07:26:42 2026 Europe/London SE10 82.5.65.0 0 0 0 1781591202 0 CloudApp 5577809861853533151 nspolicy brian.foster@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Josh.Eldridge@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.0.204 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.73.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v20.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853441897066243 0 0 GB 0 51 Kensington -1 England Tue Jun 16 07:26:43 2026 Europe/London SW3 62.49.203.0 0 0 0 1781591203 0 Web 0 nspolicy rachel.dean@corporate.com eu-v20.events.data.microsoft.com NICK.VOSS@corporate.com 192.168.68.52 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Microsoft Office 365 Sharepoint Online 6394965475309242090 Collaboration Office365 Native 3375680068702254064 All Sector Websites 91 excellent 0 0 5089105323273154939 1 Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles 98073 13.107.138.0 443 0 0 application/x-empty john.peters@corporate.com Corporate-4485 Corporate 0 [] no d41d8cd98f00b204e9800998ecf8427e 0 39538DFA-6902-EAE4-1635-294AF4E2A4CE 0 creditreportxlsx File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","BDMs","Marketing","Underwriting and Recoveries","Relationship Managers","Custom-123","Corporate No DLP User Alerts","All Categories","Asset Finance","Technology","Collaboration"] Corporate.sharepoint.com Microsoft Office 365 Sharepoint Sites /sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306 [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7993109372101449573 0 Yes 0 unknown Microsoft Office 365 Sharepoint Sites GB 0 51 Windsor -1 England Tue Jun 16 07:26:42 2026 Europe/London SL4 134.65.142.0 0 0 0 1781591202 0 CloudApp 7993109372101449573 nspolicy patricia.roy@corporate.com Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService john.peters@corporate.com Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb) 192.168.68.115 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6585949069064830580 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 6585949069064830580 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other GB 0 51 London -1 England Europe/London W1U 2.18.190.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Technology"] statics.teams.cdn.office.net [WEB] All Sector Web Access 0 3393853439925762305 0 0 Microsoft Office 365 Suite GB 0 50 Dawlish -4 England Tue Jun 16 07:26:43 2026 Europe/London EX7 2.123.56.0 0 0 0 1781591203 0 CloudApp 0 nspolicy steven.murphy@corporate.com statics.teams.cdn.office.net Danny.McMurdo@corporate.com 192.168.0.113 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 13.89.179.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853328290418689 0 0 PL 0 51 Lubartów 22 Lublin Tue Jun 16 08:26:44 2026 Europe/Warsaw 21-100 46.151.187.0 0 0 0 1781591204 0 Web 0 nspolicy pawel.kowalski@corporate.com mobile.events.data.microsoft.com Tomasz.Kucharzyk@corporate.com 192.168.68.53 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393852734913787393 0 0 Microsoft Office 365 Suite GB 0 51 City of London -1 England Tue Jun 16 07:26:43 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591203 0 CloudApp 0 nspolicy daniel.hayes@corporate.com login.microsoftonline.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other GB 0 51 London -1 England Europe/London W1U 23.214.208.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] iadsdk.apple.com [WEB] All Sector Web Access 0 3393849215380776961 0 0 GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:43 2026 Europe/London G12 81.157.158.0 0 0 0 1781591203 0 Web 0 nspolicy vikram.reddy@corporate.com iadsdk.apple.com anudeep.kattamuri@corporate.com 192.168.1.120 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IN 0 18 Pune 73 Maharashtra Asia/Kolkata 411005 20.190.146.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393852945408803585 0 0 Microsoft Office 365 Suite IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:44 2026 Asia/Kolkata 562130 122.172.83.0 0 0 0 1781591204 0 CloudApp 0 nspolicy sneha.nair@corporate.com login.microsoftonline.com Hridya.Raj@corporate.com 192.168.1.2 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.113.176.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westeurope-5.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393852402590403841 0 0 Windows Azure GB 0 51 City of London -1 England Tue Jun 16 07:26:44 2026 Europe/London EC4R 18.168.47.0 0 0 0 1781591204 0 CloudApp 0 nspolicy jordan.cooper@corporate.com westeurope-5.in.applicationinsights.azure.com Ashley.Bailey@corporate.com 192.168.23.18 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 72.145.59.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393853444547744257 0 0 IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:44 2026 Asia/Kolkata 562130 223.181.111.0 0 0 0 1781591204 0 Web 0 nspolicy rajesh.iyer@corporate.com winatp-gw-neu.microsoft.com Sasidhar.Shenoy@corporate.com 192.168.1.20 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.189.172.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westus-0.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393853446410073857 0 0 Windows Azure GB 0 51 Canary Wharf -1 England Tue Jun 16 07:26:44 2026 Europe/London E14 5.253.252.0 0 0 0 1781591204 0 CloudApp 0 nspolicy timothy.flynn@corporate.com westus-0.in.applicationinsights.azure.com John.Duggan@corporate.com 10.16.1.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852808112669441 0 0 GB 0 51 Ilford 0 England Tue Jun 16 07:26:43 2026 Europe/London IG1 31.94.56.0 0 0 0 1781591203 0 Web 0 nspolicy paul.harrison@corporate.com winatp-gw-neu.microsoft.com ian.francis@corporate.com 10.0.98.139 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:40.000 Client FALSE alert Upload yes [WEB] All Sector Web Access policy Microsoft Edge 6055177101387891139 Technology Chrome 2382959896824642836 All Sector Websites 72 medium 0 0 0 1 application/octet-stream Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.28.0 443 0 53575 Unicode text file Corporate-7590 0 [] no 920f709968056934a89704455278e76e 0 0EDF2337-221C-FC1F-F183-623715444C2D 0 File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=oxgtO83ZD8SfssrA5F4LGQ%3D%3D microsoft [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 2618767518737324206 0 0 unknown d1bf1904c6f9d79f0fd8551fa711831cd71cb61535619066a051e6f952286182 Microsoft Edge GB 0 53 Liverpool -3 England Tue Jun 16 07:26:40 2026 Europe/London L1 2.125.131.0 0 0 0 1781591200 0 CloudApp 2618767518737324206 inline nspolicy yes alan.douglas@corporate.com edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/ Mike.Gribben@corporate.com Chrome WIN 149.0.4022.69 (6c7df6d8a61da958d863a718cc0403efd161d40d) channel(stable) 192.168.0.31 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8663864056354055490 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 8663864056354055490 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 3706353385689057456 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 3706353385689057456 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 74.178.240.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] tas02.cws.update.microsoft.com [WEB] All Sector Web Access 0 3393853425304355073 0 0 GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:44 2026 Europe/London G14 46.65.52.0 0 0 0 1781591204 0 Web 0 nspolicy marcus.grant@corporate.com tas02.cws.update.microsoft.com Brian.Bovell@corporate.com 192.168.0.137 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6056427765594716528 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 6056427765594716528 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 52.236.189.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] r.manage.microsoft.com [WEB] All Sector Web Access 0 3393852955701949953 0 0 GB 0 51 City of London -1 England Tue Jun 16 07:26:43 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591203 0 Web 0 nspolicy daniel.hayes@corporate.com r.manage.microsoft.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IN 0 19 Mumbai 72 Maharashtra Asia/Kolkata 400017 17.253.18.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] ocsp2.apple.com [WEB] All Sector Web Access 0 3393852930451994113 0 0 IN 0 11 Coimbatore 76 Tamil Nadu Tue Jun 16 11:56:43 2026 Asia/Kolkata 641011 223.185.26.0 0 0 0 1781591203 0 Web 0 nspolicy arjun.krishnan@corporate.com ocsp2.apple.com Jai.Senthilkumar@corporate.com 192.168.0.149 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy ChatGPT 0 Generative AI 0 Generative AI 64 medium 0 0 0 1 Other US 0 37 San Francisco -123 California America/Los_Angeles N/A 104.18.32.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","Generative AI","Engineering","Marketing","DLP All Categories ","All Categories","Technology"] ab.chatgpt.com [WEB] All Sector Web Access 0 3393852189176228097 0 0 ChatGPT DE 0 49 Nuremberg 11 Bavaria Tue Jun 16 08:26:44 2026 Europe/Berlin 90419 77.25.22.0 0 0 0 1781591204 0 CloudApp 0 nspolicy felix.weber@corporate.com ab.chatgpt.com Alexander.Schmolck@corporate.com 192.168.0.162 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE block Browse yes [Utility] DNS over HTTPS policy DNS Over HTTPS 5754666634689974621 General Chrome 3663950846471756290 General unknown 0 0 0 1 Windows Device managed US 0 37 Mountain View -123 California America/Los_Angeles N/A 8.8.8.0 443 0 0 Corporate-6069 0 [] no 0 silent_block.html 4738C42D-C0B6-D106-5B14-2A66FDD66B73 0 Windows 11 Windows NT 11.0 ["General","All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA dns [Utility] DNS over HTTPS 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7651958669119122990 0 0 unknown DOH IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:44 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591204 0 CloudApp 7651958669119122990 nspolicy thomas.wilson@corporate.com dns.google/dns-query reuben.ramesh@corporate.com Chrome 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393853341284074245 0 0 Microsoft Office 365 Suite GB 0 52 Bedford -1 England Tue Jun 16 07:26:44 2026 Europe/London MK42 5.69.118.0 0 0 0 1781591204 0 CloudApp 0 nspolicy jason.miller@corporate.com login.microsoftonline.com steve.smith@corporate.com 192.168.0.25 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8584411413143272213 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 8584411413143272213 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 2234760899676255905 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 2234760899676255905 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393853432996767233 0 0 GB 0 51 London -1 England Tue Jun 16 07:26:42 2026 Europe/London N/A 31.94.18.0 0 0 0 1781591202 0 Web 0 nspolicy dimitri.stavros@corporate.com winatp-gw-neu.microsoft.com Konstantinos.Pagonas@corporate.com 172.20.10.8 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 73473666834719211 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 73473666834719211 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE block Browse yes [Utility] DNS over HTTPS policy DNS Over HTTPS 5754666634689974621 General Chrome 3663950846471756290 General unknown 0 0 0 1 Windows Device managed US 0 37 Mountain View -123 California America/Los_Angeles N/A 8.8.8.0 443 0 0 Corporate-6069 0 [] no 0 silent_block.html 4738C42D-C0B6-D106-5B14-2A66FDD66B73 0 Windows 11 Windows NT 11.0 ["General","All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA dns [Utility] DNS over HTTPS 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 1122210977986776659 0 0 unknown DOH IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:44 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591204 0 CloudApp 1122210977986776659 nspolicy thomas.wilson@corporate.com dns.google/dns-query reuben.ramesh@corporate.com Chrome 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 13.69.109.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852540901754113 0 0 GB 0 51 South Croydon -1 England Tue Jun 16 07:26:45 2026 Europe/London CR2 90.253.104.0 0 0 0 1781591205 0 Web 0 nspolicy claire.robinson@corporate.com eu-mobile.events.data.microsoft.com Morgan.Walker@corporate.com 192.168.1.178 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 13.89.179.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853455964664335 0 0 IN 0 19 Pālghar 72 Maharashtra Tue Jun 16 11:56:45 2026 Asia/Kolkata 401404 103.217.128.0 0 0 0 1781591205 0 Web 0 nspolicy neha.kapoor@corporate.com mobile.events.data.microsoft.com Mittali.Taurani@corporate.com 192.168.1.39 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure DevOps 0 Development Tools 0 Development Tools 84 high 0 0 0 1 Other US 0 29 San Antonio -99 Texas America/Chicago 78288 23.100.122.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Engineering","Marketing","Development Tools","Platforms","All Categories","Technology"] rt.services.visualstudio.com [WEB] All Sector Web Access 0 3393850142254775809 0 0 Visual Studio IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:45 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591205 0 CloudApp 0 nspolicy derek.johnson@corporate.com rt.services.visualstudio.com Mansi.Pandey@corporate.com 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert Post yes [WEB] All Sector Web Access policy Anthropic Claude 9115015412155731128 Generative AI 722979866996278186 All Sector Websites 83 high 0 0 9215221511256502607 1 Mac Device managed US 0 37 San Francisco -123 California America/Los_Angeles N/A 160.79.104.0 443 0 962 text/plain HP6VRPXG3P6 0 [] no 54c809c37479543154c3640e32d872cc 0 D0FE0218-8F8A-53B2-0DEB-281635052363 0 Message Mac OS Mac OSX 26.5.1 ["All Sector Websites","Engineering","Generative AI","Generative AI - Tools and Stores"] api.anthropic.com Anthropic [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 3650952565633792930 0 0 8cea17bdc1bc01cae94ea1d9c61adcee16229e39593ddd47de3f54a7e90f0b0c Anthropic IN 0 28 Gurugram 77 Haryana Tue Jun 16 11:56:45 2026 Asia/Kolkata 122001 182.69.182.0 0 0 0 1781591205 0 CloudApp 3650952565633792930 nspolicy anita.singh@corporate.com api.anthropic.com/v1/messages Priya.Mehrotra@corporate.com claude-cli/2.1.177 (external, claude-vscode, agent-sdk/0.3.177) 192.168.1.15 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:42.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.38.81.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] agents.amsub0202.manage.microsoft.com [WEB] All Sector Web Access 0 3393852617724683521 0 0 GB 0 50 Wimborne Minster -2 England Tue Jun 16 07:26:42 2026 Europe/London BH21 94.0.33.0 0 0 0 1781591202 0 Web 0 nspolicy emily.stewart@corporate.com agents.amsub0202.manage.microsoft.com Rachael.Baker@corporate.com 192.168.0.16 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.113.176.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westeurope-5.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393853456635777281 0 0 Windows Azure GB 0 51 Reading -1 England Tue Jun 16 07:26:45 2026 Europe/London RG1 90.241.124.0 0 0 0 1781591205 0 CloudApp 0 nspolicy rohan.desai@corporate.com westeurope-5.in.applicationinsights.azure.com Dipesh.Halai@corporate.com 192.168.1.81 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 72.145.59.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393853443943794179 0 0 GB 0 52 Kettering -1 England Tue Jun 16 07:26:43 2026 Europe/London NN16 86.31.94.0 0 0 0 1781591203 0 Web 0 nspolicy stefan.ionescu@corporate.com winatp-gw-neu.microsoft.com George.Tiganila@corporate.com 192.168.0.225 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393853449882906113 0 0 Microsoft Office 365 Suite GB 0 50 Southampton -2 England Tue Jun 16 07:26:44 2026 Europe/London SO32 94.6.58.0 0 0 0 1781591204 0 CloudApp 0 nspolicy andrew.bell@corporate.com login.microsoftonline.com michael.mann@corporate.com 192.168.0.29 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York N/A 20.42.65.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852850190038529 0 0 Microsoft Teams GB 0 51 City of London -1 England Tue Jun 16 07:26:45 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591205 0 CloudApp 0 nspolicy daniel.hayes@corporate.com teams.events.data.microsoft.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 13.89.179.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853444908526083 0 0 GB 0 51 Brent -1 England Tue Jun 16 07:26:45 2026 Europe/London N/A 143.58.186.0 0 0 0 1781591205 0 Web 0 nspolicy rebecca.fox@corporate.com mobile.events.data.microsoft.com catherine.wright@corporate.com 192.168.1.138 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8710398816070853195 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:45 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591205 0 Web 8710398816070853195 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.126.32.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393853459462706433 0 0 Microsoft Office 365 Suite GB 0 50 Haywards Heath -1 England Tue Jun 16 07:26:45 2026 Europe/London RH16 109.150.120.0 0 0 0 1781591205 0 CloudApp 0 nspolicy linda.martinez@corporate.com login.microsoftonline.com Anthony.Newman@corporate.com 192.168.68.70 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.184.175.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852410878348563 0 0 Microsoft Teams GB 0 51 City of London -1 England Tue Jun 16 07:26:45 2026 Europe/London EC4R 18.168.47.0 0 0 0 1781591205 0 CloudApp 0 nspolicy jordan.cooper@corporate.com teams.events.data.microsoft.com Ashley.Bailey@corporate.com 192.168.23.18 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 3515517376565558726 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 3515517376565558726 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7863247045738140501 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:45 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591205 0 Web 7863247045738140501 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] Engineering Teams policy GitHub 0 Development Tools 0 Development Tools 75 high 0 0 0 1 Other IN 0 18 Pune 73 Maharashtra Asia/Kolkata 411005 20.207.73.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["Engineering","Development Tools","All Categories","DLP All Categories "] api.github.com [WEB] Engineering Teams 0 3393853449572849153 0 0 GitHub IN 0 28 Gurugram 77 Haryana Tue Jun 16 11:56:45 2026 Asia/Kolkata 122001 182.69.182.0 0 0 0 1781591205 0 CloudApp 0 nspolicy anita.singh@corporate.com api.github.com Priya.Mehrotra@corporate.com 192.168.1.15 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 72.145.59.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852831265311235 0 0 IN 0 28 Sonīpat 77 Haryana Tue Jun 16 11:56:46 2026 Asia/Kolkata 131001 223.185.58.0 0 0 0 1781591206 0 Web 0 nspolicy sanjay.gupta@corporate.com winatp-gw-neu.microsoft.com pankaj.kumar@corporate.com 192.168.1.9 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8089903761584793704 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 8089903761584793704 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy LinkedIn 0 Professional Networking 0 Professional Networking 65 medium 0 0 0 1 Other US 0 37 San Francisco -123 California America/Los_Angeles N/A 104.18.41.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Professional Networking","All Categories","Risk and Crime","CapitalMarkets_and_Corporate Allow","DLP All Categories ","Engineering","Marketing","Executives","Social Media"] rum22.perf.linkedin.com [WEB] All Sector Web Access 0 3393850907195427841 0 0 Linkedin GB 0 54 Newcastle upon Tyne -2 England Tue Jun 16 07:26:46 2026 Europe/London NE5 86.8.36.0 0 0 0 1781591206 0 CloudApp 0 nspolicy douglas.reed1@corporate.com rum22.perf.linkedin.com Craig.Smith1@corporate.com 192.168.0.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Atlassian Accounts 0 Application Suite 0 Application Suite 86 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1016 185.166.141.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Technology"] web-security-reports.services.atlassian.com [WEB] All Sector Web Access 0 3393851267536473089 0 0 Atlassian App Suite GB 0 54 Newcastle upon Tyne -2 England Tue Jun 16 07:26:46 2026 Europe/London NE5 86.8.36.0 0 0 0 1781591206 0 CloudApp 0 nspolicy douglas.reed1@corporate.com web-security-reports.services.atlassian.com Craig.Smith1@corporate.com 192.168.0.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.109.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] xpaywalletcdn-prod.azureedge.net [WEB] All Sector Web Access 0 3393853307310394369 0 0 GB 0 54 Newcastle upon Tyne -2 England Tue Jun 16 07:26:46 2026 Europe/London NE5 86.8.36.0 0 0 0 1781591206 0 Web 0 nspolicy douglas.reed1@corporate.com xpaywalletcdn-prod.azureedge.net Craig.Smith1@corporate.com 192.168.0.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:44.000 Client FALSE block Browse yes [Utility] DNS over HTTPS policy DNS Over HTTPS 5754666634689974621 General Chrome 3663950846471756290 General unknown 0 0 0 1 Windows Device managed US 0 37 Mountain View -123 California America/Los_Angeles N/A 8.8.8.0 443 0 0 Corporate-6069 0 [] no 0 silent_block.html 4738C42D-C0B6-D106-5B14-2A66FDD66B73 0 Windows 11 Windows NT 11.0 ["General","All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA dns [Utility] DNS over HTTPS 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8701724296648252667 0 0 unknown DOH IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:44 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591204 0 CloudApp 8701724296648252667 nspolicy thomas.wilson@corporate.com dns.google/dns-query reuben.ramesh@corporate.com Chrome 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 4696698913580918274 Business Intelligence and Data Analytics Amazon 5761591961372255990 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-9364 9.0547E+11 0 [] no 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6943950510830566618 0 0 Amazon Kinesis IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591206 0 CloudApp 6943950510830566618 nspolicy derek.johnson@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Mansi.Pandey@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Edit yes [WEB] Kriya Temp Access policy Google Drive 8755455595597889721 Cloud Storage Google App Chrome 4054711562922334474 149.0.0.0 Kriya Allow List 87 high 0 0 2046601412204286866 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 142.251.30.0 443 0 0 k.histrov@corporate.com Corporate-3999 corporate.com 0 [] no 0 1617321A-ED0C-EA46-D03D-EA95CCD285EA 0 17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA Document Windows 11 Windows NT 11.0 ["Kriya Allow List","All Categories","CapitalMarkets_and_Corporate Allow","DLP All Categories ","Marketing","Potentially malicious sites","G-Suite Access","File Transfers","Executives","Prohibited Sites","Cloud Storage"] docs.google.com Google Drive [WEB] Kriya Temp Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 https://docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/edit?gid=1708606351 0 4252780909104881950 0 0 unknown Google Drive GB 0 51 London -1 England Tue Jun 16 07:26:46 2026 Europe/London N/A 185.238.222.0 0 0 0 1781591206 0 CloudApp 3954089612998707774 nspolicy m.petrov@corporate.com docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/save k.histrov@corporate.com Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 192.168.1.111 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York 22747 52.168.117.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852547193188355 0 0 IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 103.163.65.0 0 0 0 1781591206 0 Web 0 nspolicy anil.bhosale@corporate.com mobile.events.data.microsoft.com Om.Karnewar@corporate.com 10.12.167.87 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IN 0 13 Chennai 80 Tamil Nadu Asia/Kolkata 600001 20.190.174.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Technology"] graph.microsoft.com [WEB] All Sector Web Access 0 3393852953075976449 0 0 Microsoft Office 365 Suite IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 103.163.65.0 0 0 0 1781591206 0 CloudApp 0 nspolicy anil.bhosale@corporate.com graph.microsoft.com Om.Karnewar@corporate.com 10.12.167.88 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.73.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v20.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853462902347267 0 0 IN 0 28 New Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:46 2026 Asia/Kolkata 110005 110.235.234.0 0 0 0 1781591206 0 Web 0 nspolicy rahul.yadav@corporate.com eu-v20.events.data.microsoft.com Vicky.Poonia@corporate.com 192.168.1.7 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4469587467134532459 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 4469587467134532459 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 9123703410329835033 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 9123703410329835033 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 4696698913580918274 Business Intelligence and Data Analytics Amazon 5761591961372255990 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-9364 9.0547E+11 0 [] no 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6943950510830566618 0 0 Amazon Kinesis IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:47 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591207 0 CloudApp 4383192372529799292 nspolicy derek.johnson@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Mansi.Pandey@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure DevOps 0 Development Tools 0 Development Tools 84 high 0 0 0 1 Other US 0 29 San Antonio -99 Texas America/Chicago 78288 23.100.122.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Engineering","Marketing","Development Tools","Platforms","All Categories","Technology"] rt.services.visualstudio.com [WEB] All Sector Web Access 0 3393849119910334465 0 0 Visual Studio PL 0 51 Lubartów 22 Lublin Tue Jun 16 08:26:46 2026 Europe/Warsaw 21-100 46.151.187.0 0 0 0 1781591206 0 CloudApp 0 nspolicy pawel.kowalski@corporate.com rt.services.visualstudio.com Tomasz.Kucharzyk@corporate.com 192.168.68.53 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 104.208.16.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] self.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852546840951297 0 0 GB 0 53 St Helens -3 England Tue Jun 16 07:26:46 2026 Europe/London WA9 94.0.129.0 0 0 0 1781591206 0 Web 0 nspolicy susan.barker@corporate.com self.events.data.microsoft.com gill.hillier@corporate.com 192.168.0.161 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.184.175.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852547218341123 0 0 Microsoft Teams IN 0 23 Ahmedabad 72 Gujarat Tue Jun 16 11:56:46 2026 Asia/Kolkata 380008 106.194.78.0 0 0 0 1781591206 0 CloudApp 0 nspolicy amit.verma@corporate.com teams.events.data.microsoft.com Piyush.Jayswal@corporate.com 172.20.10.2 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.73.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v10c.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853466140066561 0 0 GB 0 51 Windsor -1 England Tue Jun 16 07:26:46 2026 Europe/London SL4 134.65.142.0 0 0 0 1781591206 0 Web 0 nspolicy patricia.roy@corporate.com eu-v10c.events.data.microsoft.com john.peters@corporate.com 192.168.68.115 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8286237362536754167 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 8286237362536754167 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.184.175.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] browser.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852322596851457 0 0 IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:46 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591206 0 Web 0 nspolicy thomas.wilson@corporate.com browser.events.data.microsoft.com reuben.ramesh@corporate.com 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.80.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v20.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853478295121665 0 0 GB 0 51 Newport -3 Wales Tue Jun 16 07:26:47 2026 Europe/London NP19 81.102.150.0 0 0 0 1781591207 0 Web 0 nspolicy sam.crawford@corporate.com eu-v20.events.data.microsoft.com Dev.Alexander@corporate.com 192.168.0.13 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 4696698913580918274 Business Intelligence and Data Analytics Amazon 5761591961372255990 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-9364 9.0547E+11 0 [] no 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6943950510830566618 0 0 Amazon Kinesis IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591206 0 CloudApp 5086099446527205840 nspolicy derek.johnson@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Mansi.Pandey@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 13.69.239.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-office.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852402347080961 0 0 IN 0 23 Ahmedabad 72 Gujarat Tue Jun 16 11:56:47 2026 Asia/Kolkata 380008 106.194.78.0 0 0 0 1781591207 0 Web 0 nspolicy amit.verma@corporate.com eu-office.events.data.microsoft.com Piyush.Jayswal@corporate.com 172.20.10.2 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 20.50.201.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852418696812037 0 0 Microsoft Teams IN 0 28 Gurugram 77 Haryana Tue Jun 16 11:56:47 2026 Asia/Kolkata 122001 182.69.182.0 0 0 0 1781591207 0 CloudApp 0 nspolicy anita.singh@corporate.com teams.events.data.microsoft.com Priya.Mehrotra@corporate.com 192.168.1.15 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 1621617486991627159 Business Intelligence and Data Analytics Amazon 6532044925164558210 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-0393 9.0547E+11 0 [] no 0 30E11FC1-2EC7-9412-66A6-CDBDFF40D487 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 1998436724571375512 0 0 Amazon Kinesis GB 0 51 Fulham -1 England Tue Jun 16 07:26:47 2026 Europe/London SW6 140.228.75.0 0 0 0 1781591207 0 CloudApp 1998436724571375512 nspolicy katrina.berzina@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Agnese.Ruskule@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.52.126 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Atlassian MCP 0 MCP Server 0 MCP Server 70 medium 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1016 185.166.143.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","MCP Server","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Technology"] mcp.atlassian.com [WEB] All Sector Web Access 0 3393853437585578753 0 0 Atlassian MCP PL 0 50 Katowice 18 Silesia Tue Jun 16 08:26:47 2026 Europe/Warsaw 40-872 195.177.85.0 0 0 0 1781591207 0 CloudApp 0 nspolicy marek.nowak@corporate.com mcp.atlassian.com andrzej.globisz@corporate.com 192.168.1.27 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852845911628545 0 0 GB 0 51 Waltham Cross -1 England Tue Jun 16 07:26:47 2026 Europe/London EN8 82.9.161.0 0 0 0 1781591207 0 Web 0 nspolicy owen.phillips@corporate.com winatp-gw-neu.microsoft.com Gareth.Anderson@corporate.com 192.168.0.64 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Live Accounts 0 Application Suite 0 Application Suite 70 medium 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Risk and Crime","CapitalMarkets_and_Corporate Allow","Technology"] login.live.com [WEB] All Sector Web Access 0 3393852424627345153 0 0 Microsoft Live Suite GB 0 53 Chorley -3 England Tue Jun 16 07:26:47 2026 Europe/London PR7 86.179.133.0 0 0 0 1781591207 0 CloudApp 0 nspolicy maria.edwards@corporate.com login.live.com Peter.Norris@corporate.com 192.168.1.237 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 3418830011869835973 Business Intelligence and Data Analytics Amazon 6370962430820221408 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-6098 9.0547E+11 0 [] no 0 E718A4BE-BD27-5206-730B-5790C5F4FD8B 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6366309692230137085 0 0 Amazon Kinesis GB 0 52 Leicester -2 England Tue Jun 16 07:26:48 2026 Europe/London LE3 176.248.214.0 0 0 0 1781591208 0 CloudApp 846928520315636649 nspolicy chris.davies@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Andy.Sutton@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.68.55 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:47.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4552805259691069610 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:47 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591207 0 Web 4552805259691069610 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6988357283908119751 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 6988357283908119751 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:48.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure DevOps 0 Development Tools 0 Development Tools 84 high 0 0 0 1 Other US 0 29 San Antonio -99 Texas America/Chicago 78288 23.100.122.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Engineering","Marketing","Development Tools","Platforms","All Categories","Technology"] rt.services.visualstudio.com [WEB] All Sector Web Access 0 3393851970317026819 0 0 Visual Studio GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:48 2026 Europe/London N/A 148.252.148.0 0 0 0 1781591208 0 CloudApp 0 nspolicy luke.harrison@corporate.com rt.services.visualstudio.com adam.wrightson@corporate.com 10.80.83.1 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 3418830011869835973 Business Intelligence and Data Analytics Amazon 6370962430820221408 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-6098 9.0547E+11 0 [] no 0 E718A4BE-BD27-5206-730B-5790C5F4FD8B 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6366309692230137085 0 0 Amazon Kinesis GB 0 52 Leicester -2 England Tue Jun 16 07:26:48 2026 Europe/London LE3 176.248.214.0 0 0 0 1781591208 0 CloudApp 6366309692230137085 nspolicy chris.davies@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Andy.Sutton@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.68.55 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 8474345048791532673 Business Intelligence and Data Analytics Amazon 2375969179232529120 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-3436 9.0547E+11 0 [] no 0 B9C1AE09-E254-CCD6-3CCF-4AA3298EEA10 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 5384370215151327567 0 0 Amazon Kinesis GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:48 2026 Europe/London N/A 148.252.148.0 0 0 0 1781591208 0 CloudApp 5384370215151327567 nspolicy luke.harrison@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ adam.wrightson@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 10.80.83.3 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 2855143298923339489 Business Intelligence and Data Analytics Amazon 2064547398725143804 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-2731 9.0547E+11 0 [] no 0 73699F49-EB38-1294-ED45-9ACC1AE015EE 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7925420924444153094 0 0 Amazon Kinesis GB 0 52 Milton Keynes -1 England Tue Jun 16 07:26:48 2026 Europe/London MK6 94.10.125.0 0 0 0 1781591208 0 CloudApp 7925420924444153094 nspolicy nicole.ward@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ hayley.Jarvis@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.0.35 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL +16/06/2026, 06:26:48.000 Client FALSE alert Delete yes [WEB] All Sector Web Access policy Microsoft Office 365 Outlook.com 5653566044705553090 Webmail Office365 Edge 5199259246582574824 149.0.0.0 All Sector Websites 81 high 0 0 277779316245107090 1 Windows Device managed GB 0 51 London -1 England Europe/London W1U 40.99.205.0 443 0 0 steve.smith@corporate.com Corporate-2583 Corporate 0 [] no 0 D75790AE-F0D9-D54E-905B-99BA85FA8F7B 0 AAkALgAAAAAAHYQDEapmEc2byACqAC/EWg0ALbG3BAwvpk293U7kYeVIZgAG1CnCUQAA Mail Windows 11 Windows NT 11.0 ["All Sector Websites","All Categories","DLP All Categories ","Webmail"] outlook.office.com Microsoft Office 365 Outlook.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7339957861114475334 0 Yes 0 unknown Microsoft Office 365 Outlook.com GB 0 52 Bedford -1 England Tue Jun 16 07:26:48 2026 Europe/London MK42 5.69.118.0 0 0 0 1781591208 0 CloudApp 7339957861114475334 nspolicy jason.miller@corporate.com outlook.office.com/owa/service.svc steve.smith@corporate.com Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 Edg/149.0.0.0 OneOutlook/1.2026.602.400 192.168.0.25 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL \ No newline at end of file From 44be483b14fa46f24146419261e775f6d5bdd6a5 Mon Sep 17 00:00:00 2001 From: Steve Miller <56824624+Steve1145@users.noreply.github.com> Date: Tue, 16 Jun 2026 13:47:44 +0100 Subject: [PATCH 2/4] correct sample logs file name and format --- ...Security Cloud_AlertEvent_IngestedLogs.csv | 101 ------------------ ...Security Cloud_AlertEvent_IngestedLogs.csv | 101 ++++++++++++++++++ 2 files changed, 101 insertions(+), 101 deletions(-) delete mode 100644 Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv create mode 100644 Sample Data/ASIM/Netskope_Security Cloud_AlertEvent_IngestedLogs.csv diff --git a/Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv b/Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv deleted file mode 100644 index 40b4ec01863..00000000000 --- a/Sample Data/ASIM/Netskope_Netskope Security Cloud_AlertEvent_IngestedLogs.csv +++ /dev/null @@ -1,101 +0,0 @@ -TimeGenerated [UTC] access_method account_id account_name acked action activity alert alert_id alert_name alert_type app app_activity app_sessionid appcategory appsuite asset_id asset_object_id breach_date breach_description breach_id breach_media_references breach_score breach_target_references browser browser_sessionid browser_version bypass_traffic category cci ccl client_bytes compliance_standards conn_duration conn_endtime conn_starttime connectionid CononicalName count_i data_type device device_classification dlp_file dlp_incidentid dlp_is_unique_count dlp_mail_parent_id dlp_parentid dlp_profile dlp_rule dlp_rule_count dlp_rule_severity dlp_unique_count domain dst_country dst_geoip_src dst_latitude dst_location dst_longitude dst_region dst_timezone dst_zipcode dstip dsthost dstport email_source event_type evt_src_chnl exposure external_collaborator_count external_email file_cls_encrypted file_lang file_path file_size file_type from_user fromlogs hostname http_transaction_count iaas_asset_tags iaas_remediated instance instance_id internal_collaborator_count justification_reason justification_type last_app last_country last_device last_location last_region last_timestamp log_file_name malicious malsite_category malsite_country malsite_id malsite_ip_host malsite_latitude malsite_longitude malsite_region managed_app managementID matched_username md5 mime_type modified netskope_activity netskope_pop notify_template nsdeviceuid numbytes object object_id object_type org organization_unit orig_ty orignal_file_path os os_version other_categories outer_doc_type owner page page_site parent_id password_type policy policy_actions policy_id profile_id protocol referer region_id region_name req_cnt requestid resource_category resource_group resp_cnt sa_profile_id sa_profile_name sa_rule_id sa_rule_name sa_rule_severity sAMAccountName sanctioned_instance scan_type serial server_bytes sessionid severity severity_level severity_level_id sfwder sha256 shared_domains shared_with site src_country src_geoip_src src_latitude src_location src_longitude src_region src_time src_timezone src_zipcode srcip suppression_end_time suppression_key suppression_start_time telemetry_app threat_match_field threat_match_value threat_source_id threshold threshold_time timestamp title_s to_object total_collaborator_count traffic_type transactionid true_obj_category true_obj_type tss_mode two_factor_auth type_s universal_connector ur_normalized url user user_generated user_id useragent userip userkey userPrincipalName web_universal_connector TenantId Type _ResourceId -16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 52.138.229.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852352174846977 0 0 GB 0 51 Hendon -1 England Tue Jun 16 07:26:41 2026 Europe/London NW4 82.30.253.0 0 0 0 1781591201 0 Web 0 nspolicy vanessa.kumar@corporate.com eu-teams.events.data.microsoft.com Pramodini.Nayak@corporate.com 192.168.0.14 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 13.69.239.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-office.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852357233413889 0 0 IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:41 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591201 0 Web 0 nspolicy thomas.wilson@corporate.com eu-office.events.data.microsoft.com reuben.ramesh@corporate.com 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York 22747 48.211.4.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] settings-win.data.microsoft.com [WEB] All Sector Web Access 0 3393853375819866113 0 0 GB 0 50 Brighton -1 England Tue Jun 16 07:26:41 2026 Europe/London N/A 217.65.134.0 0 0 0 1781591201 0 Web 0 nspolicy sarah.patel@corporate.com settings-win.data.microsoft.com james.heath@corporate.com 10.101.3.13 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert Response yes [WEB] All Sector Web Access policy Anthropic Claude 4446167814681716819 Generative AI 5761591961372255990 All Sector Websites 83 high 0 0 8016351051001150293 1 Windows Device managed US 0 37 San Francisco -123 California America/Los_Angeles N/A 160.79.104.0 443 0 1414 text/plain Corporate-9364 0 [] no 5254500b6c6747d3e7c808bff4cf5303 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Message Windows 11 Windows NT 11.0 ["All Sector Websites","Engineering","Generative AI","Generative AI - Tools and Stores"] api.anthropic.com Anthropic [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 585895169767630047 0 0 Anthropic IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:42 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591202 0 CloudApp 1552339606481747543 nspolicy derek.johnson@corporate.com api.anthropic.com/v1/messages Mansi.Pandey@corporate.com claude-cli/2.1.177 (external, cli) 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York N/A 20.42.73.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] self.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852504461628673 0 0 GB 0 50 Haywards Heath -1 England Tue Jun 16 07:26:41 2026 Europe/London RH16 109.150.120.0 0 0 0 1781591201 0 Web 0 nspolicy linda.martinez@corporate.com self.events.data.microsoft.com Anthony.Newman@corporate.com 192.168.68.70 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4431870242258108579 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:41 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591201 0 Web 4431870242258108579 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:40.000 Client FALSE alert Upload yes [WEB] All Sector Web Access policy Microsoft Edge 4177921831347134248 Technology Chrome 119298968245144067 All Sector Websites 72 medium 0 0 0 1 application/octet-stream Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.27.0 443 0 5266 Plain Text file Corporate-93266 0 [] no dc848a6dec2ca7a14082d6fd628dab94 0 BD462FDF-D4FB-9286-8C32-4322B768C431 0 File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=uYKogYRfE0ceE%2FJzrJPt7w%3D%3D microsoft [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 5287969727838090829 0 0 unknown d2c10b214515b4a115f1244e6d621c634776fcb08099a20132c562c8860f6be0 Microsoft Edge GB 0 52 Birmingham -2 England Tue Jun 16 07:26:40 2026 Europe/London B6 31.94.70.0 0 0 0 1781591200 0 CloudApp 5287969727838090829 inline nspolicy yes emma.fitzgerald@corporate.com edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/ francis.purcell@corporate.com Chrome WIN 149.0.4022.62 (068a180137b01f28d261b1343e49c85b6348d4f5) channel(stable) 192.168.1.29 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4997919106262660520 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:41 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591201 0 Web 4997919106262660520 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE block Browse yes [WEB] Prohibited Sites policy Atlassian Jira Software 4487093888799611826 Development Tools Atlassian Safari 3743399434542224550 26.5 Prohibited Sites 84 high 0 0 0 1 Mac Device managed US 0 47 Redmond -123 Washington America/Los_Angeles 98073 13.107.137.0 443 0 0 HP42MPQD23 0 [] no 0 1.html 8273DDC0-5708-50CF-BBAE-010879101BA8 0 Mac OS Mac OSX 26.5.0 ["Prohibited Sites","All Categories","DLP All Categories ","Marketing","File Transfers","Cloud Storage","Engineering","Development Tools"] onedrive.live.com/favicon.ico live [WEB] Prohibited Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 https://myhouse.atlassian.net/ 0 1853767612842718881 0 0 unknown Atlassian - JIRA IN 0 18 Pune 73 Maharashtra Tue Jun 16 11:56:41 2026 Asia/Kolkata 411007 49.36.56.0 0 0 Microsoft OneDrive 0 1781591201 0 CloudApp 1853767612842718881 nspolicy robert.sharma@corporate.com onedrive.live.com/favicon.ico priyanka.burde@corporate.com Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.5 Safari/605.1.15 192.168.29.13 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other US 0 38 Arlington -78 Virginia America/New_York 22226 52.188.247.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] eastus-8.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393852796418741505 0 0 Windows Azure GB 0 52 Coalville -2 England Tue Jun 16 07:26:41 2026 Europe/London LE67 90.248.115.0 0 0 0 1781591201 0 CloudApp 0 nspolicy jessica.turner@corporate.com eastus-8.in.applicationinsights.azure.com Lucy.Crook@corporate.com 192.168.1.75 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:41.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.113.176.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westeurope-5.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393852295803588097 0 0 Windows Azure GB 0 51 Tottenham -1 England Tue Jun 16 07:26:41 2026 Europe/London N17 94.2.57.0 0 0 0 1781591201 0 CloudApp 0 nspolicy nathan.cole@corporate.com westeurope-5.in.applicationinsights.azure.com oliver.thompson@corporate.com 192.168.68.65 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other FR 0 48 Paris 2 Île-de-France Europe/Paris 75001 51.11.192.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393849919520560897 0 0 GB 0 53 Chorley -3 England Tue Jun 16 07:26:43 2026 Europe/London PR7 86.179.133.0 0 0 0 1781591203 0 Web 0 nspolicy maria.edwards@corporate.com eu-teams.events.data.microsoft.com Peter.Norris@corporate.com 192.168.1.237 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852768745043459 0 0 GB 0 51 City of London -1 England Tue Jun 16 07:26:42 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591202 0 Web 0 nspolicy daniel.hayes@corporate.com winatp-gw-neu.microsoft.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.109.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Technology"] res.cdn.office.net [WEB] All Sector Web Access 0 3393852922936047105 0 0 Microsoft Office 365 Suite GB 0 51 City of London -1 England Tue Jun 16 07:26:42 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591202 0 CloudApp 0 nspolicy daniel.hayes@corporate.com res.cdn.office.net Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 832221445352398182 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 832221445352398182 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:22.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Microsoft Office 365 Sharepoint Online 6394965475309242090 Collaboration Office365 Native 3375680068702254064 All Sector Websites 91 excellent 0 0 5089105323273154939 2 Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles 98073 13.107.138.0 443 0 0 application/x-empty john.peters@corporate.com Corporate-4485 Corporate 0 [] no d41d8cd98f00b204e9800998ecf8427e 0 39538DFA-6902-EAE4-1635-294AF4E2A4CE 0 creditreportxlsx File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","BDMs","Marketing","Underwriting and Recoveries","Relationship Managers","Custom-123","Corporate No DLP User Alerts","All Categories","Asset Finance","Technology","Collaboration"] Corporate.sharepoint.com Microsoft Office 365 Sharepoint Sites /sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306 [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 9019506608313725876 0 Yes 0 unknown Microsoft Office 365 Sharepoint Sites GB 0 51 Windsor -1 England Tue Jun 16 07:26:22 2026 Europe/London SL4 134.65.142.0 1781591202 1781591182 0 1781591182 0 CloudApp 9019506608313725876 nspolicy patricia.roy@corporate.com Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService john.peters@corporate.com Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb) 192.168.68.115 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IN 0 23 Ahmedabad 72 Gujarat Asia/Kolkata 380001 23.58.95.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Technology"] res.cdn.office.net [WEB] All Sector Web Access 0 3393852411591326979 0 0 Microsoft Office 365 Suite IN 0 23 Ahmedabad 72 Gujarat Tue Jun 16 11:56:42 2026 Asia/Kolkata 380008 106.194.78.0 0 0 0 1781591202 0 CloudApp 0 nspolicy amit.verma@corporate.com res.cdn.office.net Piyush.Jayswal@corporate.com 172.20.10.4 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 97742837984121794 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 97742837984121794 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8790388499610240949 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 8790388499610240949 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 1026375107878931682 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:42 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591202 0 Web 1026375107878931682 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 1708876711254208367 Business Intelligence and Data Analytics Amazon 3815549169259536272 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-4573 9.0547E+11 0 [] no 0 01738383-705F-1C08-CA58-1B9D8FA51971 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469985555.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 5577809861853533151 0 0 Amazon Kinesis GB 0 51 Greenwich -1 England Tue Jun 16 07:26:42 2026 Europe/London SE10 82.5.65.0 0 0 0 1781591202 0 CloudApp 5577809861853533151 nspolicy brian.foster@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Josh.Eldridge@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.0.204 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.73.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v20.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853441897066243 0 0 GB 0 51 Kensington -1 England Tue Jun 16 07:26:43 2026 Europe/London SW3 62.49.203.0 0 0 0 1781591203 0 Web 0 nspolicy rachel.dean@corporate.com eu-v20.events.data.microsoft.com NICK.VOSS@corporate.com 192.168.68.52 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Microsoft Office 365 Sharepoint Online 6394965475309242090 Collaboration Office365 Native 3375680068702254064 All Sector Websites 91 excellent 0 0 5089105323273154939 1 Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles 98073 13.107.138.0 443 0 0 application/x-empty john.peters@corporate.com Corporate-4485 Corporate 0 [] no d41d8cd98f00b204e9800998ecf8427e 0 39538DFA-6902-EAE4-1635-294AF4E2A4CE 0 creditreportxlsx File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","BDMs","Marketing","Underwriting and Recoveries","Relationship Managers","Custom-123","Corporate No DLP User Alerts","All Categories","Asset Finance","Technology","Collaboration"] Corporate.sharepoint.com Microsoft Office 365 Sharepoint Sites /sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306 [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7993109372101449573 0 Yes 0 unknown Microsoft Office 365 Sharepoint Sites GB 0 51 Windsor -1 England Tue Jun 16 07:26:42 2026 Europe/London SL4 134.65.142.0 0 0 0 1781591202 0 CloudApp 7993109372101449573 nspolicy patricia.roy@corporate.com Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService john.peters@corporate.com Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb) 192.168.68.115 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6585949069064830580 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 6585949069064830580 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other GB 0 51 London -1 England Europe/London W1U 2.18.190.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Technology"] statics.teams.cdn.office.net [WEB] All Sector Web Access 0 3393853439925762305 0 0 Microsoft Office 365 Suite GB 0 50 Dawlish -4 England Tue Jun 16 07:26:43 2026 Europe/London EX7 2.123.56.0 0 0 0 1781591203 0 CloudApp 0 nspolicy steven.murphy@corporate.com statics.teams.cdn.office.net Danny.McMurdo@corporate.com 192.168.0.113 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 13.89.179.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853328290418689 0 0 PL 0 51 Lubartów 22 Lublin Tue Jun 16 08:26:44 2026 Europe/Warsaw 21-100 46.151.187.0 0 0 0 1781591204 0 Web 0 nspolicy pawel.kowalski@corporate.com mobile.events.data.microsoft.com Tomasz.Kucharzyk@corporate.com 192.168.68.53 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393852734913787393 0 0 Microsoft Office 365 Suite GB 0 51 City of London -1 England Tue Jun 16 07:26:43 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591203 0 CloudApp 0 nspolicy daniel.hayes@corporate.com login.microsoftonline.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other GB 0 51 London -1 England Europe/London W1U 23.214.208.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] iadsdk.apple.com [WEB] All Sector Web Access 0 3393849215380776961 0 0 GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:43 2026 Europe/London G12 81.157.158.0 0 0 0 1781591203 0 Web 0 nspolicy vikram.reddy@corporate.com iadsdk.apple.com anudeep.kattamuri@corporate.com 192.168.1.120 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IN 0 18 Pune 73 Maharashtra Asia/Kolkata 411005 20.190.146.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393852945408803585 0 0 Microsoft Office 365 Suite IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:44 2026 Asia/Kolkata 562130 122.172.83.0 0 0 0 1781591204 0 CloudApp 0 nspolicy sneha.nair@corporate.com login.microsoftonline.com Hridya.Raj@corporate.com 192.168.1.2 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.113.176.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westeurope-5.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393852402590403841 0 0 Windows Azure GB 0 51 City of London -1 England Tue Jun 16 07:26:44 2026 Europe/London EC4R 18.168.47.0 0 0 0 1781591204 0 CloudApp 0 nspolicy jordan.cooper@corporate.com westeurope-5.in.applicationinsights.azure.com Ashley.Bailey@corporate.com 192.168.23.18 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 72.145.59.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393853444547744257 0 0 IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:44 2026 Asia/Kolkata 562130 223.181.111.0 0 0 0 1781591204 0 Web 0 nspolicy rajesh.iyer@corporate.com winatp-gw-neu.microsoft.com Sasidhar.Shenoy@corporate.com 192.168.1.20 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.189.172.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westus-0.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393853446410073857 0 0 Windows Azure GB 0 51 Canary Wharf -1 England Tue Jun 16 07:26:44 2026 Europe/London E14 5.253.252.0 0 0 0 1781591204 0 CloudApp 0 nspolicy timothy.flynn@corporate.com westus-0.in.applicationinsights.azure.com John.Duggan@corporate.com 10.16.1.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852808112669441 0 0 GB 0 51 Ilford 0 England Tue Jun 16 07:26:43 2026 Europe/London IG1 31.94.56.0 0 0 0 1781591203 0 Web 0 nspolicy paul.harrison@corporate.com winatp-gw-neu.microsoft.com ian.francis@corporate.com 10.0.98.139 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:40.000 Client FALSE alert Upload yes [WEB] All Sector Web Access policy Microsoft Edge 6055177101387891139 Technology Chrome 2382959896824642836 All Sector Websites 72 medium 0 0 0 1 application/octet-stream Windows Device managed US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.28.0 443 0 53575 Unicode text file Corporate-7590 0 [] no 920f709968056934a89704455278e76e 0 0EDF2337-221C-FC1F-F183-623715444C2D 0 File Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=oxgtO83ZD8SfssrA5F4LGQ%3D%3D microsoft [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 2618767518737324206 0 0 unknown d1bf1904c6f9d79f0fd8551fa711831cd71cb61535619066a051e6f952286182 Microsoft Edge GB 0 53 Liverpool -3 England Tue Jun 16 07:26:40 2026 Europe/London L1 2.125.131.0 0 0 0 1781591200 0 CloudApp 2618767518737324206 inline nspolicy yes alan.douglas@corporate.com edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/ Mike.Gribben@corporate.com Chrome WIN 149.0.4022.69 (6c7df6d8a61da958d863a718cc0403efd161d40d) channel(stable) 192.168.0.31 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8663864056354055490 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 8663864056354055490 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 3706353385689057456 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 3706353385689057456 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 74.178.240.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] tas02.cws.update.microsoft.com [WEB] All Sector Web Access 0 3393853425304355073 0 0 GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:44 2026 Europe/London G14 46.65.52.0 0 0 0 1781591204 0 Web 0 nspolicy marcus.grant@corporate.com tas02.cws.update.microsoft.com Brian.Bovell@corporate.com 192.168.0.137 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6056427765594716528 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 6056427765594716528 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 52.236.189.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] r.manage.microsoft.com [WEB] All Sector Web Access 0 3393852955701949953 0 0 GB 0 51 City of London -1 England Tue Jun 16 07:26:43 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591203 0 Web 0 nspolicy daniel.hayes@corporate.com r.manage.microsoft.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IN 0 19 Mumbai 72 Maharashtra Asia/Kolkata 400017 17.253.18.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] ocsp2.apple.com [WEB] All Sector Web Access 0 3393852930451994113 0 0 IN 0 11 Coimbatore 76 Tamil Nadu Tue Jun 16 11:56:43 2026 Asia/Kolkata 641011 223.185.26.0 0 0 0 1781591203 0 Web 0 nspolicy arjun.krishnan@corporate.com ocsp2.apple.com Jai.Senthilkumar@corporate.com 192.168.0.149 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy ChatGPT 0 Generative AI 0 Generative AI 64 medium 0 0 0 1 Other US 0 37 San Francisco -123 California America/Los_Angeles N/A 104.18.32.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","Generative AI","Engineering","Marketing","DLP All Categories ","All Categories","Technology"] ab.chatgpt.com [WEB] All Sector Web Access 0 3393852189176228097 0 0 ChatGPT DE 0 49 Nuremberg 11 Bavaria Tue Jun 16 08:26:44 2026 Europe/Berlin 90419 77.25.22.0 0 0 0 1781591204 0 CloudApp 0 nspolicy felix.weber@corporate.com ab.chatgpt.com Alexander.Schmolck@corporate.com 192.168.0.162 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE block Browse yes [Utility] DNS over HTTPS policy DNS Over HTTPS 5754666634689974621 General Chrome 3663950846471756290 General unknown 0 0 0 1 Windows Device managed US 0 37 Mountain View -123 California America/Los_Angeles N/A 8.8.8.0 443 0 0 Corporate-6069 0 [] no 0 silent_block.html 4738C42D-C0B6-D106-5B14-2A66FDD66B73 0 Windows 11 Windows NT 11.0 ["General","All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA dns [Utility] DNS over HTTPS 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7651958669119122990 0 0 unknown DOH IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:44 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591204 0 CloudApp 7651958669119122990 nspolicy thomas.wilson@corporate.com dns.google/dns-query reuben.ramesh@corporate.com Chrome 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393853341284074245 0 0 Microsoft Office 365 Suite GB 0 52 Bedford -1 England Tue Jun 16 07:26:44 2026 Europe/London MK42 5.69.118.0 0 0 0 1781591204 0 CloudApp 0 nspolicy jason.miller@corporate.com login.microsoftonline.com steve.smith@corporate.com 192.168.0.25 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8584411413143272213 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:44 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591204 0 Web 8584411413143272213 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 2234760899676255905 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 2234760899676255905 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393853432996767233 0 0 GB 0 51 London -1 England Tue Jun 16 07:26:42 2026 Europe/London N/A 31.94.18.0 0 0 0 1781591202 0 Web 0 nspolicy dimitri.stavros@corporate.com winatp-gw-neu.microsoft.com Konstantinos.Pagonas@corporate.com 172.20.10.8 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 73473666834719211 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 73473666834719211 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE block Browse yes [Utility] DNS over HTTPS policy DNS Over HTTPS 5754666634689974621 General Chrome 3663950846471756290 General unknown 0 0 0 1 Windows Device managed US 0 37 Mountain View -123 California America/Los_Angeles N/A 8.8.8.0 443 0 0 Corporate-6069 0 [] no 0 silent_block.html 4738C42D-C0B6-D106-5B14-2A66FDD66B73 0 Windows 11 Windows NT 11.0 ["General","All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA dns [Utility] DNS over HTTPS 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 1122210977986776659 0 0 unknown DOH IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:44 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591204 0 CloudApp 1122210977986776659 nspolicy thomas.wilson@corporate.com dns.google/dns-query reuben.ramesh@corporate.com Chrome 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 13.69.109.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852540901754113 0 0 GB 0 51 South Croydon -1 England Tue Jun 16 07:26:45 2026 Europe/London CR2 90.253.104.0 0 0 0 1781591205 0 Web 0 nspolicy claire.robinson@corporate.com eu-mobile.events.data.microsoft.com Morgan.Walker@corporate.com 192.168.1.178 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 13.89.179.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853455964664335 0 0 IN 0 19 Pālghar 72 Maharashtra Tue Jun 16 11:56:45 2026 Asia/Kolkata 401404 103.217.128.0 0 0 0 1781591205 0 Web 0 nspolicy neha.kapoor@corporate.com mobile.events.data.microsoft.com Mittali.Taurani@corporate.com 192.168.1.39 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure DevOps 0 Development Tools 0 Development Tools 84 high 0 0 0 1 Other US 0 29 San Antonio -99 Texas America/Chicago 78288 23.100.122.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Engineering","Marketing","Development Tools","Platforms","All Categories","Technology"] rt.services.visualstudio.com [WEB] All Sector Web Access 0 3393850142254775809 0 0 Visual Studio IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:45 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591205 0 CloudApp 0 nspolicy derek.johnson@corporate.com rt.services.visualstudio.com Mansi.Pandey@corporate.com 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert Post yes [WEB] All Sector Web Access policy Anthropic Claude 9115015412155731128 Generative AI 722979866996278186 All Sector Websites 83 high 0 0 9215221511256502607 1 Mac Device managed US 0 37 San Francisco -123 California America/Los_Angeles N/A 160.79.104.0 443 0 962 text/plain HP6VRPXG3P6 0 [] no 54c809c37479543154c3640e32d872cc 0 D0FE0218-8F8A-53B2-0DEB-281635052363 0 Message Mac OS Mac OSX 26.5.1 ["All Sector Websites","Engineering","Generative AI","Generative AI - Tools and Stores"] api.anthropic.com Anthropic [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 3650952565633792930 0 0 8cea17bdc1bc01cae94ea1d9c61adcee16229e39593ddd47de3f54a7e90f0b0c Anthropic IN 0 28 Gurugram 77 Haryana Tue Jun 16 11:56:45 2026 Asia/Kolkata 122001 182.69.182.0 0 0 0 1781591205 0 CloudApp 3650952565633792930 nspolicy anita.singh@corporate.com api.anthropic.com/v1/messages Priya.Mehrotra@corporate.com claude-cli/2.1.177 (external, claude-vscode, agent-sdk/0.3.177) 192.168.1.15 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:42.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.38.81.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] agents.amsub0202.manage.microsoft.com [WEB] All Sector Web Access 0 3393852617724683521 0 0 GB 0 50 Wimborne Minster -2 England Tue Jun 16 07:26:42 2026 Europe/London BH21 94.0.33.0 0 0 0 1781591202 0 Web 0 nspolicy emily.stewart@corporate.com agents.amsub0202.manage.microsoft.com Rachael.Baker@corporate.com 192.168.0.16 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure 0 IaaS/PaaS 0 IaaS/PaaS 87 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.113.176.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","IaaS/PaaS","DLP All Categories ","Engineering","Marketing","Microsoft_Foundary_AI","All Categories","Technology"] westeurope-5.in.applicationinsights.azure.com [WEB] All Sector Web Access 0 3393853456635777281 0 0 Windows Azure GB 0 51 Reading -1 England Tue Jun 16 07:26:45 2026 Europe/London RG1 90.241.124.0 0 0 0 1781591205 0 CloudApp 0 nspolicy rohan.desai@corporate.com westeurope-5.in.applicationinsights.azure.com Dipesh.Halai@corporate.com 192.168.1.81 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 72.145.59.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393853443943794179 0 0 GB 0 52 Kettering -1 England Tue Jun 16 07:26:43 2026 Europe/London NN16 86.31.94.0 0 0 0 1781591203 0 Web 0 nspolicy stefan.ionescu@corporate.com winatp-gw-neu.microsoft.com George.Tiganila@corporate.com 192.168.0.225 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393853449882906113 0 0 Microsoft Office 365 Suite GB 0 50 Southampton -2 England Tue Jun 16 07:26:44 2026 Europe/London SO32 94.6.58.0 0 0 0 1781591204 0 CloudApp 0 nspolicy andrew.bell@corporate.com login.microsoftonline.com michael.mann@corporate.com 192.168.0.29 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York N/A 20.42.65.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852850190038529 0 0 Microsoft Teams GB 0 51 City of London -1 England Tue Jun 16 07:26:45 2026 Europe/London EC4R 145.224.90.0 0 0 0 1781591205 0 CloudApp 0 nspolicy daniel.hayes@corporate.com teams.events.data.microsoft.com Ross.Goldie@corporate.com 192.168.1.233 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 13.89.179.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853444908526083 0 0 GB 0 51 Brent -1 England Tue Jun 16 07:26:45 2026 Europe/London N/A 143.58.186.0 0 0 0 1781591205 0 Web 0 nspolicy rebecca.fox@corporate.com mobile.events.data.microsoft.com catherine.wright@corporate.com 192.168.1.138 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8710398816070853195 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:45 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591205 0 Web 8710398816070853195 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 40.126.32.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Risk and Crime","Technology"] login.microsoftonline.com [WEB] All Sector Web Access 0 3393853459462706433 0 0 Microsoft Office 365 Suite GB 0 50 Haywards Heath -1 England Tue Jun 16 07:26:45 2026 Europe/London RH16 109.150.120.0 0 0 0 1781591205 0 CloudApp 0 nspolicy linda.martinez@corporate.com login.microsoftonline.com Anthony.Newman@corporate.com 192.168.68.70 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.184.175.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852410878348563 0 0 Microsoft Teams GB 0 51 City of London -1 England Tue Jun 16 07:26:45 2026 Europe/London EC4R 18.168.47.0 0 0 0 1781591205 0 CloudApp 0 nspolicy jordan.cooper@corporate.com teams.events.data.microsoft.com Ashley.Bailey@corporate.com 192.168.23.18 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:43.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 3515517376565558726 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:43 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591203 0 Web 3515517376565558726 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7863247045738140501 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:45 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591205 0 Web 7863247045738140501 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:45.000 Client FALSE alert Browse yes [WEB] Engineering Teams policy GitHub 0 Development Tools 0 Development Tools 75 high 0 0 0 1 Other IN 0 18 Pune 73 Maharashtra Asia/Kolkata 411005 20.207.73.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["Engineering","Development Tools","All Categories","DLP All Categories "] api.github.com [WEB] Engineering Teams 0 3393853449572849153 0 0 GitHub IN 0 28 Gurugram 77 Haryana Tue Jun 16 11:56:45 2026 Asia/Kolkata 122001 182.69.182.0 0 0 0 1781591205 0 CloudApp 0 nspolicy anita.singh@corporate.com api.github.com Priya.Mehrotra@corporate.com 192.168.1.15 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 72.145.59.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852831265311235 0 0 IN 0 28 Sonīpat 77 Haryana Tue Jun 16 11:56:46 2026 Asia/Kolkata 131001 223.185.58.0 0 0 0 1781591206 0 Web 0 nspolicy sanjay.gupta@corporate.com winatp-gw-neu.microsoft.com pankaj.kumar@corporate.com 192.168.1.9 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8089903761584793704 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 8089903761584793704 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy LinkedIn 0 Professional Networking 0 Professional Networking 65 medium 0 0 0 1 Other US 0 37 San Francisco -123 California America/Los_Angeles N/A 104.18.41.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Professional Networking","All Categories","Risk and Crime","CapitalMarkets_and_Corporate Allow","DLP All Categories ","Engineering","Marketing","Executives","Social Media"] rum22.perf.linkedin.com [WEB] All Sector Web Access 0 3393850907195427841 0 0 Linkedin GB 0 54 Newcastle upon Tyne -2 England Tue Jun 16 07:26:46 2026 Europe/London NE5 86.8.36.0 0 0 0 1781591206 0 CloudApp 0 nspolicy douglas.reed1@corporate.com rum22.perf.linkedin.com Craig.Smith1@corporate.com 192.168.0.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Atlassian Accounts 0 Application Suite 0 Application Suite 86 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1016 185.166.141.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Technology"] web-security-reports.services.atlassian.com [WEB] All Sector Web Access 0 3393851267536473089 0 0 Atlassian App Suite GB 0 54 Newcastle upon Tyne -2 England Tue Jun 16 07:26:46 2026 Europe/London NE5 86.8.36.0 0 0 0 1781591206 0 CloudApp 0 nspolicy douglas.reed1@corporate.com web-security-reports.services.atlassian.com Craig.Smith1@corporate.com 192.168.0.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 47 Redmond -123 Washington America/Los_Angeles N/A 150.171.109.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] xpaywalletcdn-prod.azureedge.net [WEB] All Sector Web Access 0 3393853307310394369 0 0 GB 0 54 Newcastle upon Tyne -2 England Tue Jun 16 07:26:46 2026 Europe/London NE5 86.8.36.0 0 0 0 1781591206 0 Web 0 nspolicy douglas.reed1@corporate.com xpaywalletcdn-prod.azureedge.net Craig.Smith1@corporate.com 192.168.0.136 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:44.000 Client FALSE block Browse yes [Utility] DNS over HTTPS policy DNS Over HTTPS 5754666634689974621 General Chrome 3663950846471756290 General unknown 0 0 0 1 Windows Device managed US 0 37 Mountain View -123 California America/Los_Angeles N/A 8.8.8.0 443 0 0 Corporate-6069 0 [] no 0 silent_block.html 4738C42D-C0B6-D106-5B14-2A66FDD66B73 0 Windows 11 Windows NT 11.0 ["General","All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA dns [Utility] DNS over HTTPS 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8701724296648252667 0 0 unknown DOH IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:44 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591204 0 CloudApp 8701724296648252667 nspolicy thomas.wilson@corporate.com dns.google/dns-query reuben.ramesh@corporate.com Chrome 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 4696698913580918274 Business Intelligence and Data Analytics Amazon 5761591961372255990 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-9364 9.0547E+11 0 [] no 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6943950510830566618 0 0 Amazon Kinesis IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591206 0 CloudApp 6943950510830566618 nspolicy derek.johnson@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Mansi.Pandey@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Edit yes [WEB] Kriya Temp Access policy Google Drive 8755455595597889721 Cloud Storage Google App Chrome 4054711562922334474 149.0.0.0 Kriya Allow List 87 high 0 0 2046601412204286866 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 142.251.30.0 443 0 0 k.histrov@corporate.com Corporate-3999 corporate.com 0 [] no 0 1617321A-ED0C-EA46-D03D-EA95CCD285EA 0 17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA Document Windows 11 Windows NT 11.0 ["Kriya Allow List","All Categories","CapitalMarkets_and_Corporate Allow","DLP All Categories ","Marketing","Potentially malicious sites","G-Suite Access","File Transfers","Executives","Prohibited Sites","Cloud Storage"] docs.google.com Google Drive [WEB] Kriya Temp Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 https://docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/edit?gid=1708606351 0 4252780909104881950 0 0 unknown Google Drive GB 0 51 London -1 England Tue Jun 16 07:26:46 2026 Europe/London N/A 185.238.222.0 0 0 0 1781591206 0 CloudApp 3954089612998707774 nspolicy m.petrov@corporate.com docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/save k.histrov@corporate.com Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 192.168.1.111 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 38 Washington -79 Virginia America/New_York 22747 52.168.117.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] mobile.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852547193188355 0 0 IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 103.163.65.0 0 0 0 1781591206 0 Web 0 nspolicy anil.bhosale@corporate.com mobile.events.data.microsoft.com Om.Karnewar@corporate.com 10.12.167.87 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Accounts 0 Application Suite 0 Application Suite 84 high 0 0 0 1 Other IN 0 13 Chennai 80 Tamil Nadu Asia/Kolkata 600001 20.190.174.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Technology"] graph.microsoft.com [WEB] All Sector Web Access 0 3393852953075976449 0 0 Microsoft Office 365 Suite IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 103.163.65.0 0 0 0 1781591206 0 CloudApp 0 nspolicy anil.bhosale@corporate.com graph.microsoft.com Om.Karnewar@corporate.com 10.12.167.88 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.73.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v20.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853462902347267 0 0 IN 0 28 New Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:46 2026 Asia/Kolkata 110005 110.235.234.0 0 0 0 1781591206 0 Web 0 nspolicy rahul.yadav@corporate.com eu-v20.events.data.microsoft.com Vicky.Poonia@corporate.com 192.168.1.7 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4469587467134532459 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 4469587467134532459 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 9123703410329835033 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 9123703410329835033 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 4696698913580918274 Business Intelligence and Data Analytics Amazon 5761591961372255990 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-9364 9.0547E+11 0 [] no 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6943950510830566618 0 0 Amazon Kinesis IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:47 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591207 0 CloudApp 4383192372529799292 nspolicy derek.johnson@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Mansi.Pandey@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure DevOps 0 Development Tools 0 Development Tools 84 high 0 0 0 1 Other US 0 29 San Antonio -99 Texas America/Chicago 78288 23.100.122.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","DLP All Categories ","Engineering","Marketing","Development Tools","Platforms","All Categories","Technology"] rt.services.visualstudio.com [WEB] All Sector Web Access 0 3393849119910334465 0 0 Visual Studio PL 0 51 Lubartów 22 Lublin Tue Jun 16 08:26:46 2026 Europe/Warsaw 21-100 46.151.187.0 0 0 0 1781591206 0 CloudApp 0 nspolicy pawel.kowalski@corporate.com rt.services.visualstudio.com Tomasz.Kucharzyk@corporate.com 192.168.68.53 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 41 Des Moines -94 Iowa America/Chicago 50307 104.208.16.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] self.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852546840951297 0 0 GB 0 53 St Helens -3 England Tue Jun 16 07:26:46 2026 Europe/London WA9 94.0.129.0 0 0 0 1781591206 0 Web 0 nspolicy susan.barker@corporate.com self.events.data.microsoft.com gill.hillier@corporate.com 192.168.0.161 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.184.175.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852547218341123 0 0 Microsoft Teams IN 0 23 Ahmedabad 72 Gujarat Tue Jun 16 11:56:46 2026 Asia/Kolkata 380008 106.194.78.0 0 0 0 1781591206 0 CloudApp 0 nspolicy amit.verma@corporate.com teams.events.data.microsoft.com Piyush.Jayswal@corporate.com 172.20.10.2 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.73.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v10c.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853466140066561 0 0 GB 0 51 Windsor -1 England Tue Jun 16 07:26:46 2026 Europe/London SL4 134.65.142.0 0 0 0 1781591206 0 Web 0 nspolicy patricia.roy@corporate.com eu-v10c.events.data.microsoft.com john.peters@corporate.com 192.168.68.115 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 8286237362536754167 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 8286237362536754167 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other US 0 37 San Jose -122 California America/Los_Angeles 95141 20.184.175.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] browser.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852322596851457 0 0 IN 0 28 Delhi 77 National Capital Territory of Delhi Tue Jun 16 11:56:46 2026 Asia/Kolkata 110001 103.225.59.0 0 0 0 1781591206 0 Web 0 nspolicy thomas.wilson@corporate.com browser.events.data.microsoft.com reuben.ramesh@corporate.com 192.168.1.37 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 20.50.80.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-v20.events.data.microsoft.com [WEB] All Sector Web Access 0 3393853478295121665 0 0 GB 0 51 Newport -3 Wales Tue Jun 16 07:26:47 2026 Europe/London NP19 81.102.150.0 0 0 0 1781591207 0 Web 0 nspolicy sam.crawford@corporate.com eu-v20.events.data.microsoft.com Dev.Alexander@corporate.com 192.168.0.13 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 4696698913580918274 Business Intelligence and Data Analytics Amazon 5761591961372255990 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-9364 9.0547E+11 0 [] no 0 03C835D0-BA98-0011-89EB-ED684C883501 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6943950510830566618 0 0 Amazon Kinesis IN 0 12 Bengaluru 77 Karnataka Tue Jun 16 11:56:46 2026 Asia/Kolkata 562130 49.207.195.0 0 0 0 1781591206 0 CloudApp 5086099446527205840 nspolicy derek.johnson@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Mansi.Pandey@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.1.102 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 13.69.239.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Business","All Categories","Technology"] eu-office.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852402347080961 0 0 IN 0 23 Ahmedabad 72 Gujarat Tue Jun 16 11:56:47 2026 Asia/Kolkata 380008 106.194.78.0 0 0 0 1781591207 0 Web 0 nspolicy amit.verma@corporate.com eu-office.events.data.microsoft.com Piyush.Jayswal@corporate.com 172.20.10.2 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Teams 0 Collaboration 0 Collaboration 89 high 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1012 20.50.201.0 443 0 0 0 [] 0 0 Mac OSX 26.5.1 ["All Sector Websites","Collaboration","DLP All Categories ","Marketing","Business","All Categories","Technology"] teams.events.data.microsoft.com [WEB] All Sector Web Access 0 3393852418696812037 0 0 Microsoft Teams IN 0 28 Gurugram 77 Haryana Tue Jun 16 11:56:47 2026 Asia/Kolkata 122001 182.69.182.0 0 0 0 1781591207 0 CloudApp 0 nspolicy anita.singh@corporate.com teams.events.data.microsoft.com Priya.Mehrotra@corporate.com 192.168.1.15 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 1621617486991627159 Business Intelligence and Data Analytics Amazon 6532044925164558210 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-0393 9.0547E+11 0 [] no 0 30E11FC1-2EC7-9412-66A6-CDBDFF40D487 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 1998436724571375512 0 0 Amazon Kinesis GB 0 51 Fulham -1 England Tue Jun 16 07:26:47 2026 Europe/London SW6 140.228.75.0 0 0 0 1781591207 0 CloudApp 1998436724571375512 nspolicy katrina.berzina@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Agnese.Ruskule@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.52.126 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Atlassian MCP 0 MCP Server 0 MCP Server 70 medium 0 0 0 1 Other NL 0 52 Amsterdam 4 North Holland Europe/Amsterdam 1016 185.166.143.0 443 0 0 0 [] 0 0 Mac OSX 26.5.0 ["All Sector Websites","MCP Server","DLP All Categories ","Marketing","SSL NO DECRYPT ALL","All Categories","Technology"] mcp.atlassian.com [WEB] All Sector Web Access 0 3393853437585578753 0 0 Atlassian MCP PL 0 50 Katowice 18 Silesia Tue Jun 16 08:26:47 2026 Europe/Warsaw 40-872 195.177.85.0 0 0 0 1781591207 0 CloudApp 0 nspolicy marek.nowak@corporate.com mcp.atlassian.com andrzej.globisz@corporate.com 192.168.1.27 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert yes [WEB] All Sector Web Access policy 0 0 All Sector Websites 0 unknown 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 74.178.35.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","All Categories","Technology"] winatp-gw-neu.microsoft.com [WEB] All Sector Web Access 0 3393852845911628545 0 0 GB 0 51 Waltham Cross -1 England Tue Jun 16 07:26:47 2026 Europe/London EN8 82.9.161.0 0 0 0 1781591207 0 Web 0 nspolicy owen.phillips@corporate.com winatp-gw-neu.microsoft.com Gareth.Anderson@corporate.com 192.168.0.64 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Live Accounts 0 Application Suite 0 Application Suite 70 medium 0 0 0 1 Other IE 0 53 Dublin -7 Leinster Europe/Dublin D02 40.126.31.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","Application Suite","DLP All Categories ","Marketing","All Categories","Risk and Crime","CapitalMarkets_and_Corporate Allow","Technology"] login.live.com [WEB] All Sector Web Access 0 3393852424627345153 0 0 Microsoft Live Suite GB 0 53 Chorley -3 England Tue Jun 16 07:26:47 2026 Europe/London PR7 86.179.133.0 0 0 0 1781591207 0 CloudApp 0 nspolicy maria.edwards@corporate.com login.live.com Peter.Norris@corporate.com 192.168.1.237 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 3418830011869835973 Business Intelligence and Data Analytics Amazon 6370962430820221408 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-6098 9.0547E+11 0 [] no 0 E718A4BE-BD27-5206-730B-5790C5F4FD8B 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6366309692230137085 0 0 Amazon Kinesis GB 0 52 Leicester -2 England Tue Jun 16 07:26:48 2026 Europe/London LE3 176.248.214.0 0 0 0 1781591208 0 CloudApp 846928520315636649 nspolicy chris.davies@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Andy.Sutton@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.68.55 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:47.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 4552805259691069610 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:47 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591207 0 Web 4552805259691069610 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:46.000 Client FALSE useralert Browse yes [WEB] Potentially Malicious Sites policy 1767205726962671992 5000178776037541454 Potentially malicious sites 0 unknown 0 0 0 1 Windows Device managed GB 0 51 London -1 England Europe/London N/A 174.46.83.0 80 0 0 Corporate-96412 0 [] no 0 14.html B3CC260A-BFB2-714F-02F9-D8C96DB9B21B 0 Windows 11 Windows NT 11.0 ["Potentially malicious sites","Uncategorized","DLP All Categories ","All Categories"] 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com 174.46.83.201 [WEB] Potentially Malicious Sites 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6988357283908119751 0 0 174.46.83.201 GB 0 53 Halifax -2 England Tue Jun 16 07:26:46 2026 Europe/London HX1 81.105.212.0 0 0 0 1781591206 0 Web 6988357283908119751 nspolicy kevin.brooks@corporate.com 174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin Charissa.Chang@corporate.com Microsoft-Delivery-Optimization/10.1 192.168.0.164 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:48.000 Client FALSE alert Browse yes [WEB] All Sector Web Access policy Microsoft Azure DevOps 0 Development Tools 0 Development Tools 84 high 0 0 0 1 Other US 0 29 San Antonio -99 Texas America/Chicago 78288 23.100.122.0 443 0 0 0 [] 0 0 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Engineering","Marketing","Development Tools","Platforms","All Categories","Technology"] rt.services.visualstudio.com [WEB] All Sector Web Access 0 3393851970317026819 0 0 Visual Studio GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:48 2026 Europe/London N/A 148.252.148.0 0 0 0 1781591208 0 CloudApp 0 nspolicy luke.harrison@corporate.com rt.services.visualstudio.com adam.wrightson@corporate.com 10.80.83.1 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 3418830011869835973 Business Intelligence and Data Analytics Amazon 6370962430820221408 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-6098 9.0547E+11 0 [] no 0 E718A4BE-BD27-5206-730B-5790C5F4FD8B 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 6366309692230137085 0 0 Amazon Kinesis GB 0 52 Leicester -2 England Tue Jun 16 07:26:48 2026 Europe/London LE3 176.248.214.0 0 0 0 1781591208 0 CloudApp 6366309692230137085 nspolicy chris.davies@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ Andy.Sutton@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.68.55 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 8474345048791532673 Business Intelligence and Data Analytics Amazon 2375969179232529120 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.74.148.0 443 0 0 Corporate-3436 9.0547E+11 0 [] no 0 B9C1AE09-E254-CCD6-3CCF-4AA3298EEA10 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 5384370215151327567 0 0 Amazon Kinesis GB 0 55 Glasgow -5 Scotland Tue Jun 16 07:26:48 2026 Europe/London N/A 148.252.148.0 0 0 0 1781591208 0 CloudApp 5384370215151327567 nspolicy luke.harrison@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ adam.wrightson@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 10.80.83.3 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:48.000 Client FALSE alert Edit yes [WEB] All Sector Web Access policy Amazon Kinesis 2855143298923339489 Business Intelligence and Data Analytics Amazon 2064547398725143804 All Sector Websites 87 high 0 0 0 1 Windows Device managed DE 0 50 Frankfurt am Main 8 Hesse Europe/Berlin 60313 3.123.12.0 443 0 0 Corporate-2731 9.0547E+11 0 [] no 0 73699F49-EB38-1294-ED45-9ACC1AE015EE 0 Windows 11 Windows NT 11.0 ["All Sector Websites","DLP All Categories ","Marketing","Corporate No DLP User Alerts","All Categories","Technology","Engineering","Business Intelligence and Data Analytics"] 905469987510.data-kinesis.eu-central-1.amazonaws.com/ 905469987510.data-kinesis.eu-central-1.amazonaws.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7925420924444153094 0 0 Amazon Kinesis GB 0 52 Milton Keynes -1 England Tue Jun 16 07:26:48 2026 Europe/London MK6 94.10.125.0 0 0 0 1781591208 0 CloudApp 7925420924444153094 nspolicy nicole.ward@corporate.com 905469987510.data-kinesis.eu-central-1.amazonaws.com/ hayley.Jarvis@corporate.com aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e 192.168.0.35 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL -16/06/2026, 06:26:48.000 Client FALSE alert Delete yes [WEB] All Sector Web Access policy Microsoft Office 365 Outlook.com 5653566044705553090 Webmail Office365 Edge 5199259246582574824 149.0.0.0 All Sector Websites 81 high 0 0 277779316245107090 1 Windows Device managed GB 0 51 London -1 England Europe/London W1U 40.99.205.0 443 0 0 steve.smith@corporate.com Corporate-2583 Corporate 0 [] no 0 D75790AE-F0D9-D54E-905B-99BA85FA8F7B 0 AAkALgAAAAAAHYQDEapmEc2byACqAC/EWg0ALbG3BAwvpk293U7kYeVIZgAG1CnCUQAA Mail Windows 11 Windows NT 11.0 ["All Sector Websites","All Categories","DLP All Categories ","Webmail"] outlook.office.com Microsoft Office 365 Outlook.com [WEB] All Sector Web Access 7FB181CEF851C88C 2026-06-15 15:05:33.202470 HTTPS/1.1 0 7339957861114475334 0 Yes 0 unknown Microsoft Office 365 Outlook.com GB 0 52 Bedford -1 England Tue Jun 16 07:26:48 2026 Europe/London MK42 5.69.118.0 0 0 0 1781591208 0 CloudApp 7339957861114475334 nspolicy jason.miller@corporate.com outlook.office.com/owa/service.svc steve.smith@corporate.com Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 Edg/149.0.0.0 OneOutlook/1.2026.602.400 192.168.0.25 16b4146d-f75d-47d9-a115-bbd9ccafb19a NetskopeAlerts_CL \ No newline at end of file diff --git a/Sample Data/ASIM/Netskope_Security Cloud_AlertEvent_IngestedLogs.csv b/Sample Data/ASIM/Netskope_Security Cloud_AlertEvent_IngestedLogs.csv new file mode 100644 index 00000000000..6efd6bca031 --- /dev/null +++ b/Sample Data/ASIM/Netskope_Security Cloud_AlertEvent_IngestedLogs.csv @@ -0,0 +1,101 @@ +TimeGenerated [UTC],access_method,account_id,account_name,acked,action,activity,alert,alert_id,alert_name,alert_type,app,app_activity,app_sessionid,appcategory,appsuite,asset_id,asset_object_id,breach_date,breach_description,breach_id,breach_media_references,breach_score,breach_target_references,browser,browser_sessionid,browser_version,bypass_traffic,category,cci,ccl,client_bytes,compliance_standards,conn_duration,conn_endtime,conn_starttime,connectionid,CononicalName,count_i,data_type,device,device_classification,dlp_file,dlp_incidentid,dlp_is_unique_count,dlp_mail_parent_id,dlp_parentid,dlp_profile,dlp_rule,dlp_rule_count,dlp_rule_severity,dlp_unique_count,domain,dst_country,dst_geoip_src,dst_latitude,dst_location,dst_longitude,dst_region,dst_timezone,dst_zipcode,dstip,dsthost,dstport,email_source,event_type,evt_src_chnl,exposure,external_collaborator_count,external_email,file_cls_encrypted,file_lang,file_path,file_size,file_type,from_user,fromlogs,hostname,http_transaction_count,iaas_asset_tags,iaas_remediated,instance,instance_id,internal_collaborator_count,justification_reason,justification_type,last_app,last_country,last_device,last_location,last_region,last_timestamp,log_file_name,malicious,malsite_category,malsite_country,malsite_id,malsite_ip_host,malsite_latitude,malsite_longitude,malsite_region,managed_app,managementID,matched_username,md5,mime_type,modified,netskope_activity,netskope_pop,notify_template,nsdeviceuid,numbytes,object,object_id,object_type,org,organization_unit,orig_ty,orignal_file_path,os,os_version,other_categories,outer_doc_type,owner,page,page_site,parent_id,password_type,policy,policy_actions,policy_id,profile_id,protocol,referer,region_id,region_name,req_cnt,requestid,resource_category,resource_group,resp_cnt,sa_profile_id,sa_profile_name,sa_rule_id,sa_rule_name,sa_rule_severity,sAMAccountName,sanctioned_instance,scan_type,serial,server_bytes,sessionid,severity,severity_level,severity_level_id,sfwder,sha256,shared_domains,shared_with,site,src_country,src_geoip_src,src_latitude,src_location,src_longitude,src_region,src_time,src_timezone,src_zipcode,srcip,suppression_end_time,suppression_key,suppression_start_time,telemetry_app,threat_match_field,threat_match_value,threat_source_id,threshold,threshold_time,timestamp,title_s,to_object,total_collaborator_count,traffic_type,transactionid,true_obj_category,true_obj_type,tss_mode,two_factor_auth,type_s,universal_connector,ur_normalized,url,user,user_generated,user_id,useragent,userip,userkey,userPrincipalName,web_universal_connector,TenantId,Type,_ResourceId +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,52.138.229.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,,,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852352174846977,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Hendon,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,NW4,82.30.253.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,vanessa.kumar@corporate.com,eu-teams.events.data.microsoft.com,Pramodini.Nayak@corporate.com,,,,192.168.0.14,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,13.69.239.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-office.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852357233413889,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:41 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,thomas.wilson@corporate.com,eu-office.events.data.microsoft.com,reuben.ramesh@corporate.com,,,,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,22747,48.211.4.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,settings-win.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853375819866113,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,50,Brighton,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,N/A,217.65.134.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,sarah.patel@corporate.com,settings-win.data.microsoft.com,james.heath@corporate.com,,,,10.101.3.13,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Response,yes,,[WEB] All Sector Web Access,policy,Anthropic Claude,,4446167814681716819,Generative AI,,,,,,,,,,,5761591961372255990,,,All Sector Websites,83,high,0,,0,,,8016351051001150293,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,160.79.104.0,,443,,,,,0,,,,,1414,text/plain,,,Corporate-9364,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,5254500b6c6747d3e7c808bff4cf5303,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,Message,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""Engineering"",""Generative AI"",""Generative AI - Tools and Stores""]",,,api.anthropic.com,Anthropic,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,585895169767630047,,,0,,,,,,,,,,0,,,,,,,,,Anthropic,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:42 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,1552339606481747543,,,,,nspolicy,,derek.johnson@corporate.com,api.anthropic.com/v1/messages,Mansi.Pandey@corporate.com,,,"claude-cli/2.1.177 (external, cli)",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,N/A,20.42.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,self.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852504461628673,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,50,Haywards Heath,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,RH16,109.150.120.0,0,,0,,,,0,,,1781591201,,,0,Web,0,,,,,nspolicy,,linda.martinez@corporate.com,self.events.data.microsoft.com,Anthony.Newman@corporate.com,,,,192.168.68.70,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4431870242258108579,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:41 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591201,,,0,Web,4431870242258108579,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:40.000",Client,,,FALSE,alert,Upload,yes,,[WEB] All Sector Web Access,policy,Microsoft Edge,,4177921831347134248,Technology,,,,,,,,,,Chrome,119298968245144067,,,All Sector Websites,72,medium,0,,0,,,0,,1,application/octet-stream,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.27.0,,443,,,,,0,,,,,5266,Plain Text file,,,Corporate-93266,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,dc848a6dec2ca7a14082d6fd628dab94,,0,,,,BD462FDF-D4FB-9286-8C32-4322B768C431,0,,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=uYKogYRfE0ceE%2FJzrJPt7w%3D%3D,microsoft,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,5287969727838090829,,,0,,,,,,,,,,0,,unknown,,,,d2c10b214515b4a115f1244e6d621c634776fcb08099a20132c562c8860f6be0,,,Microsoft Edge,GB,0,52,Birmingham,-2,England,Tue Jun 16 07:26:40 2026,Europe/London,B6,31.94.70.0,0,,0,,,,0,,,1781591200,,,0,CloudApp,5287969727838090829,,,inline,,nspolicy,yes,emma.fitzgerald@corporate.com,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/,francis.purcell@corporate.com,,,Chrome WIN 149.0.4022.62 (068a180137b01f28d261b1343e49c85b6348d4f5) channel(stable),192.168.1.29,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4997919106262660520,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:41 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591201,,,0,Web,4997919106262660520,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,block,Browse,yes,,[WEB] Prohibited Sites,policy,Atlassian Jira Software,,4487093888799611826,Development Tools,Atlassian,,,,,,,,,Safari,3743399434542224550,26.5,,Prohibited Sites,84,high,0,,0,,,0,,1,,Mac Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,98073,13.107.137.0,,443,,,,,0,,,,,0,,,,HP42MPQD23,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,1.html,8273DDC0-5708-50CF-BBAE-010879101BA8,0,,,,,,,,Mac OS,Mac OSX 26.5.0,"[""Prohibited Sites"",""All Categories"",""DLP All Categories "",""Marketing"",""File Transfers"",""Cloud Storage"",""Engineering"",""Development Tools""]",,,onedrive.live.com/favicon.ico,live,,,[WEB] Prohibited Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,https://myhouse.atlassian.net/,,,0,1853767612842718881,,,0,,,,,,,,,,0,,unknown,,,,,,,Atlassian - JIRA,IN,0,18,Pune,73,Maharashtra,Tue Jun 16 11:56:41 2026,Asia/Kolkata,411007,49.36.56.0,0,,0,Microsoft OneDrive,,,0,,,1781591201,,,0,CloudApp,1853767612842718881,,,,,nspolicy,,robert.sharma@corporate.com,onedrive.live.com/favicon.ico,priyanka.burde@corporate.com,,,"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.5 Safari/605.1.15",192.168.29.13,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Arlington,-78,Virginia,America/New_York,22226,52.188.247.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,eastus-8.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852796418741505,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,52,Coalville,-2,England,Tue Jun 16 07:26:41 2026,Europe/London,LE67,90.248.115.0,0,,0,,,,0,,,1781591201,,,0,CloudApp,0,,,,,nspolicy,,jessica.turner@corporate.com,eastus-8.in.applicationinsights.azure.com,Lucy.Crook@corporate.com,,,,192.168.1.75,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:41.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.113.176.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westeurope-5.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852295803588097,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,Tottenham,-1,England,Tue Jun 16 07:26:41 2026,Europe/London,N17,94.2.57.0,0,,0,,,,0,,,1781591201,,,0,CloudApp,0,,,,,nspolicy,,nathan.cole@corporate.com,westeurope-5.in.applicationinsights.azure.com,oliver.thompson@corporate.com,,,,192.168.68.65,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,FR,0,48,Paris,2,Île-de-France,Europe/Paris,75001,51.11.192.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393849919520560897,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,53,Chorley,-3,England,Tue Jun 16 07:26:43 2026,Europe/London,PR7,86.179.133.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,maria.edwards@corporate.com,eu-teams.events.data.microsoft.com,Peter.Norris@corporate.com,,,,192.168.1.237,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852768745043459,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591202,,,0,Web,0,,,,,nspolicy,,daniel.hayes@corporate.com,winatp-gw-neu.microsoft.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.109.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,res.cdn.office.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852922936047105,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,0,,,,,nspolicy,,daniel.hayes@corporate.com,res.cdn.office.net,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,832221445352398182,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,832221445352398182,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:22.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Microsoft Office 365 Sharepoint Online,,6394965475309242090,Collaboration,Office365,,,,,,,,,Native,3375680068702254064,,,All Sector Websites,91,excellent,0,,0,,,5089105323273154939,,2,,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,98073,13.107.138.0,,443,,,,,0,,,,,0,application/x-empty,john.peters@corporate.com,,Corporate-4485,,,,,Corporate,0,,,,,,,,,,,[],,,,,,,no,,,d41d8cd98f00b204e9800998ecf8427e,,0,,,,39538DFA-6902-EAE4-1635-294AF4E2A4CE,0,creditreportxlsx,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""BDMs"",""Marketing"",""Underwriting and Recoveries"",""Relationship Managers"",""Custom-123"",""Corporate No DLP User Alerts"",""All Categories"",""Asset Finance"",""Technology"",""Collaboration""]",,,Corporate.sharepoint.com,Microsoft Office 365 Sharepoint Sites,/sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,9019506608313725876,,,0,,,,,,,Yes,,,0,,unknown,,,,,,,Microsoft Office 365 Sharepoint Sites,GB,0,51,Windsor,-1,England,Tue Jun 16 07:26:22 2026,Europe/London,SL4,134.65.142.0,1781591202,,1781591182,,,,0,,,1781591182,,,0,CloudApp,9019506608313725876,,,,,nspolicy,,patricia.roy@corporate.com,Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService,john.peters@corporate.com,,,Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb),192.168.68.115,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,23,Ahmedabad,72,Gujarat,Asia/Kolkata,380001,23.58.95.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,res.cdn.office.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852411591326979,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,IN,0,23,Ahmedabad,72,Gujarat,Tue Jun 16 11:56:42 2026,Asia/Kolkata,380008,106.194.78.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,0,,,,,nspolicy,,amit.verma@corporate.com,res.cdn.office.net,Piyush.Jayswal@corporate.com,,,,172.20.10.4,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,97742837984121794,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,97742837984121794,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8790388499610240949,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,8790388499610240949,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,1026375107878931682,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591202,,,0,Web,1026375107878931682,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,1708876711254208367,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,3815549169259536272,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-4573,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,01738383-705F-1C08-CA58-1B9D8FA51971,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469985555.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,5577809861853533151,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,51,Greenwich,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,SE10,82.5.65.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,5577809861853533151,,,,,nspolicy,,brian.foster@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Josh.Eldridge@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.0.204,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v20.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853441897066243,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Kensington,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,SW3,62.49.203.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,rachel.dean@corporate.com,eu-v20.events.data.microsoft.com,NICK.VOSS@corporate.com,,,,192.168.68.52,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Microsoft Office 365 Sharepoint Online,,6394965475309242090,Collaboration,Office365,,,,,,,,,Native,3375680068702254064,,,All Sector Websites,91,excellent,0,,0,,,5089105323273154939,,1,,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,98073,13.107.138.0,,443,,,,,0,,,,,0,application/x-empty,john.peters@corporate.com,,Corporate-4485,,,,,Corporate,0,,,,,,,,,,,[],,,,,,,no,,,d41d8cd98f00b204e9800998ecf8427e,,0,,,,39538DFA-6902-EAE4-1635-294AF4E2A4CE,0,creditreportxlsx,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""BDMs"",""Marketing"",""Underwriting and Recoveries"",""Relationship Managers"",""Custom-123"",""Corporate No DLP User Alerts"",""All Categories"",""Asset Finance"",""Technology"",""Collaboration""]",,,Corporate.sharepoint.com,Microsoft Office 365 Sharepoint Sites,/sites/Auto-DIPLetterStore-SP/Shared%20Documents/BL-Migration-Asset-Finance-Files/Underwriting/S/Skelmersdale%20Van%20Hire%20TA%20Mark%20&%20Shirley%20Blamphin/AF000000035306,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7993109372101449573,,,0,,,,,,,Yes,,,0,,unknown,,,,,,,Microsoft Office 365 Sharepoint Sites,GB,0,51,Windsor,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,SL4,134.65.142.0,0,,0,,,,0,,,1781591202,,,0,CloudApp,7993109372101449573,,,,,nspolicy,,patricia.roy@corporate.com,Corporate.sharepoint.com/sites/Auto-DIPLetterStore-SP/_vti_bin/cellstorage.svc/CellStorageService,john.peters@corporate.com,,,Microsoft Office Excel/16.0.20026.20168 (Windows/10.0; Desktop x64; en-GB; Desktop app; HP/HP EliteBook 8 G1i 16 inch Noteb),192.168.68.115,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6585949069064830580,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,6585949069064830580,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,W1U,2.18.190.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,statics.teams.cdn.office.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853439925762305,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,50,Dawlish,-4,England,Tue Jun 16 07:26:43 2026,Europe/London,EX7,2.123.56.0,0,,0,,,,0,,,1781591203,,,0,CloudApp,0,,,,,nspolicy,,steven.murphy@corporate.com,statics.teams.cdn.office.net,Danny.McMurdo@corporate.com,,,,192.168.0.113,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,13.89.179.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853328290418689,,,0,,,,,,,,,,0,,,,,,,,,,PL,0,51,Lubartów,22,Lublin,Tue Jun 16 08:26:44 2026,Europe/Warsaw,21-100,46.151.187.0,0,,0,,,,0,,,1781591204,,,0,Web,0,,,,,nspolicy,,pawel.kowalski@corporate.com,mobile.events.data.microsoft.com,Tomasz.Kucharzyk@corporate.com,,,,192.168.68.53,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852734913787393,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591203,,,0,CloudApp,0,,,,,nspolicy,,daniel.hayes@corporate.com,login.microsoftonline.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,W1U,23.214.208.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,iadsdk.apple.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393849215380776961,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:43 2026,Europe/London,G12,81.157.158.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,vikram.reddy@corporate.com,iadsdk.apple.com,anudeep.kattamuri@corporate.com,,,,192.168.1.120,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,18,Pune,73,Maharashtra,Asia/Kolkata,411005,20.190.146.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852945408803585,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:44 2026,Asia/Kolkata,562130,122.172.83.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,sneha.nair@corporate.com,login.microsoftonline.com,Hridya.Raj@corporate.com,,,,192.168.1.2,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.113.176.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westeurope-5.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852402590403841,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:44 2026,Europe/London,EC4R,18.168.47.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,jordan.cooper@corporate.com,westeurope-5.in.applicationinsights.azure.com,Ashley.Bailey@corporate.com,,,,192.168.23.18,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,72.145.59.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853444547744257,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:44 2026,Asia/Kolkata,562130,223.181.111.0,0,,0,,,,0,,,1781591204,,,0,Web,0,,,,,nspolicy,,rajesh.iyer@corporate.com,winatp-gw-neu.microsoft.com,Sasidhar.Shenoy@corporate.com,,,,192.168.1.20,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.189.172.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westus-0.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853446410073857,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,Canary Wharf,-1,England,Tue Jun 16 07:26:44 2026,Europe/London,E14,5.253.252.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,timothy.flynn@corporate.com,westus-0.in.applicationinsights.azure.com,John.Duggan@corporate.com,,,,10.16.1.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852808112669441,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Ilford,0,England,Tue Jun 16 07:26:43 2026,Europe/London,IG1,31.94.56.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,paul.harrison@corporate.com,winatp-gw-neu.microsoft.com,ian.francis@corporate.com,,,,10.0.98.139,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:40.000",Client,,,FALSE,alert,Upload,yes,,[WEB] All Sector Web Access,policy,Microsoft Edge,,6055177101387891139,Technology,,,,,,,,,,Chrome,2382959896824642836,,,All Sector Websites,72,medium,0,,0,,,0,,1,application/octet-stream,Windows Device,managed,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.28.0,,443,,,,,0,,,,,53575,Unicode text file,,,Corporate-7590,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,920f709968056934a89704455278e76e,,0,,,,0EDF2337-221C-FC1F-F183-623715444C2D,0,,,File,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/?client=Chromium&client_id=oxgtO83ZD8SfssrA5F4LGQ%3D%3D,microsoft,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,2618767518737324206,,,0,,,,,,,,,,0,,unknown,,,,d1bf1904c6f9d79f0fd8551fa711831cd71cb61535619066a051e6f952286182,,,Microsoft Edge,GB,0,53,Liverpool,-3,England,Tue Jun 16 07:26:40 2026,Europe/London,L1,2.125.131.0,0,,0,,,,0,,,1781591200,,,0,CloudApp,2618767518737324206,,,inline,,nspolicy,yes,alan.douglas@corporate.com,edge.microsoft.com/sync/v1/feeds/me/syncEntities/command/,Mike.Gribben@corporate.com,,,Chrome WIN 149.0.4022.69 (6c7df6d8a61da958d863a718cc0403efd161d40d) channel(stable),192.168.0.31,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8663864056354055490,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,8663864056354055490,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,3706353385689057456,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,3706353385689057456,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,74.178.240.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,tas02.cws.update.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853425304355073,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:44 2026,Europe/London,G14,46.65.52.0,0,,0,,,,0,,,1781591204,,,0,Web,0,,,,,nspolicy,,marcus.grant@corporate.com,tas02.cws.update.microsoft.com,Brian.Bovell@corporate.com,,,,192.168.0.137,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6056427765594716528,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,6056427765594716528,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,52.236.189.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,r.manage.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852955701949953,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,daniel.hayes@corporate.com,r.manage.microsoft.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,19,Mumbai,72,Maharashtra,Asia/Kolkata,400017,17.253.18.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,ocsp2.apple.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852930451994113,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,11,Coimbatore,76,Tamil Nadu,Tue Jun 16 11:56:43 2026,Asia/Kolkata,641011,223.185.26.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,arjun.krishnan@corporate.com,ocsp2.apple.com,Jai.Senthilkumar@corporate.com,,,,192.168.0.149,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,ChatGPT,,0,Generative AI,,,,,,,,,,,0,,,Generative AI,64,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,104.18.32.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""Generative AI"",""Engineering"",""Marketing"",""DLP All Categories "",""All Categories"",""Technology""]",,,ab.chatgpt.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852189176228097,,,0,,,,,,,,,,0,,,,,,,,,ChatGPT,DE,0,49,Nuremberg,11,Bavaria,Tue Jun 16 08:26:44 2026,Europe/Berlin,90419,77.25.22.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,felix.weber@corporate.com,ab.chatgpt.com,Alexander.Schmolck@corporate.com,,,,192.168.0.162,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,block,Browse,yes,,[Utility] DNS over HTTPS,policy,DNS Over HTTPS,,5754666634689974621,General,,,,,,,,,,Chrome,3663950846471756290,,,General,,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,Mountain View,-123,California,America/Los_Angeles,N/A,8.8.8.0,,443,,,,,0,,,,,0,,,,Corporate-6069,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,silent_block.html,4738C42D-C0B6-D106-5B14-2A66FDD66B73,0,,,,,,,,Windows 11,Windows NT 11.0,"[""General"",""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,dns,,,[Utility] DNS over HTTPS,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7651958669119122990,,,0,,,,,,,,,,0,,unknown,,,,,,,DOH,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:44 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,7651958669119122990,,,,,nspolicy,,thomas.wilson@corporate.com,dns.google/dns-query,reuben.ramesh@corporate.com,,,Chrome,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853341284074245,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,52,Bedford,-1,England,Tue Jun 16 07:26:44 2026,Europe/London,MK42,5.69.118.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,jason.miller@corporate.com,login.microsoftonline.com,steve.smith@corporate.com,,,,192.168.0.25,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8584411413143272213,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591204,,,0,Web,8584411413143272213,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,2234760899676255905,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,2234760899676255905,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853432996767233,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,London,-1,England,Tue Jun 16 07:26:42 2026,Europe/London,N/A,31.94.18.0,0,,0,,,,0,,,1781591202,,,0,Web,0,,,,,nspolicy,,dimitri.stavros@corporate.com,winatp-gw-neu.microsoft.com,Konstantinos.Pagonas@corporate.com,,,,172.20.10.8,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,73473666834719211,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,73473666834719211,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,block,Browse,yes,,[Utility] DNS over HTTPS,policy,DNS Over HTTPS,,5754666634689974621,General,,,,,,,,,,Chrome,3663950846471756290,,,General,,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,Mountain View,-123,California,America/Los_Angeles,N/A,8.8.8.0,,443,,,,,0,,,,,0,,,,Corporate-6069,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,silent_block.html,4738C42D-C0B6-D106-5B14-2A66FDD66B73,0,,,,,,,,Windows 11,Windows NT 11.0,"[""General"",""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,dns,,,[Utility] DNS over HTTPS,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,1122210977986776659,,,0,,,,,,,,,,0,,unknown,,,,,,,DOH,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:44 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,1122210977986776659,,,,,nspolicy,,thomas.wilson@corporate.com,dns.google/dns-query,reuben.ramesh@corporate.com,,,Chrome,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,13.69.109.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852540901754113,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,South Croydon,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,CR2,90.253.104.0,0,,0,,,,0,,,1781591205,,,0,Web,0,,,,,nspolicy,,claire.robinson@corporate.com,eu-mobile.events.data.microsoft.com,Morgan.Walker@corporate.com,,,,192.168.1.178,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,13.89.179.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853455964664335,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,19,Pālghar,72,Maharashtra,Tue Jun 16 11:56:45 2026,Asia/Kolkata,401404,103.217.128.0,0,,0,,,,0,,,1781591205,,,0,Web,0,,,,,nspolicy,,neha.kapoor@corporate.com,mobile.events.data.microsoft.com,Mittali.Taurani@corporate.com,,,,192.168.1.39,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure DevOps,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,29,San Antonio,-99,Texas,America/Chicago,78288,23.100.122.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Engineering"",""Marketing"",""Development Tools"",""Platforms"",""All Categories"",""Technology""]",,,rt.services.visualstudio.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393850142254775809,,,0,,,,,,,,,,0,,,,,,,,,Visual Studio,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:45 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,derek.johnson@corporate.com,rt.services.visualstudio.com,Mansi.Pandey@corporate.com,,,,192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Post,yes,,[WEB] All Sector Web Access,policy,Anthropic Claude,,9115015412155731128,Generative AI,,,,,,,,,,,722979866996278186,,,All Sector Websites,83,high,0,,0,,,9215221511256502607,,1,,Mac Device,managed,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,160.79.104.0,,443,,,,,0,,,,,962,text/plain,,,HP6VRPXG3P6,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,54c809c37479543154c3640e32d872cc,,0,,,,D0FE0218-8F8A-53B2-0DEB-281635052363,0,,,Message,,,,,Mac OS,Mac OSX 26.5.1,"[""All Sector Websites"",""Engineering"",""Generative AI"",""Generative AI - Tools and Stores""]",,,api.anthropic.com,Anthropic,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,3650952565633792930,,,0,,,,,,,,,,0,,,,,,8cea17bdc1bc01cae94ea1d9c61adcee16229e39593ddd47de3f54a7e90f0b0c,,,Anthropic,IN,0,28,Gurugram,77,Haryana,Tue Jun 16 11:56:45 2026,Asia/Kolkata,122001,182.69.182.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,3650952565633792930,,,,,nspolicy,,anita.singh@corporate.com,api.anthropic.com/v1/messages,Priya.Mehrotra@corporate.com,,,"claude-cli/2.1.177 (external, claude-vscode, agent-sdk/0.3.177)",192.168.1.15,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:42.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.38.81.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,agents.amsub0202.manage.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852617724683521,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,50,Wimborne Minster,-2,England,Tue Jun 16 07:26:42 2026,Europe/London,BH21,94.0.33.0,0,,0,,,,0,,,1781591202,,,0,Web,0,,,,,nspolicy,,emily.stewart@corporate.com,agents.amsub0202.manage.microsoft.com,Rachael.Baker@corporate.com,,,,192.168.0.16,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure,,0,IaaS/PaaS,,,,,,,,,,,0,,,IaaS/PaaS,87,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.113.176.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""IaaS/PaaS"",""DLP All Categories "",""Engineering"",""Marketing"",""Microsoft_Foundary_AI"",""All Categories"",""Technology""]",,,westeurope-5.in.applicationinsights.azure.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853456635777281,,,0,,,,,,,,,,0,,,,,,,,,Windows Azure,GB,0,51,Reading,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,RG1,90.241.124.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,rohan.desai@corporate.com,westeurope-5.in.applicationinsights.azure.com,Dipesh.Halai@corporate.com,,,,192.168.1.81,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,72.145.59.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853443943794179,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,52,Kettering,-1,England,Tue Jun 16 07:26:43 2026,Europe/London,NN16,86.31.94.0,0,,0,,,,0,,,1781591203,,,0,Web,0,,,,,nspolicy,,stefan.ionescu@corporate.com,winatp-gw-neu.microsoft.com,George.Tiganila@corporate.com,,,,192.168.0.225,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853449882906113,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,50,Southampton,-2,England,Tue Jun 16 07:26:44 2026,Europe/London,SO32,94.6.58.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,0,,,,,nspolicy,,andrew.bell@corporate.com,login.microsoftonline.com,michael.mann@corporate.com,,,,192.168.0.29,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,N/A,20.42.65.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852850190038529,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,EC4R,145.224.90.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,daniel.hayes@corporate.com,teams.events.data.microsoft.com,Ross.Goldie@corporate.com,,,,192.168.1.233,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,13.89.179.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853444908526083,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Brent,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,N/A,143.58.186.0,0,,0,,,,0,,,1781591205,,,0,Web,0,,,,,nspolicy,,rebecca.fox@corporate.com,mobile.events.data.microsoft.com,catherine.wright@corporate.com,,,,192.168.1.138,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8710398816070853195,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:45 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591205,,,0,Web,8710398816070853195,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,40.126.32.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Risk and Crime"",""Technology""]",,,login.microsoftonline.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853459462706433,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,GB,0,50,Haywards Heath,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,RH16,109.150.120.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,linda.martinez@corporate.com,login.microsoftonline.com,Anthony.Newman@corporate.com,,,,192.168.68.70,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.184.175.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852410878348563,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,GB,0,51,City of London,-1,England,Tue Jun 16 07:26:45 2026,Europe/London,EC4R,18.168.47.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,jordan.cooper@corporate.com,teams.events.data.microsoft.com,Ashley.Bailey@corporate.com,,,,192.168.23.18,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:43.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,3515517376565558726,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:43 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591203,,,0,Web,3515517376565558726,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7863247045738140501,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:45 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591205,,,0,Web,7863247045738140501,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:45.000",Client,,,FALSE,alert,Browse,yes,,[WEB] Engineering Teams,policy,GitHub,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,75,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,18,Pune,73,Maharashtra,Asia/Kolkata,411005,20.207.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""Engineering"",""Development Tools"",""All Categories"",""DLP All Categories ""]",,,api.github.com,,,,[WEB] Engineering Teams,,,,,,,,0,3393853449572849153,,,0,,,,,,,,,,0,,,,,,,,,GitHub,IN,0,28,Gurugram,77,Haryana,Tue Jun 16 11:56:45 2026,Asia/Kolkata,122001,182.69.182.0,0,,0,,,,0,,,1781591205,,,0,CloudApp,0,,,,,nspolicy,,anita.singh@corporate.com,api.github.com,Priya.Mehrotra@corporate.com,,,,192.168.1.15,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,72.145.59.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852831265311235,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,Sonīpat,77,Haryana,Tue Jun 16 11:56:46 2026,Asia/Kolkata,131001,223.185.58.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,sanjay.gupta@corporate.com,winatp-gw-neu.microsoft.com,pankaj.kumar@corporate.com,,,,192.168.1.9,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8089903761584793704,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,8089903761584793704,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,LinkedIn,,0,Professional Networking,,,,,,,,,,,0,,,Professional Networking,65,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Francisco,-123,California,America/Los_Angeles,N/A,104.18.41.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Professional Networking"",""All Categories"",""Risk and Crime"",""CapitalMarkets_and_Corporate Allow"",""DLP All Categories "",""Engineering"",""Marketing"",""Executives"",""Social Media""]",,,rum22.perf.linkedin.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393850907195427841,,,0,,,,,,,,,,0,,,,,,,,,Linkedin,GB,0,54,Newcastle upon Tyne,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,NE5,86.8.36.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,douglas.reed1@corporate.com,rum22.perf.linkedin.com,Craig.Smith1@corporate.com,,,,192.168.0.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Atlassian Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,86,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1016,185.166.141.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Technology""]",,,web-security-reports.services.atlassian.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393851267536473089,,,0,,,,,,,,,,0,,,,,,,,,Atlassian App Suite,GB,0,54,Newcastle upon Tyne,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,NE5,86.8.36.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,douglas.reed1@corporate.com,web-security-reports.services.atlassian.com,Craig.Smith1@corporate.com,,,,192.168.0.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,47,Redmond,-123,Washington,America/Los_Angeles,N/A,150.171.109.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,xpaywalletcdn-prod.azureedge.net,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853307310394369,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,54,Newcastle upon Tyne,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,NE5,86.8.36.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,douglas.reed1@corporate.com,xpaywalletcdn-prod.azureedge.net,Craig.Smith1@corporate.com,,,,192.168.0.136,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:44.000",Client,,,FALSE,block,Browse,yes,,[Utility] DNS over HTTPS,policy,DNS Over HTTPS,,5754666634689974621,General,,,,,,,,,,Chrome,3663950846471756290,,,General,,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,US,0,37,Mountain View,-123,California,America/Los_Angeles,N/A,8.8.8.0,,443,,,,,0,,,,,0,,,,Corporate-6069,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,silent_block.html,4738C42D-C0B6-D106-5B14-2A66FDD66B73,0,,,,,,,,Windows 11,Windows NT 11.0,"[""General"",""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,dns,,,[Utility] DNS over HTTPS,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8701724296648252667,,,0,,,,,,,,,,0,,unknown,,,,,,,DOH,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:44 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591204,,,0,CloudApp,8701724296648252667,,,,,nspolicy,,thomas.wilson@corporate.com,dns.google/dns-query,reuben.ramesh@corporate.com,,,Chrome,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,4696698913580918274,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,5761591961372255990,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-9364,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6943950510830566618,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,6943950510830566618,,,,,nspolicy,,derek.johnson@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Mansi.Pandey@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Edit,yes,,[WEB] Kriya Temp Access,policy,Google Drive,,8755455595597889721,Cloud Storage,Google App,,,,,,,,,Chrome,4054711562922334474,149.0.0.0,,Kriya Allow List,87,high,0,,0,,,2046601412204286866,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,142.251.30.0,,443,,,,,0,,,,,0,,k.histrov@corporate.com,,Corporate-3999,,,,,corporate.com,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,1617321A-ED0C-EA46-D03D-EA95CCD285EA,0,,17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA,Document,,,,,Windows 11,Windows NT 11.0,"[""Kriya Allow List"",""All Categories"",""CapitalMarkets_and_Corporate Allow"",""DLP All Categories "",""Marketing"",""Potentially malicious sites"",""G-Suite Access"",""File Transfers"",""Executives"",""Prohibited Sites"",""Cloud Storage""]",,,docs.google.com,Google Drive,,,[WEB] Kriya Temp Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,https://docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/edit?gid=1708606351,,,0,4252780909104881950,,,0,,,,,,,,,,0,,unknown,,,,,,,Google Drive,GB,0,51,London,-1,England,Tue Jun 16 07:26:46 2026,Europe/London,N/A,185.238.222.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,3954089612998707774,,,,,nspolicy,,m.petrov@corporate.com,docs.google.com/spreadsheets/d/17zdf7EdmEfiK87k6uYP8rN5iay5RrHkOecTb3l0UfZA/save,k.histrov@corporate.com,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36",192.168.1.111,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,38,Washington,-79,Virginia,America/New_York,22747,52.168.117.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,mobile.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852547193188355,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,103.163.65.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,anil.bhosale@corporate.com,mobile.events.data.microsoft.com,Om.Karnewar@corporate.com,,,,10.12.167.87,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IN,0,13,Chennai,80,Tamil Nadu,Asia/Kolkata,600001,20.190.174.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Technology""]",,,graph.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852953075976449,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Office 365 Suite,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,103.163.65.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,anil.bhosale@corporate.com,graph.microsoft.com,Om.Karnewar@corporate.com,,,,10.12.167.88,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v20.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853462902347267,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,New Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:46 2026,Asia/Kolkata,110005,110.235.234.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,rahul.yadav@corporate.com,eu-v20.events.data.microsoft.com,Vicky.Poonia@corporate.com,,,,192.168.1.7,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4469587467134532459,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,4469587467134532459,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,9123703410329835033,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,9123703410329835033,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,4696698913580918274,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,5761591961372255990,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-9364,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6943950510830566618,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:47 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,4383192372529799292,,,,,nspolicy,,derek.johnson@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Mansi.Pandey@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure DevOps,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,29,San Antonio,-99,Texas,America/Chicago,78288,23.100.122.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""DLP All Categories "",""Engineering"",""Marketing"",""Development Tools"",""Platforms"",""All Categories"",""Technology""]",,,rt.services.visualstudio.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393849119910334465,,,0,,,,,,,,,,0,,,,,,,,,Visual Studio,PL,0,51,Lubartów,22,Lublin,Tue Jun 16 08:26:46 2026,Europe/Warsaw,21-100,46.151.187.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,pawel.kowalski@corporate.com,rt.services.visualstudio.com,Tomasz.Kucharzyk@corporate.com,,,,192.168.68.53,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,41,Des Moines,-94,Iowa,America/Chicago,50307,104.208.16.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,self.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852546840951297,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,53,St Helens,-3,England,Tue Jun 16 07:26:46 2026,Europe/London,WA9,94.0.129.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,susan.barker@corporate.com,self.events.data.microsoft.com,gill.hillier@corporate.com,,,,192.168.0.161,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.184.175.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852547218341123,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,IN,0,23,Ahmedabad,72,Gujarat,Tue Jun 16 11:56:46 2026,Asia/Kolkata,380008,106.194.78.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,0,,,,,nspolicy,,amit.verma@corporate.com,teams.events.data.microsoft.com,Piyush.Jayswal@corporate.com,,,,172.20.10.2,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.73.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v10c.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853466140066561,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Windsor,-1,England,Tue Jun 16 07:26:46 2026,Europe/London,SL4,134.65.142.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,patricia.roy@corporate.com,eu-v10c.events.data.microsoft.com,john.peters@corporate.com,,,,192.168.68.115,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,8286237362536754167,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,8286237362536754167,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,37,San Jose,-122,California,America/Los_Angeles,95141,20.184.175.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,browser.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852322596851457,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,28,Delhi,77,National Capital Territory of Delhi,Tue Jun 16 11:56:46 2026,Asia/Kolkata,110001,103.225.59.0,0,,0,,,,0,,,1781591206,,,0,Web,0,,,,,nspolicy,,thomas.wilson@corporate.com,browser.events.data.microsoft.com,reuben.ramesh@corporate.com,,,,192.168.1.37,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,20.50.80.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-v20.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853478295121665,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Newport,-3,Wales,Tue Jun 16 07:26:47 2026,Europe/London,NP19,81.102.150.0,0,,0,,,,0,,,1781591207,,,0,Web,0,,,,,nspolicy,,sam.crawford@corporate.com,eu-v20.events.data.microsoft.com,Dev.Alexander@corporate.com,,,,192.168.0.13,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,4696698913580918274,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,5761591961372255990,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-9364,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,03C835D0-BA98-0011-89EB-ED684C883501,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6943950510830566618,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,IN,0,12,Bengaluru,77,Karnataka,Tue Jun 16 11:56:46 2026,Asia/Kolkata,562130,49.207.195.0,0,,0,,,,0,,,1781591206,,,0,CloudApp,5086099446527205840,,,,,nspolicy,,derek.johnson@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Mansi.Pandey@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.1.102,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,13.69.239.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,eu-office.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852402347080961,,,0,,,,,,,,,,0,,,,,,,,,,IN,0,23,Ahmedabad,72,Gujarat,Tue Jun 16 11:56:47 2026,Asia/Kolkata,380008,106.194.78.0,0,,0,,,,0,,,1781591207,,,0,Web,0,,,,,nspolicy,,amit.verma@corporate.com,eu-office.events.data.microsoft.com,Piyush.Jayswal@corporate.com,,,,172.20.10.2,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Teams,,0,Collaboration,,,,,,,,,,,0,,,Collaboration,89,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1012,20.50.201.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.1,"[""All Sector Websites"",""Collaboration"",""DLP All Categories "",""Marketing"",""Business"",""All Categories"",""Technology""]",,,teams.events.data.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852418696812037,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Teams,IN,0,28,Gurugram,77,Haryana,Tue Jun 16 11:56:47 2026,Asia/Kolkata,122001,182.69.182.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,0,,,,,nspolicy,,anita.singh@corporate.com,teams.events.data.microsoft.com,Priya.Mehrotra@corporate.com,,,,192.168.1.15,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,1621617486991627159,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,6532044925164558210,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-0393,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,30E11FC1-2EC7-9412-66A6-CDBDFF40D487,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,1998436724571375512,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,51,Fulham,-1,England,Tue Jun 16 07:26:47 2026,Europe/London,SW6,140.228.75.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,1998436724571375512,,,,,nspolicy,,katrina.berzina@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Agnese.Ruskule@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.52.126,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Atlassian MCP,,0,MCP Server,,,,,,,,,,,0,,,MCP Server,70,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,NL,0,52,Amsterdam,4,North Holland,Europe/Amsterdam,1016,185.166.143.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Mac OSX 26.5.0,"[""All Sector Websites"",""MCP Server"",""DLP All Categories "",""Marketing"",""SSL NO DECRYPT ALL"",""All Categories"",""Technology""]",,,mcp.atlassian.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393853437585578753,,,0,,,,,,,,,,0,,,,,,,,,Atlassian MCP,PL,0,50,Katowice,18,Silesia,Tue Jun 16 08:26:47 2026,Europe/Warsaw,40-872,195.177.85.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,0,,,,,nspolicy,,marek.nowak@corporate.com,mcp.atlassian.com,andrzej.globisz@corporate.com,,,,192.168.1.27,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,,yes,,[WEB] All Sector Web Access,policy,,,0,,,,,,,,,,,,0,,,All Sector Websites,0,unknown,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,74.178.35.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""All Categories"",""Technology""]",,,winatp-gw-neu.microsoft.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852845911628545,,,0,,,,,,,,,,0,,,,,,,,,,GB,0,51,Waltham Cross,-1,England,Tue Jun 16 07:26:47 2026,Europe/London,EN8,82.9.161.0,0,,0,,,,0,,,1781591207,,,0,Web,0,,,,,nspolicy,,owen.phillips@corporate.com,winatp-gw-neu.microsoft.com,Gareth.Anderson@corporate.com,,,,192.168.0.64,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Live Accounts,,0,Application Suite,,,,,,,,,,,0,,,Application Suite,70,medium,0,,0,,,0,,1,,Other,,,,,,,,,,,,,IE,0,53,Dublin,-7,Leinster,Europe/Dublin,D02,40.126.31.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""Application Suite"",""DLP All Categories "",""Marketing"",""All Categories"",""Risk and Crime"",""CapitalMarkets_and_Corporate Allow"",""Technology""]",,,login.live.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393852424627345153,,,0,,,,,,,,,,0,,,,,,,,,Microsoft Live Suite,GB,0,53,Chorley,-3,England,Tue Jun 16 07:26:47 2026,Europe/London,PR7,86.179.133.0,0,,0,,,,0,,,1781591207,,,0,CloudApp,0,,,,,nspolicy,,maria.edwards@corporate.com,login.live.com,Peter.Norris@corporate.com,,,,192.168.1.237,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,3418830011869835973,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,6370962430820221408,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-6098,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,E718A4BE-BD27-5206-730B-5790C5F4FD8B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6366309692230137085,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,52,Leicester,-2,England,Tue Jun 16 07:26:48 2026,Europe/London,LE3,176.248.214.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,846928520315636649,,,,,nspolicy,,chris.davies@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Andy.Sutton@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.68.55,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:47.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,4552805259691069610,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:47 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591207,,,0,Web,4552805259691069610,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:46.000",Client,,,FALSE,useralert,Browse,yes,,[WEB] Potentially Malicious Sites,policy,,,1767205726962671992,,,,,,,,,,,,5000178776037541454,,,Potentially malicious sites,0,unknown,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,N/A,174.46.83.0,,80,,,,,0,,,,,0,,,,Corporate-96412,,,,,,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,14.html,B3CC260A-BFB2-714F-02F9-D8C96DB9B21B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""Potentially malicious sites"",""Uncategorized"",""DLP All Categories "",""All Categories""]",,,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin?cacheHostOrigin=swdb02-mscdn.manage.microsoft.com,174.46.83.201,,,[WEB] Potentially Malicious Sites,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6988357283908119751,,,0,,,,,,,,,,0,,,,,,,,,174.46.83.201,GB,0,53,Halifax,-2,England,Tue Jun 16 07:26:46 2026,Europe/London,HX1,81.105.212.0,0,,0,,,,0,,,1781591206,,,0,Web,6988357283908119751,,,,,nspolicy,,kevin.brooks@corporate.com,174.46.83.201/c7a4bfbe-877b-44d5-ba40-d8df5298ae5e/48ce72f3-b6bb-472b-8c37-cbef80be50e8/283371b2-2794-4fcd-9377-974fd9ff2404.intunewin.bin,Charissa.Chang@corporate.com,,,Microsoft-Delivery-Optimization/10.1,192.168.0.164,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Browse,yes,,[WEB] All Sector Web Access,policy,Microsoft Azure DevOps,,0,Development Tools,,,,,,,,,,,0,,,Development Tools,84,high,0,,0,,,0,,1,,Other,,,,,,,,,,,,,US,0,29,San Antonio,-99,Texas,America/Chicago,78288,23.100.122.0,,443,,,,,0,,,,,0,,,,,,,,,,0,,,,,,,,,,,[],,,,,,,,,,,,0,,,, ,0,,,,,,,,,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Engineering"",""Marketing"",""Development Tools"",""Platforms"",""All Categories"",""Technology""]",,,rt.services.visualstudio.com,,,,[WEB] All Sector Web Access,,,,,,,,0,3393851970317026819,,,0,,,,,,,,,,0,,,,,,,,,Visual Studio,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:48 2026,Europe/London,N/A,148.252.148.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,0,,,,,nspolicy,,luke.harrison@corporate.com,rt.services.visualstudio.com,adam.wrightson@corporate.com,,,,10.80.83.1,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,3418830011869835973,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,6370962430820221408,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-6098,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,E718A4BE-BD27-5206-730B-5790C5F4FD8B,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,6366309692230137085,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,52,Leicester,-2,England,Tue Jun 16 07:26:48 2026,Europe/London,LE3,176.248.214.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,6366309692230137085,,,,,nspolicy,,chris.davies@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,Andy.Sutton@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.68.55,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,8474345048791532673,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,2375969179232529120,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.74.148.0,,443,,,,,0,,,,,0,,,,Corporate-3436,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,B9C1AE09-E254-CCD6-3CCF-4AA3298EEA10,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,5384370215151327567,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,55,Glasgow,-5,Scotland,Tue Jun 16 07:26:48 2026,Europe/London,N/A,148.252.148.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,5384370215151327567,,,,,nspolicy,,luke.harrison@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,adam.wrightson@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",10.80.83.3,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Edit,yes,,[WEB] All Sector Web Access,policy,Amazon Kinesis,,2855143298923339489,Business Intelligence and Data Analytics,Amazon,,,,,,,,,,2064547398725143804,,,All Sector Websites,87,high,0,,0,,,0,,1,,Windows Device,managed,,,,,,,,,,,,DE,0,50,Frankfurt am Main,8,Hesse,Europe/Berlin,60313,3.123.12.0,,443,,,,,0,,,,,0,,,,Corporate-2731,,,,,9.0547E+11,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,73699F49-EB38-1294-ED45-9ACC1AE015EE,0,,,,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""DLP All Categories "",""Marketing"",""Corporate No DLP User Alerts"",""All Categories"",""Technology"",""Engineering"",""Business Intelligence and Data Analytics""]",,,905469987510.data-kinesis.eu-central-1.amazonaws.com/,905469987510.data-kinesis.eu-central-1.amazonaws.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7925420924444153094,,,0,,,,,,,,,,0,,,,,,,,,Amazon Kinesis,GB,0,52,Milton Keynes,-1,England,Tue Jun 16 07:26:48 2026,Europe/London,MK6,94.10.125.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,7925420924444153094,,,,,nspolicy,,nicole.ward@corporate.com,905469987510.data-kinesis.eu-central-1.amazonaws.com/,hayley.Jarvis@corporate.com,,,"aws-sdk-go-v2/1.41.7 ua/2.1 os/windows lang/go#1.26.3 md/GOOS#windows md/GOARCH#amd64 api/kinesis#1.43.7 m/E,e",192.168.0.35,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, +"16/06/2026, 06:26:48.000",Client,,,FALSE,alert,Delete,yes,,[WEB] All Sector Web Access,policy,Microsoft Office 365 Outlook.com,,5653566044705553090,Webmail,Office365,,,,,,,,,Edge,5199259246582574824,149.0.0.0,,All Sector Websites,81,high,0,,0,,,277779316245107090,,1,,Windows Device,managed,,,,,,,,,,,,GB,0,51,London,-1,England,Europe/London,W1U,40.99.205.0,,443,,,,,0,,,,,0,,steve.smith@corporate.com,,Corporate-2583,,,,,Corporate,0,,,,,,,,,,,[],,,,,,,no,,,,,0,,,,D75790AE-F0D9-D54E-905B-99BA85FA8F7B,0,,AAkALgAAAAAAHYQDEapmEc2byACqAC/EWg0ALbG3BAwvpk293U7kYeVIZgAG1CnCUQAA,Mail,,,,,Windows 11,Windows NT 11.0,"[""All Sector Websites"",""All Categories"",""DLP All Categories "",""Webmail""]",,,outlook.office.com,Microsoft Office 365 Outlook.com,,,[WEB] All Sector Web Access,,7FB181CEF851C88C 2026-06-15 15:05:33.202470,,HTTPS/1.1,,,,0,7339957861114475334,,,0,,,,,,,Yes,,,0,,unknown,,,,,,,Microsoft Office 365 Outlook.com,GB,0,52,Bedford,-1,England,Tue Jun 16 07:26:48 2026,Europe/London,MK42,5.69.118.0,0,,0,,,,0,,,1781591208,,,0,CloudApp,7339957861114475334,,,,,nspolicy,,jason.miller@corporate.com,outlook.office.com/owa/service.svc,steve.smith@corporate.com,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 Edg/149.0.0.0 OneOutlook/1.2026.602.400",192.168.0.25,,,,16b4146d-f75d-47d9-a115-bbd9ccafb19a,NetskopeAlerts_CL, \ No newline at end of file From 97ff8e28924a0e0b9c7bb321a2ecab89f29e5adc Mon Sep 17 00:00:00 2001 From: Steve Miller <56824624+Steve1145@users.noreply.github.com> Date: Tue, 16 Jun 2026 14:21:36 +0100 Subject: [PATCH 3/4] copilot review --- .../CustomTables/NetskopeAlerts_CL.json | 320 +++++++++--------- .../ASimAlertEventNetskopeSecurityCloud.json | 2 +- .../vimAlertEventNetskopeSecurityCloud.json | 2 +- .../CHANGELOG/ASimAlertEvent.md | 2 +- .../ASimAlertEventNetskopeSecurityCloud.md | 2 +- .../ASimAlertEvent/CHANGELOG/imAlertEvent.md | 2 +- .../vimAlertEventNetskopeSecurityCloud.md | 2 +- .../ASimAlertEventNetskopeSecurityCloud.yaml | 4 +- .../vimAlertEventNetskopeSecurityCloud.yaml | 4 +- 9 files changed, 170 insertions(+), 170 deletions(-) diff --git a/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json index 86cfcd0b976..40362eb020f 100644 --- a/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json +++ b/.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json @@ -3,75 +3,75 @@ "Properties": [ { "Name": "TimeGenerated", - "Type": "DateTime" + "Type": "datetime" }, { "Name": "access_method", - "Type": "String" + "Type": "string" }, { "Name": "account_id", - "Type": "String" + "Type": "string" }, { "Name": "account_name", - "Type": "String" + "Type": "string" }, { "Name": "acked", - "Type": "String" + "Type": "string" }, { "Name": "action", - "Type": "String" + "Type": "string" }, { "Name": "activity", - "Type": "String" + "Type": "string" }, { "Name": "alert", - "Type": "String" + "Type": "string" }, { "Name": "alert_id", - "Type": "String" + "Type": "string" }, { "Name": "alert_name", - "Type": "String" + "Type": "string" }, { "Name": "alert_type", - "Type": "String" + "Type": "string" }, { "Name": "app", - "Type": "String" + "Type": "string" }, { "Name": "app_activity", - "Type": "String" + "Type": "string" }, { "Name": "app_sessionid", - "Type": "String" + "Type": "string" }, { "Name": "appcategory", - "Type": "String" + "Type": "string" }, { "Name": "appsuite", - "Type": "String" + "Type": "string" }, { "Name": "asset_id", - "Type": "String" + "Type": "string" }, { "Name": "asset_object_id", - "Type": "String" + "Type": "string" }, { "Name": "breach_date", @@ -79,43 +79,43 @@ }, { "Name": "breach_description", - "Type": "String" + "Type": "string" }, { "Name": "breach_id", - "Type": "String" + "Type": "string" }, { "Name": "breach_media_references", - "Type": "String" + "Type": "string" }, { "Name": "breach_score", - "Type": "String" + "Type": "string" }, { "Name": "breach_target_references", - "Type": "String" + "Type": "string" }, { "Name": "browser", - "Type": "String" + "Type": "string" }, { "Name": "browser_sessionid", - "Type": "String" + "Type": "string" }, { "Name": "browser_version", - "Type": "String" + "Type": "string" }, { "Name": "bypass_traffic", - "Type": "String" + "Type": "string" }, { "Name": "category", - "Type": "String" + "Type": "string" }, { "Name": "cci", @@ -123,7 +123,7 @@ }, { "Name": "ccl", - "Type": "String" + "Type": "string" }, { "Name": "client_bytes", @@ -147,11 +147,11 @@ }, { "Name": "connectionid", - "Type": "String" + "Type": "string" }, { "Name": "CononicalName", - "Type": "String" + "Type": "string" }, { "Name": "count_i", @@ -159,43 +159,43 @@ }, { "Name": "data_type", - "Type": "String" + "Type": "string" }, { "Name": "device", - "Type": "String" + "Type": "string" }, { "Name": "device_classification", - "Type": "String" + "Type": "string" }, { "Name": "dlp_file", - "Type": "String" + "Type": "string" }, { "Name": "dlp_incidentid", - "Type": "String" + "Type": "string" }, { "Name": "dlp_is_unique_count", - "Type": "String" + "Type": "string" }, { "Name": "dlp_mail_parent_id", - "Type": "String" + "Type": "string" }, { "Name": "dlp_parentid", - "Type": "String" + "Type": "string" }, { "Name": "dlp_profile", - "Type": "String" + "Type": "string" }, { "Name": "dlp_rule", - "Type": "String" + "Type": "string" }, { "Name": "dlp_rule_count", @@ -203,7 +203,7 @@ }, { "Name": "dlp_rule_severity", - "Type": "String" + "Type": "string" }, { "Name": "dlp_unique_count", @@ -211,11 +211,11 @@ }, { "Name": "domain", - "Type": "String" + "Type": "string" }, { "Name": "dst_country", - "Type": "String" + "Type": "string" }, { "Name": "dst_geoip_src", @@ -227,7 +227,7 @@ }, { "Name": "dst_location", - "Type": "String" + "Type": "string" }, { "Name": "dst_longitude", @@ -235,23 +235,23 @@ }, { "Name": "dst_region", - "Type": "String" + "Type": "string" }, { "Name": "dst_timezone", - "Type": "String" + "Type": "string" }, { "Name": "dst_zipcode", - "Type": "String" + "Type": "string" }, { "Name": "dstip", - "Type": "String" + "Type": "string" }, { "Name": "dsthost", - "Type": "String" + "Type": "string" }, { "Name": "dstport", @@ -259,19 +259,19 @@ }, { "Name": "email_source", - "Type": "String" + "Type": "string" }, { "Name": "event_type", - "Type": "String" + "Type": "string" }, { "Name": "evt_src_chnl", - "Type": "String" + "Type": "string" }, { "Name": "exposure", - "Type": "String" + "Type": "string" }, { "Name": "external_collaborator_count", @@ -287,11 +287,11 @@ }, { "Name": "file_lang", - "Type": "String" + "Type": "string" }, { "Name": "file_path", - "Type": "String" + "Type": "string" }, { "Name": "file_size", @@ -299,19 +299,19 @@ }, { "Name": "file_type", - "Type": "String" + "Type": "string" }, { "Name": "from_user", - "Type": "String" + "Type": "string" }, { "Name": "fromlogs", - "Type": "String" + "Type": "string" }, { "Name": "hostname", - "Type": "String" + "Type": "string" }, { "Name": "http_transaction_count", @@ -323,15 +323,15 @@ }, { "Name": "iaas_remediated", - "Type": "String" + "Type": "string" }, { "Name": "instance", - "Type": "String" + "Type": "string" }, { "Name": "instance_id", - "Type": "String" + "Type": "string" }, { "Name": "internal_collaborator_count", @@ -339,31 +339,31 @@ }, { "Name": "justification_reason", - "Type": "String" + "Type": "string" }, { "Name": "justification_type", - "Type": "String" + "Type": "string" }, { "Name": "last_app", - "Type": "String" + "Type": "string" }, { "Name": "last_country", - "Type": "String" + "Type": "string" }, { "Name": "last_device", - "Type": "String" + "Type": "string" }, { "Name": "last_location", - "Type": "String" + "Type": "string" }, { "Name": "last_region", - "Type": "String" + "Type": "string" }, { "Name": "last_timestamp", @@ -371,11 +371,11 @@ }, { "Name": "log_file_name", - "Type": "String" + "Type": "string" }, { "Name": "malicious", - "Type": "String" + "Type": "string" }, { "Name": "malsite_category", @@ -383,15 +383,15 @@ }, { "Name": "malsite_country", - "Type": "String" + "Type": "string" }, { "Name": "malsite_id", - "Type": "String" + "Type": "string" }, { "Name": "malsite_ip_host", - "Type": "String" + "Type": "string" }, { "Name": "malsite_latitude", @@ -403,27 +403,27 @@ }, { "Name": "malsite_region", - "Type": "String" + "Type": "string" }, { "Name": "managed_app", - "Type": "String" + "Type": "string" }, { "Name": "managementID", - "Type": "String" + "Type": "string" }, { "Name": "matched_username", - "Type": "String" + "Type": "string" }, { "Name": "md5", - "Type": "String" + "Type": "string" }, { "Name": "mime_type", - "Type": "String" + "Type": "string" }, { "Name": "modified", @@ -431,19 +431,19 @@ }, { "Name": "netskope_activity", - "Type": "String" + "Type": "string" }, { "Name": "netskope_pop", - "Type": "String" + "Type": "string" }, { "Name": "notify_template", - "Type": "String" + "Type": "string" }, { "Name": "nsdeviceuid", - "Type": "String" + "Type": "string" }, { "Name": "numbytes", @@ -451,39 +451,39 @@ }, { "Name": "object", - "Type": "String" + "Type": "string" }, { "Name": "object_id", - "Type": "String" + "Type": "string" }, { "Name": "object_type", - "Type": "String" + "Type": "string" }, { "Name": "org", - "Type": "String" + "Type": "string" }, { "Name": "organization_unit", - "Type": "String" + "Type": "string" }, { "Name": "orig_ty", - "Type": "String" + "Type": "string" }, { "Name": "orignal_file_path", - "Type": "String" + "Type": "string" }, { "Name": "os", - "Type": "String" + "Type": "string" }, { "Name": "os_version", - "Type": "String" + "Type": "string" }, { "Name": "other_categories", @@ -495,27 +495,27 @@ }, { "Name": "owner", - "Type": "String" + "Type": "string" }, { "Name": "page", - "Type": "String" + "Type": "string" }, { "Name": "page_site", - "Type": "String" + "Type": "string" }, { "Name": "parent_id", - "Type": "String" + "Type": "string" }, { "Name": "password_type", - "Type": "String" + "Type": "string" }, { "Name": "policy", - "Type": "String" + "Type": "string" }, { "Name": "policy_actions", @@ -523,27 +523,27 @@ }, { "Name": "policy_id", - "Type": "String" + "Type": "string" }, { "Name": "profile_id", - "Type": "String" + "Type": "string" }, { "Name": "protocol", - "Type": "String" + "Type": "string" }, { "Name": "referer", - "Type": "String" + "Type": "string" }, { "Name": "region_id", - "Type": "String" + "Type": "string" }, { "Name": "region_name", - "Type": "String" + "Type": "string" }, { "Name": "req_cnt", @@ -551,15 +551,15 @@ }, { "Name": "requestid", - "Type": "String" + "Type": "string" }, { "Name": "resource_category", - "Type": "String" + "Type": "string" }, { "Name": "resource_group", - "Type": "String" + "Type": "string" }, { "Name": "resp_cnt", @@ -571,35 +571,35 @@ }, { "Name": "sa_profile_name", - "Type": "String" + "Type": "string" }, { "Name": "sa_rule_id", - "Type": "String" + "Type": "string" }, { "Name": "sa_rule_name", - "Type": "String" + "Type": "string" }, { "Name": "sa_rule_severity", - "Type": "String" + "Type": "string" }, { "Name": "sAMAccountName", - "Type": "String" + "Type": "string" }, { "Name": "sanctioned_instance", - "Type": "String" + "Type": "string" }, { "Name": "scan_type", - "Type": "String" + "Type": "string" }, { "Name": "serial", - "Type": "String" + "Type": "string" }, { "Name": "server_bytes", @@ -607,15 +607,15 @@ }, { "Name": "sessionid", - "Type": "String" + "Type": "string" }, { "Name": "severity", - "Type": "String" + "Type": "string" }, { "Name": "severity_level", - "Type": "String" + "Type": "string" }, { "Name": "severity_level_id", @@ -623,27 +623,27 @@ }, { "Name": "sfwder", - "Type": "String" + "Type": "string" }, { "Name": "sha256", - "Type": "String" + "Type": "string" }, { "Name": "shared_domains", - "Type": "String" + "Type": "string" }, { "Name": "shared_with", - "Type": "String" + "Type": "string" }, { "Name": "site", - "Type": "String" + "Type": "string" }, { "Name": "src_country", - "Type": "String" + "Type": "string" }, { "Name": "src_geoip_src", @@ -655,7 +655,7 @@ }, { "Name": "src_location", - "Type": "String" + "Type": "string" }, { "Name": "src_longitude", @@ -663,23 +663,23 @@ }, { "Name": "src_region", - "Type": "String" + "Type": "string" }, { "Name": "src_time", - "Type": "String" + "Type": "string" }, { "Name": "src_timezone", - "Type": "String" + "Type": "string" }, { "Name": "src_zipcode", - "Type": "String" + "Type": "string" }, { "Name": "srcip", - "Type": "String" + "Type": "string" }, { "Name": "suppression_end_time", @@ -687,7 +687,7 @@ }, { "Name": "suppression_key", - "Type": "String" + "Type": "string" }, { "Name": "suppression_start_time", @@ -695,15 +695,15 @@ }, { "Name": "telemetry_app", - "Type": "String" + "Type": "string" }, { "Name": "threat_match_field", - "Type": "String" + "Type": "string" }, { "Name": "threat_match_value", - "Type": "String" + "Type": "string" }, { "Name": "threat_source_id", @@ -723,11 +723,11 @@ }, { "Name": "title_s", - "Type": "String" + "Type": "string" }, { "Name": "to_object", - "Type": "String" + "Type": "string" }, { "Name": "total_collaborator_count", @@ -735,91 +735,91 @@ }, { "Name": "traffic_type", - "Type": "String" + "Type": "string" }, { "Name": "transactionid", - "Type": "String" + "Type": "string" }, { "Name": "true_obj_category", - "Type": "String" + "Type": "string" }, { "Name": "true_obj_type", - "Type": "String" + "Type": "string" }, { "Name": "tss_mode", - "Type": "String" + "Type": "string" }, { "Name": "two_factor_auth", - "Type": "String" + "Type": "string" }, { "Name": "type_s", - "Type": "String" + "Type": "string" }, { "Name": "universal_connector", - "Type": "String" + "Type": "string" }, { "Name": "ur_normalized", - "Type": "String" + "Type": "string" }, { "Name": "url", - "Type": "String" + "Type": "string" }, { "Name": "user", - "Type": "String" + "Type": "string" }, { "Name": "user_generated", - "Type": "String" + "Type": "string" }, { "Name": "user_id", - "Type": "String" + "Type": "string" }, { "Name": "useragent", - "Type": "String" + "Type": "string" }, { "Name": "userip", - "Type": "String" + "Type": "string" }, { "Name": "userkey", - "Type": "String" + "Type": "string" }, { "Name": "userPrincipalName", - "Type": "String" + "Type": "string" }, { "Name": "web_universal_connector", - "Type": "String" + "Type": "string" }, { "Name": "TenantId", - "Type": "String" + "Type": "string" }, { "Name": "Type", - "Type": "String" + "Type": "string" }, { "Name": "_ResourceId", - "Type": "String" + "Type": "string" }, { "Name": "_ItemId", - "Type": "String" + "Type": "string" } ] } \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json index ae82b416ec7..2d3309fa1cf 100644 --- a/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json +++ b/Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json @@ -27,7 +27,7 @@ "displayName": "Alert Event ASIM parser for Netskope Security Cloud", "category": "ASIM", "FunctionAlias": "ASimAlertEventNetskopeSecurityCloud", - "query": "let parser = (\n disabled:bool = false,\n pack:bool = false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"AntiVirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Netskope Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic([])\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n disabled = disabled,\n pack = pack\n)", + "query": "let parser = (\n disabled:bool = false,\n pack:bool = false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"Antivirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic({})\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n disabled = disabled,\n pack = pack\n)", "version": 1, "functionParameters": "disabled:bool=False,pack:bool=False" } diff --git a/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json index a59bf1dd891..701913b5648 100644 --- a/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json +++ b/Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json @@ -27,7 +27,7 @@ "displayName": "Alert Event ASIM parser for Netskope Security Cloud", "category": "ASIM", "FunctionAlias": "vimAlertEventNetskopeSecurityCloud", - "query": "let parser = (\n starttime: datetime=datetime(null),\n endtime: datetime=datetime(null),\n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n disabled: bool=false,\n pack: bool=false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | where (\n (isnull(starttime) or TimeGenerated >= starttime)\n and (isnull(endtime) or TimeGenerated <= endtime)\n and ((array_length(ipaddr_has_any_prefix) == 0) or (has_any_ipv4_prefix(userip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(srcip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(dstip, ipaddr_has_any_prefix)))\n and ((array_length(hostname_has_any) == 0) or (hostname has_any (hostname_has_any)))\n and ((array_length(username_has_any) == 0) or (user has_any (username_has_any)))\n and ((array_length(attacktactics_has_any) == 0)) // AttackTactics detail not available in this parser.\n and ((array_length(attacktechniques_has_any) == 0)) // AttackTechniques detail not available in this parser.\n // ThreatCategory filtering done later in the parser\n and ((array_length(alertverdict_has_any) == 0)) // AlertVerdict detail not available in this parser.\n // EventSeverity filtering done later in the parser\n )\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | where ((array_length(threatcategory_has_any) == 0) or (ThreatCategory has_any (threatcategory_has_any)))\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | where ((array_length(eventseverity_has_any) == 0 or EventSeverity has_any (eventseverity_has_any)))\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"AntiVirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Netskope Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic([])\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n starttime = starttime,\n endtime = endtime,\n ipaddr_has_any_prefix = ipaddr_has_any_prefix,\n hostname_has_any = hostname_has_any,\n username_has_any = username_has_any,\n attacktactics_has_any = attacktactics_has_any,\n attacktechniques_has_any = attacktechniques_has_any,\n threatcategory_has_any = threatcategory_has_any,\n alertverdict_has_any = alertverdict_has_any,\n eventseverity_has_any = eventseverity_has_any,\n disabled = disabled,\n pack = pack\n)", + "query": "let parser = (\n starttime: datetime=datetime(null),\n endtime: datetime=datetime(null),\n ipaddr_has_any_prefix: dynamic=dynamic([]),\n hostname_has_any: dynamic=dynamic([]),\n username_has_any: dynamic=dynamic([]),\n attacktactics_has_any: dynamic=dynamic([]),\n attacktechniques_has_any: dynamic=dynamic([]),\n threatcategory_has_any: dynamic=dynamic([]),\n alertverdict_has_any: dynamic=dynamic([]),\n eventseverity_has_any: dynamic=dynamic([]),\n disabled: bool=false,\n pack: bool=false\n)\n{\n NetskopeAlerts_CL\n | where not(disabled)\n | where (\n (isnull(starttime) or TimeGenerated >= starttime)\n and (isnull(endtime) or TimeGenerated <= endtime)\n and ((array_length(ipaddr_has_any_prefix) == 0) or (has_any_ipv4_prefix(userip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(srcip, ipaddr_has_any_prefix)) or (has_any_ipv4_prefix(dstip, ipaddr_has_any_prefix)))\n and ((array_length(hostname_has_any) == 0) or (hostname has_any (hostname_has_any)))\n and ((array_length(username_has_any) == 0) or (user has_any (username_has_any)))\n and ((array_length(attacktactics_has_any) == 0)) // AttackTactics detail not available in this parser.\n and ((array_length(attacktechniques_has_any) == 0)) // AttackTechniques detail not available in this parser.\n // ThreatCategory filtering done later in the parser\n and ((array_length(alertverdict_has_any) == 0)) // AlertVerdict detail not available in this parser.\n // EventSeverity filtering done later in the parser\n )\n | extend\n EventStartTime = unixtime_seconds_todatetime(timestamp),\n ThreatCategory = case(\n category =~ \"Blocked Risky URLs\", \"MaliciousUrl\",\n category in~ (\"Aggressive\", \"Online Ads\"), \"Adware\",\n category in~ (\n \"Forums\",\n \"Web Hosting, ISP & Telco\",\n \"Games\",\n \"Customer Relationship Management\",\n \"Pay To Surf\",\n \"Real Estate\",\n \"Finance/Accounting\",\n \"App Admin Console\",\n \"URL Shorteners\",\n \"Financial News\",\n \"Religion\",\n \"Social & Affiliation Organizations\",\n \"Auctions & Marketplaces\",\n \"Entertainment\",\n \"Gambling\",\n \"Trading & Investing\",\n \"Drugs\"\n ), \"Security Policy Violation\",\n \"Unknown\"\n )\n | where ((array_length(threatcategory_has_any) == 0) or (ThreatCategory has_any (threatcategory_has_any)))\n | extend\n EventEndTime = EventStartTime,\n TimeGenerated = EventStartTime,\n EventSeverity = case(\n severity =~ \"high\", \"High\",\n severity =~ \"medium\", \"Medium\",\n severity =~ \"low\", \"Low\",\n severity =~ \"informational\", \"Informational\",\n \"Informational\"\n )\n | where ((array_length(eventseverity_has_any) == 0 or EventSeverity has_any (eventseverity_has_any)))\n | extend\n EventSubType = case(\n alert_type in~ (\"malware\", \"c2\", \"malsite\", \"ips\", \"compromised credential\"), \"Threat\",\n alert_type in~ (\"dlp\", \"policy\"), \"Compliance Violation\",\n alert_type =~ \"uba\", \"Anomaly\",\n \"\"\n ),\n DetectionMethod = case(\n alert_type =~ \"dlp\", \"Data Loss Prevention\",\n alert_type =~ \"malware\", \"Antivirus\",\n alert_type =~ \"policy\", \"Cloud Application Security\",\n alert_type in~ (\"c2\", \"ips\"), \"Intrusion Detection\",\n alert_type =~ \"compromised credential\", \"Threat Intelligence\",\n alert_type =~ \"uba\", \"Behavioral Analytics\",\n alert_type =~ \"malsite\", \"Reputation\",\n \"Other\"\n ),\n FileName = iff(\n tolower(tostring(object_type)) == \"file\", tostring(object),\n \"\"\n ),\n DvcOriginalAction = tostring(action),\n DvcAction = case(\n action =~ \"block\", \"Block\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\"), \"Allow\",\n action in~ (\"anomaly_detection\", \"detection\"), \"Detect\",\n \"\"\n ),\n EventResult = case(\n action =~ \"block\", \"Failure\",\n action in~ (\"allow\", \"proceed\", \"bypass\", \"alert\", \"useralert\", \"anomaly_detection\", \"detection\"), \"Success\",\n \"NA\"\n ),\n _cat = tostring(category),\n _app = tostring(app),\n _desc = tostring(breach_description),\n DvcId = iff(isnotempty(nsdeviceuid), nsdeviceuid, ''),\n DvcIdType = iff(isnotempty(nsdeviceuid), 'Other', '')\n | extend\n EventMessage = strcat(\n trim(\" \", tostring(alert_name)),\n iff(isnotempty(_cat), strcat(\" | Category: \", _cat), \"\"),\n iff(isnotempty(_app), strcat(\" | App: \", _app), \"\"),\n iff(isnotempty(_desc), strcat(\" | Breach Description: \", _desc), \"\")\n )\n | project\n TimeGenerated,\n EventType = \"Alert\",\n EventSchema = \"AlertEvent\",\n EventSchemaVersion = \"0.1\",\n EventVendor = \"Netskope\",\n EventProduct = \"Security Cloud\",\n EventCount = int(1),\n EventStartTime,\n EventEndTime,\n EventSeverity,\n EventOriginalSeverity = severity,\n EventSubType,\n EventResult,\n EventOriginalResultDetails = action,\n DvcId,\n DvcIdType,\n DvcIpAddr = userip,\n DvcHostname = hostname,\n DvcAction,\n EventUid = _ItemId,\n EventOriginalSubType = tostring(alert_type),\n ThreatOriginalCategory = tostring(category),\n ThreatCategory,\n EventMessage,\n DvcOs = case(\n os has \"windows\", \"Windows\",\n os_version startswith \"windows\", \"Windows\",\n os has \"Mac OS\", \"macOS\",\n os_version startswith \"Mac\", \"macOS\",\n \"\"\n ),\n DvcOsVersion = os_version,\n DetectionMethod,\n AlertName = tostring(alert_name),\n RuleName = tostring(policy),\n DvcOriginalAction,\n Username = tostring(user),\n FileName,\n FileSHA256 = sha256,\n FileMD5 = md5,\n Url = url,\n Type,\n AdditionalFields = iff(\n pack,\n bag_pack(\n \"AccessMethod\", access_method,\n \"AlertType\", alert_type,\n \"Action\", action,\n \"Activity\", activity,\n \"App\", app,\n \"AppSessionId\", tostring(coalesce(columnifexists(\"app_sessionid\", \"\"), \"\")),\n \"AppCategory\", appcategory,\n \"AppSuite\", appsuite,\n \"Browser\", browser,\n \"BrowserSessionId\", tostring(coalesce(columnifexists(\"browser_sessionid\", \"\"), \"\")),\n \"BrowserVersion\", browser_version,\n \"CloudConfidenceIndex\", cci,\n \"CloudConfidenceLevel\", ccl,\n \"ConnectionId\", tostring(coalesce(columnifexists(\"connectionid\", \"\"), \"\")),\n \"MalsiteCategory\", malsite_category,\n \"MalsiteCountry\", malsite_country,\n \"Referer\", referer,\n \"ObjectType\", object_type,\n \"SourceIP\", srcip,\n \"DestinationIP\", dstip\n ),\n dynamic({})\n )\n | extend\n UsernameType = case(\n Username has \"@\", \"UPN\",\n Username has @\"\\\", \"Windows\",\n isnotempty(Username), \"Simple\",\n \"\"\n ),\n UserType = case(\n isempty(Username), \"Anonymous\",\n Username startswith \"svc_\" or Username startswith \"svc-\" or Username startswith \"svc.\" or Username has \"_svc@\", \"Service\",\n Username startswith \"adm_\" or Username startswith \"adm-\" or Username has \"admin@\", \"Admin\",\n \"Regular\"\n )\n //Aliases\n | extend\n AlertId = EventUid,\n AlertDescription = EventMessage,\n Rule = RuleName,\n Hostname = DvcHostname,\n IpAddr = DvcIpAddr,\n User = Username,\n Dvc = DvcHostname,\n EventResultDetails = EventOriginalResultDetails\n};\nparser(\n starttime = starttime,\n endtime = endtime,\n ipaddr_has_any_prefix = ipaddr_has_any_prefix,\n hostname_has_any = hostname_has_any,\n username_has_any = username_has_any,\n attacktactics_has_any = attacktactics_has_any,\n attacktechniques_has_any = attacktechniques_has_any,\n threatcategory_has_any = threatcategory_has_any,\n alertverdict_has_any = alertverdict_has_any,\n eventseverity_has_any = eventseverity_has_any,\n disabled = disabled,\n pack = pack\n)", "version": 1, "functionParameters": "starttime:datetime=datetime(null),endtime:datetime=datetime(null),ipaddr_has_any_prefix:dynamic=dynamic([]),hostname_has_any:dynamic=dynamic([]),username_has_any:dynamic=dynamic([]),attacktactics_has_any:dynamic=dynamic([]),attacktechniques_has_any:dynamic=dynamic([]),threatcategory_has_any:dynamic=dynamic([]),alertverdict_has_any:dynamic=dynamic([]),eventseverity_has_any:dynamic=dynamic([]),disabled:bool=False,pack:bool=False" } diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md index e37027c0a26..d8346eaf208 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md @@ -2,7 +2,7 @@ ## Version 0.1.4 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) ## Version 0.1.3 diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md index d6e8858b49c..c472420f95c 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md @@ -2,4 +2,4 @@ ## Version 0.1.0 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) \ No newline at end of file +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md index 5bfb2246167..d64edc065a3 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md @@ -2,7 +2,7 @@ ## Version 0.1.4 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) ## Version 0.1.3 diff --git a/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md index b751984db20..6883cfe6f32 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md @@ -2,4 +2,4 @@ ## Version 0.1.0 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #holding](holding) \ No newline at end of file +- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml b/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml index ff3882cfeec..6b61072e581 100644 --- a/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml +++ b/Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml @@ -80,7 +80,7 @@ ParserQuery: | ), DetectionMethod = case( alert_type =~ "dlp", "Data Loss Prevention", - alert_type =~ "malware", "AntiVirus", + alert_type =~ "malware", "Antivirus", alert_type =~ "policy", "Cloud Application Security", alert_type in~ ("c2", "ips"), "Intrusion Detection", alert_type =~ "compromised credential", "Threat Intelligence", @@ -183,7 +183,7 @@ ParserQuery: | "SourceIP", srcip, "DestinationIP", dstip ), - dynamic([]) + dynamic({}) ) | extend UsernameType = case( diff --git a/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml b/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml index c6e6d09f577..234d363058c 100644 --- a/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml +++ b/Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml @@ -134,7 +134,7 @@ ParserQuery: | ), DetectionMethod = case( alert_type =~ "dlp", "Data Loss Prevention", - alert_type =~ "malware", "AntiVirus", + alert_type =~ "malware", "Antivirus", alert_type =~ "policy", "Cloud Application Security", alert_type in~ ("c2", "ips"), "Intrusion Detection", alert_type =~ "compromised credential", "Threat Intelligence", @@ -237,7 +237,7 @@ ParserQuery: | "SourceIP", srcip, "DestinationIP", dstip ), - dynamic([]) + dynamic({}) ) | extend UsernameType = case( From 9a977b191c917062d5820ef85234e945e80397e7 Mon Sep 17 00:00:00 2001 From: Steve Miller <56824624+Steve1145@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:01:45 +0100 Subject: [PATCH 4/4] correct changelog dates --- Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md | 2 +- .../CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md | 2 +- Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md | 2 +- .../CHANGELOG/vimAlertEventNetskopeSecurityCloud.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md index d8346eaf208..65832a23a3d 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md @@ -2,7 +2,7 @@ ## Version 0.1.4 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) ## Version 0.1.3 diff --git a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md index c472420f95c..779d96fac49 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md @@ -2,4 +2,4 @@ ## Version 0.1.0 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file diff --git a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md index d64edc065a3..f1348c2cb63 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md @@ -2,7 +2,7 @@ ## Version 0.1.4 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) ## Version 0.1.3 diff --git a/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md index 6883cfe6f32..41ae840a0a7 100644 --- a/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md +++ b/Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md @@ -2,4 +2,4 @@ ## Version 0.1.0 -- (2026-16-04) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file +- (2026-06-16) Netskope Security Cloud - AlertEvent ASIM Parser - [PR #14493](https://github.com/Azure/Azure-Sentinel/pull/14493) \ No newline at end of file