symantec_endpoint_security: Parse events containing "module.url" as string. #14078

kcreddy · 2025-05-30T10:22:37Z

Proposed commit message

symantec_endpoint_security: Parse events containing "module.url" as string.

Existing integration only maps "module.url" as an object. 
But it is also possible that "module.url" can appear as a string. 
In such cases, rename "module.url" to "module.url.text", 
which is an existing field supposed to contain full url.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.
I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

Added sample logs containing URL as string. Pipeline tests pass.

--- Test results for package: symantec_endpoint_security - START ---
╭────────────────────────────┬─────────────┬───────────┬──────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE                    │ DATA STREAM │ TEST TYPE │ TEST NAME                                                │ RESULT │ TIME ELAPSED │
├────────────────────────────┼─────────────┼───────────┼──────────────────────────────────────────────────────────┼────────┼──────────────┤
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-category-application.log) │ PASS   │ 461.440167ms │
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-category-audit.log)       │ PASS   │ 489.154042ms │
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-category-diagnostic.log)  │ PASS   │ 458.539084ms │
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-category-event.log)       │ PASS   │ 422.141833ms │
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-category-license.log)     │ PASS   │ 443.784125ms │
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-category-security.log)    │ PASS   │ 442.375542ms │
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-category-system.log)      │ PASS   │ 470.882959ms │
│ symantec_endpoint_security │ event       │ pipeline  │ (ingest pipeline warnings test-scalar-flattened.log)     │ PASS   │ 469.121459ms │
│ symantec_endpoint_security │ event       │ pipeline  │ test-category-application.log                            │ PASS   │ 2.132816959s │
│ symantec_endpoint_security │ event       │ pipeline  │ test-category-audit.log                                  │ PASS   │    663.522ms │
│ symantec_endpoint_security │ event       │ pipeline  │ test-category-diagnostic.log                             │ PASS   │ 620.644792ms │
│ symantec_endpoint_security │ event       │ pipeline  │ test-category-event.log                                  │ PASS   │ 140.793209ms │
│ symantec_endpoint_security │ event       │ pipeline  │ test-category-license.log                                │ PASS   │ 441.808959ms │
│ symantec_endpoint_security │ event       │ pipeline  │ test-category-security.log                               │ PASS   │ 4.747197125s │
│ symantec_endpoint_security │ event       │ pipeline  │ test-category-system.log                                 │ PASS   │   4.1417545s │
│ symantec_endpoint_security │ event       │ pipeline  │ test-scalar-flattened.log                                │ PASS   │    142.166ms │
╰────────────────────────────┴─────────────┴───────────┴──────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: symantec_endpoint_security - END   ---
Done

kcreddy · 2025-05-30T10:27:02Z

...ges/symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-category-system.log

@@ -11,3 +11,4 @@
 {"actor": {"app_name": "Test Actor-App_Name","app_uid": "Test Actor-App_UID","app_ver": "Test Actor-App_Ver","cmd_line": "Test Actor-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Actor-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-File-Creator","creator_process": "Test Actor-File-Creator_Process","desc": "Test Actor-File-Desc","folder": "c:\\windows\\system32\\actor\\file\\folder","folder_uid": "Test Actor-File-Folder_UID","is_system": true,"md5": "Test Actor-File-MD5","mime_type": "Test Actor-File-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-File-Modifier","name": "actor_file_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name": "Test Actor-File-Original_Name","owner": "Test Actor-File-Owner","parent_name": "Test Actor-File-Parent_Name","parent_sha2": "Test Actor-File-Parent_SHA2","path": "c:\\windows\\system32\\actor_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-File-Security_Descriptor","sha1": "Test Actor-File-SHA1","sha2": "Test Actor-File-SHA2","signature_company_name": "Test Actor-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithm","value": "Test Actor-File-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithms","value": "Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.28","src_name": "Test Actor-File-SRC_Name","type_id": 1,"uid": "Test Actor-File-UID","url": {"categories": ["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids": [1,3,4],"extension": "Test Actor-File-URL-Extension","host": "www.actor-file-url-host.com","method": "Test Actor-File-URL-Method","parent_categories": ["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path": "/download/trouble/actor/file/url/path","port": 80,"provider": "Test Actor-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-File-URL-Referrer","referrer_categories": ["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-File-URL-Scheme","text": "www.actor-file-url-text.com/download/trouble"},"version": "Test Actor-File-Version","xattributes": {"ads_name": "Test Actor-File-XAttributes-ADS_Name","ads_size": "Test Actor-File-XAttributes-ADS_Size","dacl": "Test Actor-File-XAttributes-DACL","owner": "Test Actor-File-XAttributes-Owner","primary_group": "Test Actor-File-XAttributes-Primary_Group","link_name": "Test Actor-File-XAttributes-Link_Name","hard_link_count": "Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules": ["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Actor-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Actor-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-Module-Creator","creator_process": "Test Actor-Module-Creator_Process","desc": "Test Actor-Module-Desc","folder": "c:\\windows\\system32\\actor\\module\\folder","folder_uid": "Test Actor-Module-Folder_UID","is_system": true,"load_type": "Test Actor-Module-Load_Type","load_type_id": 0,"md5": "Test Actor-Module-MD5","mime_type": "Test Actor-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-Module-Modifier","name": "actor_module_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name": "Test Actor-Module-Original_Name","owner": "Test Actor-Module-Owner","parent_name": "Test Actor-Module-Parent_Name","parent_sha2": "Test Actor-Module-Parent_SHA2","path": "c:\\windows\\system32\\actor_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-Module-Security_Descriptor","sha1": "Test Actor-Module-SHA1","sha2": "Test Actor-Module-SHA2","signature_company_name": "Test Actor-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithm","value": "Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithms","value": "Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.29","src_name": "Test Actor-Module-SRC_Name","type_id": 1,"uid": "Test Actor-Module-UID","url": {"categories": ["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids": [1,3,4,5],"extension": "Test Actor-Module-URL-Extension","host": "www.actor-module-url-host.com","method": "Test Actor-Module-URL-Method","parent_categories": ["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path": "/download/trouble/actor/module/url/path","port": 80,"provider": "Test Actor-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-Module-URL-Referrer","referrer_categories": ["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-Module-URL-Scheme","text": "www.actor-module-url-text.com/download/trouble"},"version": "Test Actor-Module-Version","xattributes": {"ads_name": "Test Actor-Module-XAttributes-ADS_Name","ads_size": "Test Actor-Module-XAttributes-ADS_Size","dacl": "Test Actor-Module-XAttributes-DACL","owner": "Test Actor-Module-XAttributes-Owner","primary_group": "Test Actor-Module-XAttributes-Primary_Group","link_name": "Test Actor-Module-XAttributes-Link_Name","hard_link_count": "Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Actor-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Actor-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote": true,"remote_host": "Test Actor-Session-Remote_Host","remote_ip": "10.0.0.30","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-Session-User-Cloud_Resource_UID","domain": "Test Actor-Session-User-Domain","external_account_uid": "Test Actor-Session-User-External_Account_UID","external_uid": "Test Actor-Session-User-External_UID","full_name": "Test Actor-Session-User-Full_Name","groups": ["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home": "Test Actor-Session-User-Home","is_admin": true,"logon_name": "Test Actor-Session-User-Logon_Name","name": "Test Actor-Session-User-Name","password_expires": true,"shell": "Test Actor-Session-User-Shell","sid": "Test Actor-Session-User-SID","uid": "Test Actor-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Actor-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-User-Cloud_Resource_UID","domain": "Test Actor-User-Domain","external_account_uid": "Test Actor-User-External_Account_UID","external_uid": "Test Actor-User-External_UID","full_name": "Test Actor-User-Full_Name","groups": ["Test Actor-User-Group","Test Actor-User-Groups"],"home": "Test Actor-User-Home","is_admin": true,"logon_name": "Test Actor-User-Logon_Name","name": "Test Actor-User-Name","password_expires": true,"shell": "Test Actor-User-Shell","sid": "Test Actor-User-SID","uid": "Test Actor-User-UID"},"xattributes": {"ads_name": "Test Actor-XAttributes-ADS_Name","ads_size": "Test Actor-XAttributes-ADS_Size","dacl": "Test Actor-XAttributes-DACL","owner": "Test Actor-XAttributes-Owner","primary_group": "Test Actor-XAttributes-Primary_Group","link_name": "Test Actor-XAttributes-Link_Name","hard_link_count": "Test Actor-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-XAttributes-Unix_Permissions"}},"analysis": "Test Analysis","attacks": [{"sub_technique_name": "Test Attacks-Sub_Technique_Name 1","sub_technique_uid": "Test Attacks-Sub_Technique_UID 1","tactic_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids": ["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name": "Test Attacks-Technique_Name 1","technique_uid": "Test Attacks-Technique_UID 1"},{"sub_technique_name": "Test Attacks-Sub_Technique_Name 2","sub_technique_uid": "Test Attacks-Sub_Technique_UID 2","tactic_ids": [21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids": ["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name": "Test Attacks-Technique_Name 2","technique_uid": "Test Attacks-Technique_UID 2"}],"category_id": 5,"collector_device_ip": "10.0.0.1","collector_device_name": "Test Collector_Device_Name","collector_name": "Test Collector_Name","collector_uid": "Test Collector_UID","composite": 1,"container": {"host_name": "Test Container-Host_Name","image_name": "Test Container-Image_Name","image_uid": "Test Container-Image_UID","name": "Test Container-Name","networks": [{"bssid": "Test Container-Networks-BSSID 1","gateway_ip": "10.0.0.2","gateway_mac": "00:B0:D0:63:C2:01","ipv4": "10.0.0.3","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:02","rep_score_id": 0,"ssid": "Test Container-Networks-SSID 1","type_id": 0},{"bssid": "Test Container-Networks-BSSID 2","gateway_ip": "10.0.0.4","gateway_mac": "00:B0:D0:63:C2:03","ipv4": "10.0.0.5","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:04","rep_score_id": 1,"ssid": "Test Container-Networks-SSID 2","type_id": 1}],"os_name": "Test Container-OS_Name","uid": "Test Container-UID"},"correlation_uid": "Test Correltion_UID","count": 12345678901,"customer_registry_uid": "Test Customer_Registry-UID","customer_uid": "Test Customer_UID","cybox": {"domains": ["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails": [{"direction_id": 0,"header_from": "Test Cybox-Emails-Header_From 1","header_message_id": "Test Cybox-Emails-Header_Message_ID 1","header_reply_to": "Test Cybox-Emails-Header_Reply_To 1","header_subject": "Test Cybox-Emails-Header_Subject 1","header_to": ["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip": "10.0.0.6","size": 12345678901,"smtp_from": "Test Cybox-Emails-SMTP_From 1","smtp_hello": "Test Cybox-Emails-SMTP_Hello 1","smtp_to": "Test Cybox-Emails-SMTP_To 1"},{"direction_id": 1,"header_from": "Test Cybox-Emails-Header_From 2","header_message_id": "Test Cybox-Emails-Header_Message_ID 2","header_reply_to": "Test Cybox-Emails-Header_Reply_To 2","header_subject": "Test Cybox-Emails-Header_Subject 2","header_to": ["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip": "10.0.0.7","size": 12345678902,"smtp_from": "Test Cybox-Emails-SMTP_From 2","smtp_hello": "Test Cybox-Emails-SMTP_Hello 2","smtp_to": "Test Cybox-Emails-SMTP_To 2"}],"files": [{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 1","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation 1","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Cybox-Files-Content_Type-SubType 1","type_id": 0},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 1","creator_process": "Test Cybox-Files-Creator_Process 1","desc": "Test Cybox-Files-Desc 1","folder": "c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid": "Test Cybox-Files-Folder_UID 1","is_system": true,"md5": "Test Cybox-Files-MD5 1","mime_type": "Test Cybox-Files-MIME_Type 1","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 1","name": "cybox_files_name_1.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name": "Test Cybox-Files-Original_Name 1","owner": "Test Cybox-Files-Owner 1","parent_name": "Test Cybox-Files-Parent_Name 1","parent_sha2": "Test Cybox-Files-Parent_SHA2 1","path": "c:\\windows\\system32\\cybox_files_path_1.exe","product_name": "Windows Internet Explorer 1","product_path": "Test Cybox-Files-Product_Path 1","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Cybox-Files-Security_Descriptor 1","sha1": "Test Cybox-Files-SHA1 1","sha2": "Test Cybox-Files-SHA2 1","signature_company_name": "Test Cybox-Files-Signature_Company_Name 1","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value": "Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value": "Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 1","signature_level_id": 0,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 1","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Cybox-Files-SRC_Name 1","type_id": 1,"uid": "Test Cybox-Files-UID 1","url": {"categories": ["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids": [1,3,4],"extension": "Test Cybox-Files-URL-Extension 1","host": "www.files-url-host-1.com","method": "Test Cybox-Files-URL-Method 1","parent_categories": ["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path": "/download/trouble/cybox/files/url/path/1","port": 80,"provider": "Test Cybox-Files-URL-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-Files-URL-Referrer 1","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-Files-URL-Scheme 1","text": "www.files-url-text-1.com/download/trouble"},"version": "Test Cybox-Files-Version 1","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 1","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 1","dacl": "Test Cybox-Files-XAttributes-DACL 1","owner": "Test Cybox-Files-XAttributes-Owner 1","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 1","link_name": "Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 2","attribute_ids": [11,12,13,14,15,16,17],"attributes": 12345678902,"company_name": "Microsoft Corporation 2","confidentiality_id": 1,"content_type": {"family_id": 1,"subtype": "Test Cybox-Files-Content_Type-SubType 2","type_id": 1},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 2","creator_process": "Test Cybox-Files-Creator_Process 2","desc": "Test Cybox-Files-Desc 2","folder": "c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid": "Test Cybox-Files-Folder_UID 2","is_system": true,"md5": "Test Cybox-Files-MD5 2","mime_type": "Test Cybox-Files-MIME_Type 2","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 2","name": "cybox_files_name_2.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name": "Test Cybox-Files-Original_Name 2","owner": "Test Cybox-Files-Owner 2","parent_name": "Test Cybox-Files-Parent_Name 2","parent_sha2": "Test Cybox-Files-Parent_SHA2 2","path": "c:\\windows\\system32\\cybox_files_path_2.exe","product_name": "Windows Internet Explorer 2","product_path": "Test Cybox-Files-Product_Path 2","rep_discovered_band": 1,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678902,"rep_prevalence_band": 1,"rep_score": 12345678902,"rep_score_band": 1,"security_descriptor": "Test Cybox-Files-Security_Descriptor 2","sha1": "Test Cybox-Files-SHA1 2","sha2": "Test Cybox-Files-SHA2 2","signature_company_name": "Test Cybox-Files-Signature_Company_Name 2","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value": "Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value": "Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 2","signature_level_id": 1,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 2","signature_value": 12345678902,"signature_value_ids": [11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678902,"size_compressed": 12345678902,"src_ip": "10.0.0.9","src_name": "Test Cybox-Files-SRC_Name 2","type_id": 1,"uid": "Test Cybox-Files-UID 2","url": {"categories": ["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-Files-URL-Extension 2","host": "www.files-url-host-2.com","method": "Test Cybox-Files-URL-Method 2","parent_categories": ["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path": "/download/trouble/cybox/files/url/path/2","port": 81,"provider": "Test Cybox-Files-URL-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-Files-URL-Referrer 2","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-Files-URL-Scheme 2","text": "www.files-url-text-2.com/download/trouble"},"version": "Test Cybox-Files-Version 2","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 2","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 2","dacl": "Test Cybox-Files-XAttributes-DACL 2","owner": "Test Cybox-Files-XAttributes-Owner 2","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 2","link_name": "Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames": ["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.10"},"service": "Test Cybox-ICAP_ReqMod-Service 1","status": "Test Cybox-ICAP_ReqMod-Status 1","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.11"},"service": "Test Cybox-ICAP_ReqMod-Service 2","status": "Test Cybox-ICAP_ReqMod-Status 2","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_RespMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.12"},"service": "Test Cybox-ICAP_RespMod-Service 1","status": "Test Cybox-ICAP_RespMod-Status 1","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_RespMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.13"},"service": "Test Cybox-ICAP_RespMod-Service 2","status": "Test Cybox-ICAP_RespMod-Status 2","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s": ["10.0.0.14","10.0.0.15"],"ipv6s": ["2a02:cf40::","2a02:cf40::"],"macs": ["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls": [{"categories": ["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids": [1,3,4,5,6],"extension": "Test Cybox-URLs-Extension 1","host": "www.urls-host-1.com","method": "Test Cybox-URLs-Method 1","parent_categories": ["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path": "/download/trouble/cybox/urls/path/1","port": 80,"provider": "Test Cybox-URLs-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-URLs-Referrer 1","referrer_categories": ["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-URLs-Scheme 1","text": "www.urls-text-1.com/download/trouble"},{"categories": ["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-URLs-Extension 2","host": "www.urls-host-2.com","method": "Test Cybox-URLs-Method 2","parent_categories": ["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path": "/download/trouble/cybox/urls/path/2","port": 81,"provider": "Test Cybox-URLs-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-URLs-Referrer 2","referrer_categories": ["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-URLs-Scheme 2","text": "www.urls-text-2.com/download/trouble"}]},"data": "{\"IpAddress\":\"81.2.69.144\"}","device_alias_name": "Test Device_Alias_Name","device_cap": "Test Device_Cap","device_cloud_vm": {"autoscale_uid": "Test Device_Cloud_VM-Autoscale_UID","dc_region": "Test Device_Cloud_VM-DC_Region","instance_uid": "Test Device_Cloud_VM-Instance_UID","subnet_uid": "Test Device_Cloud_VM-Subnet_UID","vpc_uid": "Test Device_Cloud_VM-VPC_UID"},"device_desc": "Test Device_Desc","device_domain": "device.domain.internal.somecompany.com","device_domain_uid": "Test Device_Domain_UID","device_end_time": 1613021404000,"device_gateway": "10.0.0.16","device_group": "Test Device_Group","device_group_name": "Test Device_Group_Name","device_hw_bios_date": "03/31/16","device_hw_bios_manufacturer": "LENOVO","device_hw_bios_ver": "LENOVO G5ETA2WW (2.62)","device_hw_cpu_type": "x86 Family 6 Model 37 Stepping 5","device_imei": "Test Device_IMEI","device_ip": "10.0.0.17","device_is_compliant": true,"device_is_personal": true,"device_is_trusted": true,"device_is_unmanaged": true,"device_location": {"city": "Test Device_Location-City","continent": "Test Device_Location-Continent","coordinates": [-12.345,56.789],"country": "US","desc": "Test Device_Location-Desc","isp": "Test Device_Location-ISP","on_premises": true,"region": "US-CA"},"device_mac": "00:B0:D0:63:C2:07","device_name": "device.name.computer.domain","device_name_md5": "4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks": [{"bssid": "Test Device_Networks-BSSID 1","gateway_ip": "10.0.0.18","gateway_mac": "00:B0:D0:63:C2:08","ipv4": "10.0.0.19","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:09","rep_score_id": 0,"ssid": "Test Device_Networks-SSID 1","type_id": 0},{"bssid": "Test Device_Networks-BSSID 2","gateway_ip": "10.0.0.20","gateway_mac": "00:B0:D0:63:C2:10","ipv4": "10.0.0.21","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:11","rep_score_id": 1,"ssid": "Test Device_Networks-SSID 2","type_id": 1}],"device_org_unit": "Test Device_Org_Unit","device_os_bits": 12345678901,"device_os_build": "Test Device_OS_Build","device_os_country": "IN","device_os_edition": "Professional","device_os_lang": "en","device_os_name": "Windows Server 2019 Standard Edition","device_os_sp_name": "Test Device_OS_SP_Name","device_os_sp_ver": "Test Device_OS_SP_Ver","device_os_type_id": 0,"device_os_ver": "Windows 10","device_proxy_ip": "10.0.0.22","device_proxy_name": "Test Device_Proxy_Name","device_public_ip": "10.0.0.23","device_ref_uid": "Test Device_Ref_UID","device_site": "Test Device_Site","device_subnet": "81.2.69.142","device_time": 1613021404000,"device_type": "server","device_uid": "Test Device_UID","device_vhost": "Test Device_VHost","device_vhost_id": 0,"domain_uid": "Test Domain_UID","end_time": "2024-02-29T01:00:00.000Z","event_id": 8015000,"events": [{"connection": {"direction_id": 1,"dst_service": "C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip": "159.19.163.218"},"count": 1,"device_end_time": 1709225074618,"device_time": 1709225074618}],"feature_name": "Test Feature_Name","feature_path": "Test Feature_Path","feature_type": "Test Feature_Type","feature_uid": "Test Feature_UID","feature_ver": "2014.1.4.25","id": 12345678901,"impersonator_customer_uid": "Test Impersonator_Customer_UID","impersonator_domain_uid": "Test Impersonator_Domain_UID","impersonator_user_uid": "Test Impersonator_User_UID","is_user_present": true,"lineage": ["Test Lineage","Test Lineages"],"log_level": "Test Log Level","log_name": "Test Log_Name","log_time": "2024-02-29T01:00:00.000Z","logging_device_ip": "10.0.0.24","logging_device_name": "Test Logging_Device_Name","logging_device_post_time": 1613021404000,"logging_device_ref_uid": "Test Logging_Device_Ref_UID","message": "Test Message","message_code": "Test Message_Code","message_id": 0,"org_unit_uid": "Test Org_Unit_UID","orig_data": "Test Orig_Data","parent": {"app_name": "Test Parent-App_Name","app_uid": "Test Parent-App_UID","app_ver": "Test Parent-App_Ver","cmd_line": "Test Parent-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Parent-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-File-Creator","creator_process": "Test Parent-File-Creator_Process","desc": "Test Parent-File-Desc","folder": "c:\\windows\\system32\\parent\\file\\folder","folder_uid": "Test Parent-File-Folder_UID","is_system": true,"md5": "Test Parent-File-MD5","mime_type": "Test Parent-File-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-File-Modifier","name": "parent_file_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name": "Test Parent-File-Original_Name","owner": "Test Parent-File-Owner","parent_name": "Test Parent-File-Parent_Name","parent_sha2": "Test Parent-File-Parent_SHA2","path": "c:\\windows\\system32\\parent_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-File-Security_Descriptor","sha1": "Test Parent-File-SHA1","sha2": "Test Parent-File-SHA2","signature_company_name": "Test Parent-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithm","value": "Test Parent-File-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithms","value": "Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Parent Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.31","src_name": "Test Parent-File-SRC_Name","type_id": 1,"uid": "Test Parent-File-UID","url": {"categories": ["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids": [1,3,4,5,6,7],"extension": "Test Parent-File-URL-Extension","host": "www.parent-file-url-host.com","method": "Test Parent-File-URL-Method","parent_categories": ["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path": "/download/trouble/parent/file/url/path","port": 80,"provider": "Test Parent-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-File-URL-Referrer","referrer_categories": ["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-File-URL-Scheme","text": "www.parent-file-url-text.com/download/trouble"},"version": "Test Parent-File-Version","xattributes": {"ads_name": "Test Parent-File-XAttributes-ADS_Name","ads_size": "Test Parent-File-XAttributes-ADS_Size","dacl": "Test Parent-File-XAttributes-DACL","owner": "Test Parent-File-XAttributes-Owner","primary_group": "Test Parent-File-XAttributes-Primary_Group","link_name": "Test Parent-File-XAttributes-Link_Name","hard_link_count": "Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules": ["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Parent-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Parent-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-Module-Creator","creator_process": "Test Parent-Module-Creator_Process","desc": "Test Parent-Module-Desc","folder": "c:\\windows\\system32\\parent\\module\\folder","folder_uid": "Test Parent-Module-Folder_UID","is_system": true,"load_type": "Test Parent-Module-Load_Type","load_type_id": 0,"md5": "Test Parent-Module-MD5","mime_type": "Test Parent-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-Module-Modifier","name": "parent_module_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name": "Test Parent-Module-Original_Name","owner": "Test Parent-Module-Owner","parent_name": "Test Parent-Module-Parent_Name","parent_sha2": "Test Parent-Module-Parent_SHA2","path": "c:\\windows\\system32\\parent_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-Module-Security_Descriptor","sha1": "Test Parent-Module-SHA1","sha2": "Test Parent-Module-SHA2","signature_company_name": "Test Parent-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithm","value": "Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithms","value": "Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Parent-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.32","src_name": "Test Parent-Module-SRC_Name","type_id": 1,"uid": "Test Parent-Module-UID","url": {"categories": ["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids": [1,3,4,5,6],"extension": "Test Parent-Module-URL-Extension","host": "www.parent-module-url-host.com","method": "Test Parent-Module-URL-Method","parent_categories": ["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path": "/download/trouble/parent/module/url/path","port": 80,"provider": "Test Parent-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-Module-URL-Referrer","referrer_categories": ["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-Module-URL-Scheme","text": "www.parent-module-url-text.com/download/trouble"},"version": "Test Parent-Module-Version","xattributes": {"ads_name": "Test Parent-Module-XAttributes-ADS_Name","ads_size": "Test Parent-Module-XAttributes-ADS_Size","dacl": "Test Parent-Module-XAttributes-DACL","owner": "Test Parent-Module-XAttributes-Owner","primary_group": "Test Parent-Module-XAttributes-Primary_Group","link_name": "Test Parent-Module-XAttributes-Link_Name","hard_link_count": "Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Parent-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Parent-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote": true,"remote_host": "Test Parent-Session-Remote_Host","remote_ip": "10.0.0.33","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-Session-User-Cloud_Resource_UID","domain": "Test Parent-Session-User-Domain","external_account_uid": "Test Parent-Session-User-External_Account_UID","external_uid": "Test Parent-Session-User-External_UID","full_name": "Test Parent-Session-User-Full_Name","groups": ["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home": "Test Parent-Session-User-Home","is_admin": true,"logon_name": "Test Parent-Session-User-Logon_Name","name": "Test Parent-Session-User-Name","password_expires": true,"shell": "Test Parent-Session-User-Shell","sid": "Test Parent-Session-User-SID","uid": "Test Parent-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Parent-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-User-Cloud_Resource_UID","domain": "Test Parent-User-Domain","external_account_uid": "Test Parent-User-External_Account_UID","external_uid": "Test Parent-User-External_UID","full_name": "Test Parent-User-Full_Name","groups": ["Test Parent-User-Group","Test Parent-User-Groups"],"home": "Test Parent-User-Home","is_admin": true,"logon_name": "Test Parent-User-Logon_Name","name": "Test Parent-User-Name","password_expires": true,"shell": "Test Parent-User-Shell","sid": "Test Parent-User-SID","uid": "Test Parent-User-UID"},"xattributes": {"ads_name": "Test Parent-XAttributes-ADS_Name","ads_size": "Test Parent-XAttributes-ADS_Size","dacl": "Test Parent-XAttributes-DACL","owner": "Test Parent-XAttributes-Owner","primary_group": "Test Parent-XAttributes-Primary_Group","link_name": "Test Parent-XAttributes-Link_Name","hard_link_count": "Test Parent-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-XAttributes-Unix_Permissions"}},"policy": {"desc": "Test Policy-Desc","effective_date": 1613021404000,"group_desc": "Test Policy-Group_Desc","group_name": "Test Policy-Group_Name","group_uid": "Test Policy-Group_UID","label": "Test Policy-Label","name": "Test Policy-Name","rule_category_id": 0,"rule_desc": "Test Policy-Rule_Desc","rule_group_desc": "Test Policy-Rule_Group_Desc","rule_group_name": "Test Policy-Rule_Group_Name","rule_group_uid": "Test Policy-Rule_Group_UID","rule_name": "Test Policy-Rule_Name","rule_uid": "Test Policy-Rule_UID","rules": [{"category_id": 0,"desc": "Test Policy-Rules-Desc 1","dlp_type_id": 1,"name": "Test Policy-Rules-Name 1","num_violations": 12345678901,"uid": "Test Policy-Rules-UID 1"},{"category_id": 1,"desc": "Test Policy-Rules-Desc 2","dlp_type_id": 2,"name": "Test Policy-Rules-Name 2","num_violations": 12345678902,"uid": "Test Policy-Rules-UID 2"}],"state_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id": 0,"uid": "Test Policy-UID","version": "Test Policy-Version"},"process": {"app_name": "Test Process-App_Name","app_uid": "Test Process-App_UID","app_ver": "Test Process-App_Ver","cmd_line": "Test Process-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Process-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Process-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Process-File-Creator","creator_process": "Test Process-File-Creator_Process","desc": "Test Process-File-Desc","folder": "c:\\windows\\system32\\process\\file\\folder","folder_uid": "Test Process-File-Folder_UID","is_system": true,"md5": "Test Process-File-MD5","mime_type": "Test Process-File-MIME_Type","modified": 1613021404000,"modifier": "Test Process-File-Modifier","name": "process_file_name.exe","normalized_path": "CSIDL_SYSTEM\\process_file_normalized_path.exe","original_name": "Test Process-File-Original_Name","owner": "Test Process-File-Owner","parent_name": "Test Process-File-Parent_Name","parent_sha2": "Test Process-File-Parent_SHA2","path": "c:\\windows\\system32\\process_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Process-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Process-File-Security_Descriptor","sha1": "Test Process-File-SHA1","sha2": "Test Process-File-SHA2","signature_company_name": "Test Process-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Process-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Process-File-Signature_Fingerprints-Algorithm","value": "Test Process-File-Signature_Fingerprints-Value"},{"algorithm": "Test Process-File-Signature_Fingerprints-Algorithms","value": "Test Process-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Process-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Process-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.35","src_name": "Test Process-File-SRC_Name","type_id": 1,"uid": "Test Process-File-UID","url": {"categories": ["Test Process-File-URL-Category","Test Process-File-URL-Categories"],"category_ids": [1,3,4],"extension": "Test Process-File-URL-Extension","host": "www.process-file-url-host.com","method": "Test Process-File-URL-Method","parent_categories": ["Test Process-File-URL-Parent_Category","Test Process-File-URL-Parent_Categories"],"path": "/download/trouble/process/file/url/path","port": 80,"provider": "Test Process-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Process-File-URL-Referrer","referrer_categories": ["Test Process-File-URL-Referrer_Category","Test Process-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Process-File-URL-Scheme","text": "www.process-file-url-text.com/download/trouble"},"version": "Test Process-File-Version","xattributes": {"ads_name": "Test Process-File-XAttributes-ADS_Name","ads_size": "Test Process-File-XAttributes-ADS_Size","dacl": "Test Process-File-XAttributes-DACL","owner": "Test Process-File-XAttributes-Owner","primary_group": "Test Process-File-XAttributes-Primary_Group","link_name": "Test Process-File-XAttributes-Link_Name","hard_link_count": "Test Process-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Process-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Process-Lineage 1","Test Process-Lineages 1"],"loaded_modules": ["Test Process-Loaded_Module 1","Test Process-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Process-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Process-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Process-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Process-Module-Creator","creator_process": "Test Process-Module-Creator_Process","desc": "Test Process-Module-Desc","folder": "c:\\windows\\system32\\process\\module\\folder","folder_uid": "Test Process-Module-Folder_UID","is_system": true,"load_type": "Test Process-Module-Load_Type","load_type_id": 0,"md5": "Test Process-Module-MD5","mime_type": "Test Process-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Process-Module-Modifier","name": "process_module_name.exe","normalized_path": "CSIDL_SYSTEM\\process_module_normalized_path.exe","original_name": "Test Process-Module-Original_Name","owner": "Test Process-Module-Owner","parent_name": "Test Process-Module-Parent_Name","parent_sha2": "Test Process-Module-Parent_SHA2","path": "c:\\windows\\system32\\process_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Process-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Process-Module-Security_Descriptor","sha1": "Test Process-Module-SHA1","sha2": "Test Process-Module-SHA2","signature_company_name": "Test Process-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Process-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Process-Module-Signature_Fingerprints-Algorithm","value": "Test Process-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Process-Module-Signature_Fingerprints-Algorithms","value": "Test Process-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Process-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Process-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.36","src_name": "Test Process-Module-SRC_Name","type_id": 1,"uid": "Test Process-Module-UID","url": {"categories": ["Test Process-Module-URL-Category","Test Process-Module-URL-Categories"],"category_ids": [1,3,4],"extension": "Test Process-Module-URL-Extension","host": "www.process-module-url-host.com","method": "Test Process-Module-URL-Method","parent_categories": ["Test Process-Module-URL-Parent_Category","Test Process-Module-URL-Parent_Categories"],"path": "/download/trouble/process/module/url/path","port": 80,"provider": "Test Process-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Process-Module-URL-Referrer","referrer_categories": ["Test Process-Module-URL-Referrer_Category","Test Process-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Process-Module-URL-Scheme","text": "www.process-module-url-text.com/download/trouble"},"version": "Test Process-Module-Version","xattributes": {"ads_name": "Test Process-Module-XAttributes-ADS_Name","ads_size": "Test Process-Module-XAttributes-ADS_Size","dacl": "Test Process-Module-XAttributes-DACL","owner": "Test Process-Module-XAttributes-Owner","primary_group": "Test Process-Module-XAttributes-Primary_Group","link_name": "Test Process-Module-XAttributes-Link_Name","hard_link_count": "Test Process-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Process-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Process-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Process-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Process-Session-Previous_User","Test Process-Session-Previous_Users"],"remote": true,"remote_host": "Test Process-Session-Remote_Host","remote_ip": "10.0.0.37","user": {"account_disabled": true,"cloud_resource_uid": "Test Process-Session-User-Cloud_Resource_UID","domain": "Test Process-Session-User-Domain","external_account_uid": "Test Process-Session-User-External_Account_UID","external_uid": "Test Process-Session-User-External_UID","full_name": "Test Process-Session-User-Full_Name","groups": ["Test Process-Session-User-Group","Test Process-Session-User-Groups"],"home": "Test Process-Session-User-Home","is_admin": true,"logon_name": "Test Process-Session-User-Logon_Name","name": "Test Process-Session-User-Name","password_expires": true,"shell": "Test Process-Session-User-Shell","sid": "Test Process-Session-User-SID","uid": "Test Process-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Process-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Process-User-Cloud_Resource_UID","domain": "Test Process-User-Domain","external_account_uid": "Test Process-User-External_Account_UID","external_uid": "Test Process-User-External_UID","full_name": "Test Process-User-Full_Name","groups": ["Test Process-User-Group","Test Process-User-Groups"],"home": "Test Process-User-Home","is_admin": true,"logon_name": "Test Process-User-Logon_Name","name": "Test Process-User-Name","password_expires": true,"shell": "Test Process-User-Shell","sid": "Test Process-User-SID","uid": "Test Process-User-UID"},"xattributes": {"ads_name": "Test Process-XAttributes-ADS_Name","ads_size": "Test Process-XAttributes-ADS_Size","dacl": "Test Process-XAttributes-DACL","owner": "Test Process-XAttributes-Owner","primary_group": "Test Process-XAttributes-Primary_Group","link_name": "Test Process-XAttributes-Link_Name","hard_link_count": "Test Process-XAttributes-Hard_Link_Count","Unix_permissions": "Test Process-XAttributes-Unix_Permissions"}},"product_data": {"sep_domain_uid": "Test Product_Data-Sep_Domain_UID","sep_hw_uid": "Test Product_Data-Sep_HW_UID"},"product_lang": "en","product_name": "Symantec Endpoint Security","product_uid": "Test Product_UID","product_ver": "2014.1.4.25-beta","proxy_device_ip": "10.0.0.25","proxy_device_name": "Test Proxy_Device_Name","raw_data": {"assetID": "vc9DagprQYyLZ23SEY1APw","assetOpstateDTO": {"productUuid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9","features": [{"uuid": "1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus": "SECURE","opstate": {"EDRContentSequence": "20231128005","EDREngineVersion": "4.11.0.10","EDRFramworkVersion": "4.10.0.59","FDRStatus": true,"LowDiskSpace": false,"MaxDBSizeHonored": true,"applied_policy": {"effective_date": 1709219437080,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "7dc29d40-f303-477a-9012-287ef252a391","version": "16"},"disk_usage_mb": 1546,"fdr_first_event_date": "20240227","fdr_state": 1},"state": "ENABLED","statusReason": ["-107","0"],"prevention_state": "1"}],"products_active": 0,"blades": 0}},"ref_event": 4624,"ref_event_name": "Test Ref_Event_Name","ref_log_name": "Test Ref_Log_Name","ref_log_time": "2024-02-29T01:00:00.000Z","ref_orig_uid": "Test Ref_Orig_UID","ref_uid": "Test Ref_UID","remediated": true,"remediation": "Test Remediation","remediation_ref": "Test Remediation_Ref","remediation_uid": 0,"remote_device_name": "Test Remote_Device_Name","remote_process": {"app_name": "Test Remote_Process-App_Name","app_uid": "Test Remote_Process-App_UID","app_ver": "Test Remote_Process-App_Ver","cmd_line": "Test Remote_Process-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Remote_Process-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Remote_Process-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Remote_Process-File-Creator","creator_process": "Test Remote_Process-File-Creator_Process","desc": "Test Remote_Process-File-Desc","folder": "c:\\windows\\system32\\remote_process\\file\\folder","folder_uid": "Test Remote_Process-File-Folder_UID","is_system": true,"md5": "Test Remote_Process-File-MD5","mime_type": "Test Remote_Process-File-MIME_Type","modified": 1613021404000,"modifier": "Test Remote_Process-File-Modifier","name": "remote_process_file_name.exe","normalized_path": "CSIDL_SYSTEM\\remote_process_file_normalized_path.exe","original_name": "Test Remote_Process-File-Original_Name","owner": "Test Remote_Process-File-Owner","parent_name": "Test Remote_Process-File-Parent_Name","parent_sha2": "Test Remote_Process-File-Parent_SHA2","path": "c:\\windows\\system32\\remote_process_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Remote_Process-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Remote_Process-File-Security_Descriptor","sha1": "Test Remote_Process-File-SHA1","sha2": "Test Remote_Process-File-SHA2","signature_company_name": "Test Remote_Process-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Remote_Process-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Remote_Process-File-Signature_Fingerprints-Algorithm","value": "Test Remote_Process-File-Signature_Fingerprints-Value"},{"algorithm": "Test Remote_Process-File-Signature_Fingerprints-Algorithms","value": "Test Remote_Process-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Remote_Process-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Remote_Process-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.35","src_name": "Test Remote_Process-File-SRC_Name","type_id": 1,"uid": "Test Remote_Process-File-UID","url": {"categories": ["Test Remote_Process-File-URL-Category","Test Remote_Process-File-URL-Categories"],"category_ids": [1,3,4,5],"extension": "Test Remote_Process-File-URL-Extension","host": "www.remote_process-file-url-host.com","method": "Test Remote_Process-File-URL-Method","parent_categories": ["Test Remote_Process-File-URL-Parent_Category","Test Remote_Process-File-URL-Parent_Categories"],"path": "/download/trouble/remote_process/file/url/path","port": 80,"provider": "Test Remote_Process-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Remote_Process-File-URL-Referrer","referrer_categories": ["Test Remote_Process-File-URL-Referrer_Category","Test Remote_Process-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Remote_Process-File-URL-Scheme","text": "www.remote_process-file-url-text.com/download/trouble"},"version": "Test Remote_Process-File-Version","xattributes": {"ads_name": "Test Remote_Process-File-XAttributes-ADS_Name","ads_size": "Test Remote_Process-File-XAttributes-ADS_Size","dacl": "Test Remote_Process-File-XAttributes-DACL","owner": "Test Remote_Process-File-XAttributes-Owner","primary_group": "Test Remote_Process-File-XAttributes-Primary_Group","link_name": "Test Remote_Process-File-XAttributes-Link_Name","hard_link_count": "Test Remote_Process-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Remote_Process-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Remote_Process-Lineage 1","Test Remote_Process-Lineages 1"],"loaded_modules": ["Test Remote_Process-Loaded_Module 1","Test Remote_Process-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Remote_Process-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Remote_Process-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Remote_Process-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Remote_Process-Module-Creator","creator_process": "Test Remote_Process-Module-Creator_Process","desc": "Test Remote_Process-Module-Desc","folder": "c:\\windows\\system32\\remote_process\\module\\folder","folder_uid": "Test Remote_Process-Module-Folder_UID","is_system": true,"load_type": "Test Remote_Process-Module-Load_Type","load_type_id": 0,"md5": "Test Remote_Process-Module-MD5","mime_type": "Test Remote_Process-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Remote_Process-Module-Modifier","name": "remote_process_module_name.exe","normalized_path": "CSIDL_SYSTEM\\remote_process_module_normalized_path.exe","original_name": "Test Remote_Process-Module-Original_Name","owner": "Test Remote_Process-Module-Owner","parent_name": "Test Remote_Process-Module-Parent_Name","parent_sha2": "Test Remote_Process-Module-Parent_SHA2","path": "c:\\windows\\system32\\remote_process_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Remote_Process-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Remote_Process-Module-Security_Descriptor","sha1": "Test Remote_Process-Module-SHA1","sha2": "Test Remote_Process-Module-SHA2","signature_company_name": "Test Remote_Process-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Remote_Process-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Remote_Process-Module-Signature_Fingerprints-Algorithm","value": "Test Remote_Process-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Remote_Process-Module-Signature_Fingerprints-Algorithms","value": "Test Remote_Process-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Remote_Process-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Remote_Process-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.36","src_name": "Test Remote_Process-Module-SRC_Name","type_id": 1,"uid": "Test Remote_Process-Module-UID","url": {"categories": ["Test Remote_Process-Module-URL-Category","Test Remote_Process-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Remote_Process-Module-URL-Extension","host": "www.remote_process-module-url-host.com","method": "Test Remote_Process-Module-URL-Method","parent_categories": ["Test Remote_Process-Module-URL-Parent_Category","Test Remote_Process-Module-URL-Parent_Categories"],"path": "/download/trouble/remote_process/module/url/path","port": 80,"provider": "Test Remote_Process-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Remote_Process-Module-URL-Referrer","referrer_categories": ["Test Remote_Process-Module-URL-Referrer_Category","Test Remote_Process-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Remote_Process-Module-URL-Scheme","text": "www.remote_process-module-url-text.com/download/trouble"},"version": "Test Remote_Process-Module-Version","xattributes": {"ads_name": "Test Remote_Process-Module-XAttributes-ADS_Name","ads_size": "Test Remote_Process-Module-XAttributes-ADS_Size","dacl": "Test Remote_Process-Module-XAttributes-DACL","owner": "Test Remote_Process-Module-XAttributes-Owner","primary_group": "Test Remote_Process-Module-XAttributes-Primary_Group","link_name": "Test Remote_Process-Module-XAttributes-Link_Name","hard_link_count": "Test Remote_Process-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Remote_Process-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Remote_Process-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Remote_Process-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Remote_Process-Session-Previous_User","Test Remote_Process-Session-Previous_Users"],"remote": true,"remote_host": "Test Remote_Process-Session-Remote_Host","remote_ip": "10.0.0.37","user": {"account_disabled": true,"cloud_resource_uid": "Test Remote_Process-Session-User-Cloud_Resource_UID","domain": "Test Remote_Process-Session-User-Domain","external_account_uid": "Test Remote_Process-Session-User-External_Account_UID","external_uid": "Test Remote_Process-Session-User-External_UID","full_name": "Test Remote_Process-Session-User-Full_Name","groups": ["Test Remote_Process-Session-User-Group","Test Remote_Process-Session-User-Groups"],"home": "Test Remote_Process-Session-User-Home","is_admin": true,"logon_name": "Test Remote_Process-Session-User-Logon_Name","name": "Test Remote_Process-Session-User-Name","password_expires": true,"shell": "Test Remote_Process-Session-User-Shell","sid": "Test Remote_Process-Session-User-SID","uid": "Test Remote_Process-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Remote_Process-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Remote_Process-User-Cloud_Resource_UID","domain": "Test Remote_Process-User-Domain","external_account_uid": "Test Remote_Process-User-External_Account_UID","external_uid": "Test Remote_Process-User-External_UID","full_name": "Test Remote_Process-User-Full_Name","groups": ["Test Remote_Process-User-Group","Test Remote_Process-User-Groups"],"home": "Test Remote_Process-User-Home","is_admin": true,"logon_name": "Test Remote_Process-User-Logon_Name","name": "Test Remote_Process-User-Name","password_expires": true,"shell": "Test Remote_Process-User-Shell","sid": "Test Remote_Process-User-SID","uid": "Test Remote_Process-User-UID"},"xattributes": {"ads_name": "Test Remote_Process-XAttributes-ADS_Name","ads_size": "Test Remote_Process-XAttributes-ADS_Size","dacl": "Test Remote_Process-XAttributes-DACL","owner": "Test Remote_Process-XAttributes-Owner","primary_group": "Test Remote_Process-XAttributes-Primary_Group","link_name": "Test Remote_Process-XAttributes-Link_Name","hard_link_count": "Test Remote_Process-XAttributes-Hard_Link_Count","Unix_permissions": "Test Remote_Process-XAttributes-Unix_Permissions"}},"seq_num": 12345678901,"sessions": [{"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote": true,"remote_host": "Test Sessions-Remote_Host 1","remote_ip": "10.0.0.26","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 1","domain": "Test Sessions-User-Domain 1","external_account_uid": "Test Sessions-User-External_Account_UID 1","external_uid": "Test Sessions-User-External_UID 1","full_name": "Test Sessions-User-Full_Name 1","groups": ["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home": "Test Sessions-User-Home 1","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 1","name": "Test session-User-Name 1","password_expires": true,"shell": "Test Sessions-User-Shell 1","sid": "Test Sessions-User-SID 1","uid": "Test Sessions-User-UID 1"}},{"auth_protocol_id": 1,"cleartext_credentials": true,"direction_id": 1,"id": 67890123451,"is_admin": true,"logon_type_id": 2,"port": 81,"previous_users": ["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote": true,"remote_host": "Test Sessions-Remote_Host 2","remote_ip": "10.0.0.27","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 2","domain": "Test Sessions-User-Domain 2","external_account_uid": "Test Sessions-User-External_Account_UID 2","external_uid": "Test Sessions-User-External_UID 2","full_name": "Test Sessions-User-Full_Name 2","groups": ["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home": "Test Sessions-User-Home 2","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 2","name": "Test session-User-Name 2","password_expires": true,"shell": "Test Sessions-User-Shell 2","sid": "Test Sessions-User-SID 2","uid": "Test Sessions-User-UID 2"}}],"severity_id": 0,"source": {"facility": "Test Source-Facility","facility_detail": "Test Source-Facility_Detail","facility_uid": "Test Source-Facility_UID","type_id": 1},"status_detail": "Test Status_Detail","status_id": 0,"status_os": "Test Status_OS","status_os_src": 12345678901,"status_stack_trace": "Test Status_Stack_Trace","status_thread_name": "Test Status_Thread_Name","stic_has_pii": true,"stic_hw_uid": "Test STIC_HW_UID","stic_ip_hash": "Test STIC_IP_Hash","stic_legacy_ent_uids": ["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids": ["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids": ["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id": "Test STIC_Schema_ID","stic_uid": "Test STIC_UID","stic_version": "Test STIC_Version","subfeature_name": "Test Subfeature_Name","time": "2024-02-29T02:00:00Z","timezone": 12345678901,"type": "Test Type","type_id": 8015,"user": {"account_disabled": true,"cloud_resource_uid": "Test User-Cloud_Resource_UID","domain": "Test User-Domain","external_account_uid": "Test User-External_Account_UID","external_uid": "Test User-External_UID","full_name": "Test User-Full_Name","groups": ["Test User-Group 1","Test User-Groups 1"],"home": "Test User-Home","is_admin": true,"logon_name": "Test User-Logon_Name","name": "Test User-Name","password_expires": true,"shell": "Test User-Shell","sid": "Test User-SID","uid": "Test User-UID"},"user_name": "Test User_Name","user_uid": "Test User_UID","uuid": "Test UUID","version": "1.4"}
 {"actor": {"app_name": "Test Actor-App_Name","app_uid": "Test Actor-App_UID","app_ver": "Test Actor-App_Ver","cmd_line": "Test Actor-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Actor-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-File-Creator","creator_process": "Test Actor-File-Creator_Process","desc": "Test Actor-File-Desc","folder": "c:\\windows\\system32\\actor\\file\\folder","folder_uid": "Test Actor-File-Folder_UID","is_system": true,"md5": "Test Actor-File-MD5","mime_type": "Test Actor-File-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-File-Modifier","name": "actor_file_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name": "Test Actor-File-Original_Name","owner": "Test Actor-File-Owner","parent_name": "Test Actor-File-Parent_Name","parent_sha2": "Test Actor-File-Parent_SHA2","path": "c:\\windows\\system32\\actor_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-File-Security_Descriptor","sha1": "Test Actor-File-SHA1","sha2": "Test Actor-File-SHA2","signature_company_name": "Test Actor-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithm","value": "Test Actor-File-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithms","value": "Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.28","src_name": "Test Actor-File-SRC_Name","type_id": 1,"uid": "Test Actor-File-UID","url": {"categories": ["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-File-URL-Extension","host": "www.actor-file-url-host.com","method": "Test Actor-File-URL-Method","parent_categories": ["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path": "/download/trouble/actor/file/url/path","port": 80,"provider": "Test Actor-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-File-URL-Referrer","referrer_categories": ["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-File-URL-Scheme","text": "www.actor-file-url-text.com/download/trouble"},"version": "Test Actor-File-Version","xattributes": {"ads_name": "Test Actor-File-XAttributes-ADS_Name","ads_size": "Test Actor-File-XAttributes-ADS_Size","dacl": "Test Actor-File-XAttributes-DACL","owner": "Test Actor-File-XAttributes-Owner","primary_group": "Test Actor-File-XAttributes-Primary_Group","link_name": "Test Actor-File-XAttributes-Link_Name","hard_link_count": "Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules": ["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Actor-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Actor-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-Module-Creator","creator_process": "Test Actor-Module-Creator_Process","desc": "Test Actor-Module-Desc","folder": "c:\\windows\\system32\\actor\\module\\folder","folder_uid": "Test Actor-Module-Folder_UID","is_system": true,"load_type": "Test Actor-Module-Load_Type","load_type_id": 0,"md5": "Test Actor-Module-MD5","mime_type": "Test Actor-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-Module-Modifier","name": "actor_module_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name": "Test Actor-Module-Original_Name","owner": "Test Actor-Module-Owner","parent_name": "Test Actor-Module-Parent_Name","parent_sha2": "Test Actor-Module-Parent_SHA2","path": "c:\\windows\\system32\\actor_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-Module-Security_Descriptor","sha1": "Test Actor-Module-SHA1","sha2": "Test Actor-Module-SHA2","signature_company_name": "Test Actor-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithm","value": "Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithms","value": "Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.29","src_name": "Test Actor-Module-SRC_Name","type_id": 1,"uid": "Test Actor-Module-UID","url": {"categories": ["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-Module-URL-Extension","host": "www.actor-module-url-host.com","method": "Test Actor-Module-URL-Method","parent_categories": ["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path": "/download/trouble/actor/module/url/path","port": 80,"provider": "Test Actor-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-Module-URL-Referrer","referrer_categories": ["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-Module-URL-Scheme","text": "www.actor-module-url-text.com/download/trouble"},"version": "Test Actor-Module-Version","xattributes": {"ads_name": "Test Actor-Module-XAttributes-ADS_Name","ads_size": "Test Actor-Module-XAttributes-ADS_Size","dacl": "Test Actor-Module-XAttributes-DACL","owner": "Test Actor-Module-XAttributes-Owner","primary_group": "Test Actor-Module-XAttributes-Primary_Group","link_name": "Test Actor-Module-XAttributes-Link_Name","hard_link_count": "Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Actor-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Actor-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote": true,"remote_host": "Test Actor-Session-Remote_Host","remote_ip": "10.0.0.30","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-Session-User-Cloud_Resource_UID","domain": "Test Actor-Session-User-Domain","external_account_uid": "Test Actor-Session-User-External_Account_UID","external_uid": "Test Actor-Session-User-External_UID","full_name": "Test Actor-Session-User-Full_Name","groups": ["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home": "Test Actor-Session-User-Home","is_admin": true,"logon_name": "Test Actor-Session-User-Logon_Name","name": "Test Actor-Session-User-Name","password_expires": true,"shell": "Test Actor-Session-User-Shell","sid": "Test Actor-Session-User-SID","uid": "Test Actor-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Actor-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-User-Cloud_Resource_UID","domain": "Test Actor-User-Domain","external_account_uid": "Test Actor-User-External_Account_UID","external_uid": "Test Actor-User-External_UID","full_name": "Test Actor-User-Full_Name","groups": ["Test Actor-User-Group","Test Actor-User-Groups"],"home": "Test Actor-User-Home","is_admin": true,"logon_name": "Test Actor-User-Logon_Name","name": "Test Actor-User-Name","password_expires": true,"shell": "Test Actor-User-Shell","sid": "Test Actor-User-SID","uid": "Test Actor-User-UID"},"xattributes": {"ads_name": "Test Actor-XAttributes-ADS_Name","ads_size": "Test Actor-XAttributes-ADS_Size","dacl": "Test Actor-XAttributes-DACL","owner": "Test Actor-XAttributes-Owner","primary_group": "Test Actor-XAttributes-Primary_Group","link_name": "Test Actor-XAttributes-Link_Name","hard_link_count": "Test Actor-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-XAttributes-Unix_Permissions"}},"analysis": "Test Analysis","attacks": [{"sub_technique_name": "Test Attacks-Sub_Technique_Name 1","sub_technique_uid": "Test Attacks-Sub_Technique_UID 1","tactic_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids": ["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name": "Test Attacks-Technique_Name 1","technique_uid": "Test Attacks-Technique_UID 1"},{"sub_technique_name": "Test Attacks-Sub_Technique_Name 2","sub_technique_uid": "Test Attacks-Sub_Technique_UID 2","tactic_ids": [21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids": ["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name": "Test Attacks-Technique_Name 2","technique_uid": "Test Attacks-Technique_UID 2"}],"category_id": 5,"collector_device_ip": "10.0.0.1","collector_device_name": "Test Collector_Device_Name","collector_name": "Test Collector_Name","collector_uid": "Test Collector_UID","composite": 1,"config_path": "Test Config_Path","container": {"host_name": "Test Container-Host_Name","image_name": "Test Container-Image_Name","image_uid": "Test Container-Image_UID","name": "Test Container-Name","networks": [{"bssid": "Test Container-Networks-BSSID 1","gateway_ip": "10.0.0.2","gateway_mac": "00:B0:D0:63:C2:01","ipv4": "10.0.0.3","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:02","rep_score_id": 0,"ssid": "Test Container-Networks-SSID 1","type_id": 0},{"bssid": "Test Container-Networks-BSSID 2","gateway_ip": "10.0.0.4","gateway_mac": "00:B0:D0:63:C2:03","ipv4": "10.0.0.5","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:04","rep_score_id": 1,"ssid": "Test Container-Networks-SSID 2","type_id": 1}],"os_name": "Test Container-OS_Name","uid": "Test Container-UID"},"correlation_uid": "Test Correltion_UID","count": 12345678901,"customer_registry_uid": "Test Customer_Registry-UID","customer_uid": "Test Customer_UID","cybox": {"domains": ["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails": [{"direction_id": 0,"header_from": "Test Cybox-Emails-Header_From 1","header_message_id": "Test Cybox-Emails-Header_Message_ID 1","header_reply_to": "Test Cybox-Emails-Header_Reply_To 1","header_subject": "Test Cybox-Emails-Header_Subject 1","header_to": ["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip": "10.0.0.6","size": 12345678901,"smtp_from": "Test Cybox-Emails-SMTP_From 1","smtp_hello": "Test Cybox-Emails-SMTP_Hello 1","smtp_to": "Test Cybox-Emails-SMTP_To 1"},{"direction_id": 1,"header_from": "Test Cybox-Emails-Header_From 2","header_message_id": "Test Cybox-Emails-Header_Message_ID 2","header_reply_to": "Test Cybox-Emails-Header_Reply_To 2","header_subject": "Test Cybox-Emails-Header_Subject 2","header_to": ["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip": "10.0.0.7","size": 12345678902,"smtp_from": "Test Cybox-Emails-SMTP_From 2","smtp_hello": "Test Cybox-Emails-SMTP_Hello 2","smtp_to": "Test Cybox-Emails-SMTP_To 2"}],"files": [{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 1","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation 1","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Cybox-Files-Content_Type-SubType 1","type_id": 0},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 1","creator_process": "Test Cybox-Files-Creator_Process 1","desc": "Test Cybox-Files-Desc 1","folder": "c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid": "Test Cybox-Files-Folder_UID 1","is_system": true,"md5": "Test Cybox-Files-MD5 1","mime_type": "Test Cybox-Files-MIME_Type 1","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 1","name": "cybox_files_name_1.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name": "Test Cybox-Files-Original_Name 1","owner": "Test Cybox-Files-Owner 1","parent_name": "Test Cybox-Files-Parent_Name 1","parent_sha2": "Test Cybox-Files-Parent_SHA2 1","path": "c:\\windows\\system32\\cybox_files_path_1.exe","product_name": "Windows Internet Explorer 1","product_path": "Test Cybox-Files-Product_Path 1","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Cybox-Files-Security_Descriptor 1","sha1": "Test Cybox-Files-SHA1 1","sha2": "Test Cybox-Files-SHA2 1","signature_company_name": "Test Cybox-Files-Signature_Company_Name 1","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value": "Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value": "Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 1","signature_level_id": 0,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 1","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Cybox-Files-SRC_Name 1","type_id": 1,"uid": "Test Cybox-Files-UID 1","url": {"categories": ["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-Files-URL-Extension 1","host": "www.files-url-host-1.com","method": "Test Cybox-Files-URL-Method 1","parent_categories": ["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path": "/download/trouble/cybox/files/url/path/1","port": 80,"provider": "Test Cybox-Files-URL-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-Files-URL-Referrer 1","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-Files-URL-Scheme 1","text": "www.files-url-text-1.com/download/trouble"},"version": "Test Cybox-Files-Version 1","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 1","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 1","dacl": "Test Cybox-Files-XAttributes-DACL 1","owner": "Test Cybox-Files-XAttributes-Owner 1","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 1","link_name": "Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 2","attribute_ids": [11,12,13,14,15,16,17],"attributes": 12345678902,"company_name": "Microsoft Corporation 2","confidentiality_id": 1,"content_type": {"family_id": 1,"subtype": "Test Cybox-Files-Content_Type-SubType 2","type_id": 1},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 2","creator_process": "Test Cybox-Files-Creator_Process 2","desc": "Test Cybox-Files-Desc 2","folder": "c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid": "Test Cybox-Files-Folder_UID 2","is_system": true,"md5": "Test Cybox-Files-MD5 2","mime_type": "Test Cybox-Files-MIME_Type 2","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 2","name": "cybox_files_name_2.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name": "Test Cybox-Files-Original_Name 2","owner": "Test Cybox-Files-Owner 2","parent_name": "Test Cybox-Files-Parent_Name 2","parent_sha2": "Test Cybox-Files-Parent_SHA2 2","path": "c:\\windows\\system32\\cybox_files_path_2.exe","product_name": "Windows Internet Explorer 2","product_path": "Test Cybox-Files-Product_Path 2","rep_discovered_band": 1,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678902,"rep_prevalence_band": 1,"rep_score": 12345678902,"rep_score_band": 1,"security_descriptor": "Test Cybox-Files-Security_Descriptor 2","sha1": "Test Cybox-Files-SHA1 2","sha2": "Test Cybox-Files-SHA2 2","signature_company_name": "Test Cybox-Files-Signature_Company_Name 2","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value": "Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value": "Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 2","signature_level_id": 1,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 2","signature_value": 12345678902,"signature_value_ids": [11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678902,"size_compressed": 12345678902,"src_ip": "10.0.0.9","src_name": "Test Cybox-Files-SRC_Name 2","type_id": 1,"uid": "Test Cybox-Files-UID 2","url": {"categories": ["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-Files-URL-Extension 2","host": "www.files-url-host-2.com","method": "Test Cybox-Files-URL-Method 2","parent_categories": ["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path": "/download/trouble/cybox/files/url/path/2","port": 81,"provider": "Test Cybox-Files-URL-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-Files-URL-Referrer 2","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-Files-URL-Scheme 2","text": "www.files-url-text-2.com/download/trouble"},"version": "Test Cybox-Files-Version 2","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 2","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 2","dacl": "Test Cybox-Files-XAttributes-DACL 2","owner": "Test Cybox-Files-XAttributes-Owner 2","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 2","link_name": "Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames": ["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.10"},"service": "Test Cybox-ICAP_ReqMod-Service 1","status": "Test Cybox-ICAP_ReqMod-Status 1","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.11"},"service": "Test Cybox-ICAP_ReqMod-Service 2","status": "Test Cybox-ICAP_ReqMod-Status 2","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_RespMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.12"},"service": "Test Cybox-ICAP_RespMod-Service 1","status": "Test Cybox-ICAP_RespMod-Status 1","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_RespMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.13"},"service": "Test Cybox-ICAP_RespMod-Service 2","status": "Test Cybox-ICAP_RespMod-Status 2","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s": ["10.0.0.14","10.0.0.15"],"ipv6s": ["2a02:cf40::","2a02:cf40::"],"macs": ["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls": [{"categories": ["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-URLs-Extension 1","host": "www.urls-host-1.com","method": "Test Cybox-URLs-Method 1","parent_categories": ["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path": "/download/trouble/cybox/urls/path/1","port": 80,"provider": "Test Cybox-URLs-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-URLs-Referrer 1","referrer_categories": ["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-URLs-Scheme 1","text": "www.urls-text-1.com/download/trouble"},{"categories": ["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-URLs-Extension 2","host": "www.urls-host-2.com","method": "Test Cybox-URLs-Method 2","parent_categories": ["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path": "/download/trouble/cybox/urls/path/2","port": 81,"provider": "Test Cybox-URLs-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-URLs-Referrer 2","referrer_categories": ["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-URLs-Scheme 2","text": "www.urls-text-2.com/download/trouble"}]},"device_alias_name": "Test Device_Alias_Name","device_cap": "Test Device_Cap","device_cloud_vm": {"autoscale_uid": "Test Device_Cloud_VM-Autoscale_UID","dc_region": "Test Device_Cloud_VM-DC_Region","instance_uid": "Test Device_Cloud_VM-Instance_UID","subnet_uid": "Test Device_Cloud_VM-Subnet_UID","vpc_uid": "Test Device_Cloud_VM-VPC_UID"},"device_desc": "Test Device_Desc","device_domain": "device.domain.internal.somecompany.com","device_domain_uid": "Test Device_Domain_UID","device_end_time": 1613021404000,"device_gateway": "10.0.0.16","device_group": "Test Device_Group","device_group_name": "Test Device_Group_Name","device_hw_bios_date": "03/31/16","device_hw_bios_manufacturer": "LENOVO","device_hw_bios_ver": "LENOVO G5ETA2WW (2.62)","device_hw_cpu_type": "x86 Family 6 Model 37 Stepping 5","device_imei": "Test Device_IMEI","device_ip": "10.0.0.17","device_is_compliant": true,"device_is_personal": true,"device_is_trusted": true,"device_is_unmanaged": true,"device_location": {"city": "Test Device_Location-City","continent": "Test Device_Location-Continent","coordinates": [-12.345,56.789],"country": "US","desc": "Test Device_Location-Desc","isp": "Test Device_Location-ISP","on_premises": true,"region": "US-CA"},"device_mac": "00:B0:D0:63:C2:07","device_name": "device.name.computer.domain","device_name_md5": "4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks": [{"bssid": "Test Device_Networks-BSSID 1","gateway_ip": "10.0.0.18","gateway_mac": "00:B0:D0:63:C2:08","ipv4": "10.0.0.19","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:09","rep_score_id": 0,"ssid": "Test Device_Networks-SSID 1","type_id": 0},{"bssid": "Test Device_Networks-BSSID 2","gateway_ip": "10.0.0.20","gateway_mac": "00:B0:D0:63:C2:10","ipv4": "10.0.0.21","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:11","rep_score_id": 1,"ssid": "Test Device_Networks-SSID 2","type_id": 1}],"device_org_unit": "Test Device_Org_Unit","device_os_bits": 12345678901,"device_os_build": "Test Device_OS_Build","device_os_country": "IN","device_os_edition": "Professional","device_os_lang": "en","device_os_name": "Windows Server 2019 Standard Edition","device_os_sp_name": "Test Device_OS_SP_Name","device_os_sp_ver": "Test Device_OS_SP_Ver","device_os_type_id": 0,"device_os_ver": "Windows 10","device_proxy_ip": "10.0.0.22","device_proxy_name": "Test Device_Proxy_Name","device_public_ip": "10.0.0.23","device_ref_uid": "Test Device_Ref_UID","device_site": "Test Device_Site","device_subnet": "81.2.69.142","device_time": 1613021404000,"device_type": "server","device_uid": "Test Device_UID","device_vhost": "Test Device_VHost","device_vhost_id": 0,"domain_uid": "Test Domain_UID","end_time": "2024-02-29T01:00:00.000Z","event_id": 8016000,"events": [{"connection": {"direction_id": 1,"dst_service": "C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip": "159.19.163.218"},"count": 1,"device_end_time": 1709225074618,"device_time": 1709225074618}],"feature_name": "Test Feature_Name","feature_path": "Test Feature_Path","feature_type": "Test Feature_Type","feature_uid": "Test Feature_UID","feature_ver": "2014.1.4.25","id": 12345678901,"impersonator_customer_uid": "Test Impersonator_Customer_UID","impersonator_domain_uid": "Test Impersonator_Domain_UID","impersonator_user_uid": "Test Impersonator_User_UID","is_user_present": true,"lineage": ["Test Lineage","Test Lineages"],"log_level": "Test Log Level","log_name": "Test Log_Name","log_time": "2024-02-29T01:00:00.000Z","logging_device_ip": "10.0.0.24","logging_device_name": "Test Logging_Device_Name","logging_device_post_time": 1613021404000,"logging_device_ref_uid": "Test Logging_Device_Ref_UID","message": "Test Message","message_code": "Test Message_Code","message_id": 0,"org_unit_uid": "Test Org_Unit_UID","orig_data": "Test Orig_Data","parent": {"app_name": "Test Parent-App_Name","app_uid": "Test Parent-App_UID","app_ver": "Test Parent-App_Ver","cmd_line": "Test Parent-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Parent-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-File-Creator","creator_process": "Test Parent-File-Creator_Process","desc": "Test Parent-File-Desc","folder": "c:\\windows\\system32\\parent\\file\\folder","folder_uid": "Test Parent-File-Folder_UID","is_system": true,"md5": "Test Parent-File-MD5","mime_type": "Test Parent-File-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-File-Modifier","name": "parent_file_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name": "Test Parent-File-Original_Name","owner": "Test Parent-File-Owner","parent_name": "Test Parent-File-Parent_Name","parent_sha2": "Test Parent-File-Parent_SHA2","path": "c:\\windows\\system32\\parent_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-File-Security_Descriptor","sha1": "Test Parent-File-SHA1","sha2": "Test Parent-File-SHA2","signature_company_name": "Test Parent-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithm","value": "Test Parent-File-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithms","value": "Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Parent Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.31","src_name": "Test Parent-File-SRC_Name","type_id": 1,"uid": "Test Parent-File-UID","url": {"categories": ["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-File-URL-Extension","host": "www.parent-file-url-host.com","method": "Test Parent-File-URL-Method","parent_categories": ["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path": "/download/trouble/parent/file/url/path","port": 80,"provider": "Test Parent-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-File-URL-Referrer","referrer_categories": ["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-File-URL-Scheme","text": "www.parent-file-url-text.com/download/trouble"},"version": "Test Parent-File-Version","xattributes": {"ads_name": "Test Parent-File-XAttributes-ADS_Name","ads_size": "Test Parent-File-XAttributes-ADS_Size","dacl": "Test Parent-File-XAttributes-DACL","owner": "Test Parent-File-XAttributes-Owner","primary_group": "Test Parent-File-XAttributes-Primary_Group","link_name": "Test Parent-File-XAttributes-Link_Name","hard_link_count": "Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules": ["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Parent-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Parent-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-Module-Creator","creator_process": "Test Parent-Module-Creator_Process","desc": "Test Parent-Module-Desc","folder": "c:\\windows\\system32\\parent\\module\\folder","folder_uid": "Test Parent-Module-Folder_UID","is_system": true,"load_type": "Test Parent-Module-Load_Type","load_type_id": 0,"md5": "Test Parent-Module-MD5","mime_type": "Test Parent-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-Module-Modifier","name": "parent_module_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name": "Test Parent-Module-Original_Name","owner": "Test Parent-Module-Owner","parent_name": "Test Parent-Module-Parent_Name","parent_sha2": "Test Parent-Module-Parent_SHA2","path": "c:\\windows\\system32\\parent_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-Module-Security_Descriptor","sha1": "Test Parent-Module-SHA1","sha2": "Test Parent-Module-SHA2","signature_company_name": "Test Parent-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithm","value": "Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithms","value": "Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Parent-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.32","src_name": "Test Parent-Module-SRC_Name","type_id": 1,"uid": "Test Parent-Module-UID","url": {"categories": ["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-Module-URL-Extension","host": "www.parent-module-url-host.com","method": "Test Parent-Module-URL-Method","parent_categories": ["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path": "/download/trouble/parent/module/url/path","port": 80,"provider": "Test Parent-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-Module-URL-Referrer","referrer_categories": ["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-Module-URL-Scheme","text": "www.parent-module-url-text.com/download/trouble"},"version": "Test Parent-Module-Version","xattributes": {"ads_name": "Test Parent-Module-XAttributes-ADS_Name","ads_size": "Test Parent-Module-XAttributes-ADS_Size","dacl": "Test Parent-Module-XAttributes-DACL","owner": "Test Parent-Module-XAttributes-Owner","primary_group": "Test Parent-Module-XAttributes-Primary_Group","link_name": "Test Parent-Module-XAttributes-Link_Name","hard_link_count": "Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Parent-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Parent-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote": true,"remote_host": "Test Parent-Session-Remote_Host","remote_ip": "10.0.0.33","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-Session-User-Cloud_Resource_UID","domain": "Test Parent-Session-User-Domain","external_account_uid": "Test Parent-Session-User-External_Account_UID","external_uid": "Test Parent-Session-User-External_UID","full_name": "Test Parent-Session-User-Full_Name","groups": ["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home": "Test Parent-Session-User-Home","is_admin": true,"logon_name": "Test Parent-Session-User-Logon_Name","name": "Test Parent-Session-User-Name","password_expires": true,"shell": "Test Parent-Session-User-Shell","sid": "Test Parent-Session-User-SID","uid": "Test Parent-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Parent-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-User-Cloud_Resource_UID","domain": "Test Parent-User-Domain","external_account_uid": "Test Parent-User-External_Account_UID","external_uid": "Test Parent-User-External_UID","full_name": "Test Parent-User-Full_Name","groups": ["Test Parent-User-Group","Test Parent-User-Groups"],"home": "Test Parent-User-Home","is_admin": true,"logon_name": "Test Parent-User-Logon_Name","name": "Test Parent-User-Name","password_expires": true,"shell": "Test Parent-User-Shell","sid": "Test Parent-User-SID","uid": "Test Parent-User-UID"},"xattributes": {"ads_name": "Test Parent-XAttributes-ADS_Name","ads_size": "Test Parent-XAttributes-ADS_Size","dacl": "Test Parent-XAttributes-DACL","owner": "Test Parent-XAttributes-Owner","primary_group": "Test Parent-XAttributes-Primary_Group","link_name": "Test Parent-XAttributes-Link_Name","hard_link_count": "Test Parent-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-XAttributes-Unix_Permissions"}},"policy": {"desc": "Test Policy-Desc","effective_date": 1613021404000,"group_desc": "Test Policy-Group_Desc","group_name": "Test Policy-Group_Name","group_uid": "Test Policy-Group_UID","label": "Test Policy-Label","name": "Test Policy-Name","rule_category_id": 0,"rule_desc": "Test Policy-Rule_Desc","rule_group_desc": "Test Policy-Rule_Group_Desc","rule_group_name": "Test Policy-Rule_Group_Name","rule_group_uid": "Test Policy-Rule_Group_UID","rule_name": "Test Policy-Rule_Name","rule_uid": "Test Policy-Rule_UID","rules": [{"category_id": 0,"desc": "Test Policy-Rules-Desc 1","dlp_type_id": 1,"name": "Test Policy-Rules-Name 1","num_violations": 12345678901,"uid": "Test Policy-Rules-UID 1"},{"category_id": 1,"desc": "Test Policy-Rules-Desc 2","dlp_type_id": 2,"name": "Test Policy-Rules-Name 2","num_violations": 12345678902,"uid": "Test Policy-Rules-UID 2"}],"state_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id": 0,"uid": "Test Policy-UID","version": "Test Policy-Version"},"product_data": {"sep_domain_uid": "Test Product_Data-Sep_Domain_UID","sep_hw_uid": "Test Product_Data-Sep_HW_UID"},"product_lang": "en","product_name": "Symantec Endpoint Security","product_uid": "Test Product_UID","product_ver": "2014.1.4.25-beta","proxy_device_ip": "10.0.0.25","proxy_device_name": "Test Proxy_Device_Name","raw_data": {"assetID": "vc9DagprQYyLZ23SEY1APw","assetOpstateDTO": {"productUuid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9","features": [{"uuid": "1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus": "SECURE","opstate": {"EDRContentSequence": "20231128005","EDREngineVersion": "4.11.0.10","EDRFramworkVersion": "4.10.0.59","FDRStatus": true,"LowDiskSpace": false,"MaxDBSizeHonored": true,"applied_policy": {"effective_date": 1709219437080,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "7dc29d40-f303-477a-9012-287ef252a391","version": "16"},"disk_usage_mb": 1546,"fdr_first_event_date": "20240227","fdr_state": 1},"state": "ENABLED","statusReason": ["-107","0"],"prevention_state": "1"},{"uuid": "225EB6FA-6404-4086-A45F-3C9AB5C21D36","featureStatus": "SECURE","opstate": {"advanced_state": 3,"applied_policy": {"effective_date": 1709128058705,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "05ee2b8e-2dbe-4c8b-9b4d-da7fa05c4499","version": "1"},"basic_state": 1,"contents": [{"content_last_download_time": 1709219662242,"content_type_id": 5,"engine_version": "2023-07-12","locked": false,"sequence": 240228092,"version": "2024-02-28 rev. 092"}],"licensing_state": "ENTITLED"},"state": "ENABLED","statusReason": ["0"],"prevention_state": "1"}],"products_active": 0,"blades": 0}},"ref_log_name": "Test Ref_Log_Name","ref_log_time": "2024-02-29T01:00:00.000Z","ref_orig_uid": "Test Ref_Orig_UID","ref_uid": "Test Ref_UID","remediated": true,"remediation": "Test Remediation","remediation_ref": "Test Remediation_Ref","remediation_uid": 0,"seq_num": 12345678901,"sessions": [{"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote": true,"remote_host": "Test Sessions-Remote_Host 1","remote_ip": "10.0.0.26","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 1","domain": "Test Sessions-User-Domain 1","external_account_uid": "Test Sessions-User-External_Account_UID 1","external_uid": "Test Sessions-User-External_UID 1","full_name": "Test Sessions-User-Full_Name 1","groups": ["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home": "Test Sessions-User-Home 1","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 1","name": "Test session-User-Name 1","password_expires": true,"shell": "Test Sessions-User-Shell 1","sid": "Test Sessions-User-SID 1","uid": "Test Sessions-User-UID 1"}},{"auth_protocol_id": 1,"cleartext_credentials": true,"direction_id": 1,"id": 67890123451,"is_admin": true,"logon_type_id": 2,"port": 81,"previous_users": ["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote": true,"remote_host": "Test Sessions-Remote_Host 2","remote_ip": "10.0.0.27","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 2","domain": "Test Sessions-User-Domain 2","external_account_uid": "Test Sessions-User-External_Account_UID 2","external_uid": "Test Sessions-User-External_UID 2","full_name": "Test Sessions-User-Full_Name 2","groups": ["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home": "Test Sessions-User-Home 2","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 2","name": "Test session-User-Name 2","password_expires": true,"shell": "Test Sessions-User-Shell 2","sid": "Test Sessions-User-SID 2","uid": "Test Sessions-User-UID 2"}}],"severity_id": 0,"source": {"facility": "Test Source-Facility","facility_detail": "Test Source-Facility_Detail","facility_uid": "Test Source-Facility_UID","type_id": 1},"startup_app": {"cmd_line": "Test Startup_App-CMD_Line","desc": "Test Startup_App-Desc","device_os_integrity_protection": true,"file": {"accessed": 1613021404000,"accessor": "Test Startup_App-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Startup_App-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Startup_App-File-Creator","creator_process": "Test Startup_App-File-Creator_Process","desc": "Test Startup_App-File-Desc 1","folder": "c:\\windows\\system32\\startup_app\\file\\folder","folder_uid": "Test Startup_App-File-Folder_UID","is_system": true,"md5": "Test Startup_App-File-MD5","mime_type": "Test Startup_App-File-MIME_Type","modified": 1613021404000,"modifier": "Test Startup_App-File-Modifier","name": "startup_app_file_name.exe","normalized_path": "CSIDL_SYSTEM\\startup_app_file_normalized_path.exe","original_name": "Test Startup_App-File-Original_Name","owner": "Test Startup_App-File-Owner","parent_name": "Test Startup_App-File-Parent_Name","parent_sha2": "Test Startup_App-File-Parent_SHA2","path": "c:\\windows\\system32\\startup_app_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Startup_App-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Startup_App-File-Security_Descriptor","sha1": "Test Startup_App-File-SHA1","sha2": "Test Startup_App-File-SHA2","signature_company_name": "Test Startup_App-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Startup_App-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Startup_App-File-Signature_Fingerprints-Algorithm","value": "Test Startup_App-File-Signature_Fingerprints-Value"},{"algorithm": "Test Startup_App-File-Signature_Fingerprints-Algorithms","value": "Test Startup_App-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Startup_App-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Startup_App-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Startup_App-File-SRC_Name","type_id": 1,"uid": "Test Startup_App-File-UID","url": {"categories": ["Test Startup_App-File-URL-Category","Test Startup_App-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Startup_App-File-URL-Extension","host": "www.startup_app-file-url-host.com","method": "Test Startup_App-File-URL-Method","parent_categories": ["Test Startup_App-File-URL-Parent_Category","Test Startup_App-File-URL-Parent_Categories"],"path": "/download/trouble/startup_app/file/url/path","port": 80,"provider": "Test Startup_App-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Startup_App-File-URL-Referrer","referrer_categories": ["Test Startup_App-File-URL-Referrer_Category","Test Startup_App-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Startup_App-File-URL-Scheme","text": "www.startup_app-file-url-text.com/download/trouble"},"version": "Test Startup_App-File-Version","xattributes": {"ads_name": "Test Startup_App-File-XAttributes-ADS_Name","ads_size": "Test Startup_App-File-XAttributes-ADS_Size","dacl": "Test Startup_App-File-XAttributes-DACL","owner": "Test Startup_App-File-XAttributes-Owner","primary_group": "Test Startup_App-File-XAttributes-Primary_Group","link_name": "Test Startup_App-File-XAttributes-Link_Name","hard_link_count": "Test Startup_App-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Startup_App-File-XAttributes-Unix_Permissions"}},"name": "Test Startup_App-Name","normalized_cmd_line": "Test Startup_App-Normalized_CMD_Line","run_state_id": 1,"start_id": 0,"subtype_ids": [0,1,2,3,4],"subtypes": ["Test Startup_App-Subtype","Test Startup_App-Subtypes"],"type_ids": [0,1,2,3,4,5,6,7,8,9,10,11],"vendor": "Test Startup_App-Vendor"},"status_detail": "Test Status_Detail","status_id": 0,"status_os": "Test Status_OS","status_os_src": 12345678901,"status_stack_trace": "Test Status_Stack_Trace","status_thread_name": "Test Status_Thread_Name","stic_has_pii": true,"stic_hw_uid": "Test STIC_HW_UID","stic_ip_hash": "Test STIC_IP_Hash","stic_legacy_ent_uids": ["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids": ["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids": ["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id": "Test STIC_Schema_ID","stic_uid": "Test STIC_UID","stic_version": "Test STIC_Version","subfeature_name": "Test Subfeature_Name","time": "2024-02-29T02:00:00Z","timezone": 12345678901,"type": "Test Type","type_id": 8016,"user": {"account_disabled": true,"cloud_resource_uid": "Test User-Cloud_Resource_UID","domain": "Test User-Domain","external_account_uid": "Test User-External_Account_UID","external_uid": "Test User-External_UID","full_name": "Test User-Full_Name","groups": ["Test User-Group 1","Test User-Groups 1"],"home": "Test User-Home","is_admin": true,"logon_name": "Test User-Logon_Name","name": "Test User-Name","password_expires": true,"shell": "Test User-Shell","sid": "Test User-SID","uid": "Test User-UID"},"user_name": "Test User_Name","user_uid": "Test User_UID","uuid": "Test UUID","version": "1.4"}
 {"actor": {"app_name": "Test Actor-App_Name","app_uid": "Test Actor-App_UID","app_ver": "Test Actor-App_Ver","cmd_line": "Test Actor-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Actor-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-File-Creator","creator_process": "Test Actor-File-Creator_Process","desc": "Test Actor-File-Desc","folder": "c:\\windows\\system32\\actor\\file\\folder","folder_uid": "Test Actor-File-Folder_UID","is_system": true,"md5": "Test Actor-File-MD5","mime_type": "Test Actor-File-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-File-Modifier","name": "actor_file_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name": "Test Actor-File-Original_Name","owner": "Test Actor-File-Owner","parent_name": "Test Actor-File-Parent_Name","parent_sha2": "Test Actor-File-Parent_SHA2","path": "c:\\windows\\system32\\actor_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-File-Security_Descriptor","sha1": "Test Actor-File-SHA1","sha2": "Test Actor-File-SHA2","signature_company_name": "Test Actor-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithm","value": "Test Actor-File-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithms","value": "Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.28","src_name": "Test Actor-File-SRC_Name","type_id": 1,"uid": "Test Actor-File-UID","url": {"categories": ["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-File-URL-Extension","host": "www.actor-file-url-host.com","method": "Test Actor-File-URL-Method","parent_categories": ["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path": "/download/trouble/actor/file/url/path","port": 80,"provider": "Test Actor-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-File-URL-Referrer","referrer_categories": ["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-File-URL-Scheme","text": "www.actor-file-url-text.com/download/trouble"},"version": "Test Actor-File-Version","xattributes": {"ads_name": "Test Actor-File-XAttributes-ADS_Name","ads_size": "Test Actor-File-XAttributes-ADS_Size","dacl": "Test Actor-File-XAttributes-DACL","owner": "Test Actor-File-XAttributes-Owner","primary_group": "Test Actor-File-XAttributes-Primary_Group","link_name": "Test Actor-File-XAttributes-Link_Name","hard_link_count": "Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules": ["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Actor-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Actor-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-Module-Creator","creator_process": "Test Actor-Module-Creator_Process","desc": "Test Actor-Module-Desc","folder": "c:\\windows\\system32\\actor\\module\\folder","folder_uid": "Test Actor-Module-Folder_UID","is_system": true,"load_type": "Test Actor-Module-Load_Type","load_type_id": 0,"md5": "Test Actor-Module-MD5","mime_type": "Test Actor-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-Module-Modifier","name": "actor_module_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name": "Test Actor-Module-Original_Name","owner": "Test Actor-Module-Owner","parent_name": "Test Actor-Module-Parent_Name","parent_sha2": "Test Actor-Module-Parent_SHA2","path": "c:\\windows\\system32\\actor_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-Module-Security_Descriptor","sha1": "Test Actor-Module-SHA1","sha2": "Test Actor-Module-SHA2","signature_company_name": "Test Actor-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithm","value": "Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithms","value": "Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.29","src_name": "Test Actor-Module-SRC_Name","type_id": 1,"uid": "Test Actor-Module-UID","url": {"categories": ["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-Module-URL-Extension","host": "www.actor-module-url-host.com","method": "Test Actor-Module-URL-Method","parent_categories": ["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path": "/download/trouble/actor/module/url/path","port": 80,"provider": "Test Actor-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-Module-URL-Referrer","referrer_categories": ["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-Module-URL-Scheme","text": "www.actor-module-url-text.com/download/trouble"},"version": "Test Actor-Module-Version","xattributes": {"ads_name": "Test Actor-Module-XAttributes-ADS_Name","ads_size": "Test Actor-Module-XAttributes-ADS_Size","dacl": "Test Actor-Module-XAttributes-DACL","owner": "Test Actor-Module-XAttributes-Owner","primary_group": "Test Actor-Module-XAttributes-Primary_Group","link_name": "Test Actor-Module-XAttributes-Link_Name","hard_link_count": "Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Actor-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Actor-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote": true,"remote_host": "Test Actor-Session-Remote_Host","remote_ip": "10.0.0.30","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-Session-User-Cloud_Resource_UID","domain": "Test Actor-Session-User-Domain","external_account_uid": "Test Actor-Session-User-External_Account_UID","external_uid": "Test Actor-Session-User-External_UID","full_name": "Test Actor-Session-User-Full_Name","groups": ["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home": "Test Actor-Session-User-Home","is_admin": true,"logon_name": "Test Actor-Session-User-Logon_Name","name": "Test Actor-Session-User-Name","password_expires": true,"shell": "Test Actor-Session-User-Shell","sid": "Test Actor-Session-User-SID","uid": "Test Actor-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Actor-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-User-Cloud_Resource_UID","domain": "Test Actor-User-Domain","external_account_uid": "Test Actor-User-External_Account_UID","external_uid": "Test Actor-User-External_UID","full_name": "Test Actor-User-Full_Name","groups": ["Test Actor-User-Group","Test Actor-User-Groups"],"home": "Test Actor-User-Home","is_admin": true,"logon_name": "Test Actor-User-Logon_Name","name": "Test Actor-User-Name","password_expires": true,"shell": "Test Actor-User-Shell","sid": "Test Actor-User-SID","uid": "Test Actor-User-UID"},"xattributes": {"ads_name": "Test Actor-XAttributes-ADS_Name","ads_size": "Test Actor-XAttributes-ADS_Size","dacl": "Test Actor-XAttributes-DACL","owner": "Test Actor-XAttributes-Owner","primary_group": "Test Actor-XAttributes-Primary_Group","link_name": "Test Actor-XAttributes-Link_Name","hard_link_count": "Test Actor-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-XAttributes-Unix_Permissions"}},"analysis": "Test Analysis","attacks": [{"sub_technique_name": "Test Attacks-Sub_Technique_Name 1","sub_technique_uid": "Test Attacks-Sub_Technique_UID 1","tactic_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids": ["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name": "Test Attacks-Technique_Name 1","technique_uid": "Test Attacks-Technique_UID 1"},{"sub_technique_name": "Test Attacks-Sub_Technique_Name 2","sub_technique_uid": "Test Attacks-Sub_Technique_UID 2","tactic_ids": [21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids": ["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name": "Test Attacks-Technique_Name 2","technique_uid": "Test Attacks-Technique_UID 2"}],"category_id": 5,"collector_device_ip": "10.0.0.1","collector_device_name": "Test Collector_Device_Name","collector_name": "Test Collector_Name","collector_uid": "Test Collector_UID","composite": 1,"container": {"host_name": "Test Container-Host_Name","image_name": "Test Container-Image_Name","image_uid": "Test Container-Image_UID","name": "Test Container-Name","networks": [{"bssid": "Test Container-Networks-BSSID 1","gateway_ip": "10.0.0.2","gateway_mac": "00:B0:D0:63:C2:01","ipv4": "10.0.0.3","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:02","rep_score_id": 0,"ssid": "Test Container-Networks-SSID 1","type_id": 0},{"bssid": "Test Container-Networks-BSSID 2","gateway_ip": "10.0.0.4","gateway_mac": "00:B0:D0:63:C2:03","ipv4": "10.0.0.5","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:04","rep_score_id": 1,"ssid": "Test Container-Networks-SSID 2","type_id": 1}],"os_name": "Test Container-OS_Name","uid": "Test Container-UID"},"correlation_uid": "Test Correltion_UID","count": 12345678901,"customer_registry_uid": "Test Customer_Registry-UID","customer_uid": "Test Customer_UID","cybox": {"domains": ["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails": [{"direction_id": 0,"header_from": "Test Cybox-Emails-Header_From 1","header_message_id": "Test Cybox-Emails-Header_Message_ID 1","header_reply_to": "Test Cybox-Emails-Header_Reply_To 1","header_subject": "Test Cybox-Emails-Header_Subject 1","header_to": ["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip": "10.0.0.6","size": 12345678901,"smtp_from": "Test Cybox-Emails-SMTP_From 1","smtp_hello": "Test Cybox-Emails-SMTP_Hello 1","smtp_to": "Test Cybox-Emails-SMTP_To 1"},{"direction_id": 1,"header_from": "Test Cybox-Emails-Header_From 2","header_message_id": "Test Cybox-Emails-Header_Message_ID 2","header_reply_to": "Test Cybox-Emails-Header_Reply_To 2","header_subject": "Test Cybox-Emails-Header_Subject 2","header_to": ["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip": "10.0.0.7","size": 12345678902,"smtp_from": "Test Cybox-Emails-SMTP_From 2","smtp_hello": "Test Cybox-Emails-SMTP_Hello 2","smtp_to": "Test Cybox-Emails-SMTP_To 2"}],"files": [{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 1","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation 1","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Cybox-Files-Content_Type-SubType 1","type_id": 0},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 1","creator_process": "Test Cybox-Files-Creator_Process 1","desc": "Test Cybox-Files-Desc 1","folder": "c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid": "Test Cybox-Files-Folder_UID 1","is_system": true,"md5": "Test Cybox-Files-MD5 1","mime_type": "Test Cybox-Files-MIME_Type 1","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 1","name": "cybox_files_name_1.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name": "Test Cybox-Files-Original_Name 1","owner": "Test Cybox-Files-Owner 1","parent_name": "Test Cybox-Files-Parent_Name 1","parent_sha2": "Test Cybox-Files-Parent_SHA2 1","path": "c:\\windows\\system32\\cybox_files_path_1.exe","product_name": "Windows Internet Explorer 1","product_path": "Test Cybox-Files-Product_Path 1","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Cybox-Files-Security_Descriptor 1","sha1": "Test Cybox-Files-SHA1 1","sha2": "Test Cybox-Files-SHA2 1","signature_company_name": "Test Cybox-Files-Signature_Company_Name 1","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value": "Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value": "Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 1","signature_level_id": 0,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 1","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Cybox-Files-SRC_Name 1","type_id": 1,"uid": "Test Cybox-Files-UID 1","url": {"categories": ["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-Files-URL-Extension 1","host": "www.files-url-host-1.com","method": "Test Cybox-Files-URL-Method 1","parent_categories": ["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path": "/download/trouble/cybox/files/url/path/1","port": 80,"provider": "Test Cybox-Files-URL-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-Files-URL-Referrer 1","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-Files-URL-Scheme 1","text": "www.files-url-text-1.com/download/trouble"},"version": "Test Cybox-Files-Version 1","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 1","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 1","dacl": "Test Cybox-Files-XAttributes-DACL 1","owner": "Test Cybox-Files-XAttributes-Owner 1","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 1","link_name": "Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 2","attribute_ids": [11,12,13,14,15,16,17],"attributes": 12345678902,"company_name": "Microsoft Corporation 2","confidentiality_id": 1,"content_type": {"family_id": 1,"subtype": "Test Cybox-Files-Content_Type-SubType 2","type_id": 1},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 2","creator_process": "Test Cybox-Files-Creator_Process 2","desc": "Test Cybox-Files-Desc 2","folder": "c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid": "Test Cybox-Files-Folder_UID 2","is_system": true,"md5": "Test Cybox-Files-MD5 2","mime_type": "Test Cybox-Files-MIME_Type 2","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 2","name": "cybox_files_name_2.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name": "Test Cybox-Files-Original_Name 2","owner": "Test Cybox-Files-Owner 2","parent_name": "Test Cybox-Files-Parent_Name 2","parent_sha2": "Test Cybox-Files-Parent_SHA2 2","path": "c:\\windows\\system32\\cybox_files_path_2.exe","product_name": "Windows Internet Explorer 2","product_path": "Test Cybox-Files-Product_Path 2","rep_discovered_band": 1,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678902,"rep_prevalence_band": 1,"rep_score": 12345678902,"rep_score_band": 1,"security_descriptor": "Test Cybox-Files-Security_Descriptor 2","sha1": "Test Cybox-Files-SHA1 2","sha2": "Test Cybox-Files-SHA2 2","signature_company_name": "Test Cybox-Files-Signature_Company_Name 2","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value": "Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value": "Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 2","signature_level_id": 1,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 2","signature_value": 12345678902,"signature_value_ids": [11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678902,"size_compressed": 12345678902,"src_ip": "10.0.0.9","src_name": "Test Cybox-Files-SRC_Name 2","type_id": 1,"uid": "Test Cybox-Files-UID 2","url": {"categories": ["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-Files-URL-Extension 2","host": "www.files-url-host-2.com","method": "Test Cybox-Files-URL-Method 2","parent_categories": ["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path": "/download/trouble/cybox/files/url/path/2","port": 81,"provider": "Test Cybox-Files-URL-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-Files-URL-Referrer 2","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-Files-URL-Scheme 2","text": "www.files-url-text-2.com/download/trouble"},"version": "Test Cybox-Files-Version 2","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 2","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 2","dacl": "Test Cybox-Files-XAttributes-DACL 2","owner": "Test Cybox-Files-XAttributes-Owner 2","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 2","link_name": "Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames": ["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.10"},"service": "Test Cybox-ICAP_ReqMod-Service 1","status": "Test Cybox-ICAP_ReqMod-Status 1","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.11"},"service": "Test Cybox-ICAP_ReqMod-Service 2","status": "Test Cybox-ICAP_ReqMod-Status 2","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_RespMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip":"10.0.0.12"},"service": "Test Cybox-ICAP_RespMod-Service 1","status": "Test Cybox-ICAP_RespMod-Status 1","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_RespMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip":"10.0.0.13"},"service": "Test Cybox-ICAP_RespMod-Service 2","status": "Test Cybox-ICAP_RespMod-Status 2","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s": ["10.0.0.14","10.0.0.15"],"ipv6s": ["2a02:cf40::","2a02:cf40::"],"macs": ["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls": [{"categories": ["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-URLs-Extension 1","host": "www.urls-host-1.com","method": "Test Cybox-URLs-Method 1","parent_categories": ["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path": "/download/trouble/cybox/urls/path/1","port": 80,"provider": "Test Cybox-URLs-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-URLs-Referrer 1","referrer_categories": ["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-URLs-Scheme 1","text": "www.urls-text-1.com/download/trouble"},{"categories": ["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-URLs-Extension 2","host": "www.urls-host-2.com","method": "Test Cybox-URLs-Method 2","parent_categories": ["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path": "/download/trouble/cybox/urls/path/2","port": 81,"provider": "Test Cybox-URLs-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-URLs-Referrer 2","referrer_categories": ["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-URLs-Scheme 2","text": "www.urls-text-2.com/download/trouble"}]},"data": "Test Data","data_size": 12345678901,"device_alias_name": "Test Device_Alias_Name","device_cap": "Test Device_Cap","device_cloud_vm": {"autoscale_uid": "Test Device_Cloud_VM-Autoscale_UID","dc_region": "Test Device_Cloud_VM-DC_Region","instance_uid": "Test Device_Cloud_VM-Instance_UID","subnet_uid": "Test Device_Cloud_VM-Subnet_UID","vpc_uid": "Test Device_Cloud_VM-VPC_UID"},"device_desc": "Test Device_Desc","device_domain": "device.domain.internal.somecompany.com","device_domain_uid": "Test Device_Domain_UID","device_end_time": 1613021404000,"device_gateway": "10.0.0.16","device_group": "Test Device_Group","device_group_name": "Test Device_Group_Name","device_hw_bios_date": "03/31/16","device_hw_bios_manufacturer": "LENOVO","device_hw_bios_ver": "LENOVO G5ETA2WW (2.62)","device_hw_cpu_type": "x86 Family 6 Model 37 Stepping 5","device_imei": "Test Device_IMEI","device_ip": "10.0.0.17","device_is_compliant": true,"device_is_personal": true,"device_is_trusted": true,"device_is_unmanaged": true,"device_location": {"city": "Test Device_Location-City","continent": "Test Device_Location-Continent","coordinates": [-12.345,56.789],"country": "US","desc": "Test Device_Location-Desc","isp": "Test Device_Location-ISP","on_premises": true,"region": "US-CA"},"device_mac": "00:B0:D0:63:C2:07","device_name": "device.name.computer.domain","device_name_md5": "4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks": [{"bssid": "Test Device_Networks-BSSID 1","gateway_ip": "10.0.0.18","gateway_mac": "00:B0:D0:63:C2:08","ipv4": "10.0.0.19","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:09","rep_score_id": 0,"ssid": "Test Device_Networks-SSID 1","type_id": 0},{"bssid": "Test Device_Networks-BSSID 2","gateway_ip": "10.0.0.20","gateway_mac": "00:B0:D0:63:C2:10","ipv4": "10.0.0.21","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:11","rep_score_id": 1,"ssid": "Test Device_Networks-SSID 2","type_id": 1}],"device_org_unit": "Test Device_Org_Unit","device_os_bits": 12345678901,"device_os_build": "Test Device_OS_Build","device_os_country": "IN","device_os_edition": "Professional","device_os_lang": "en","device_os_name": "Windows Server 2019 Standard Edition","device_os_sp_name": "Test Device_OS_SP_Name","device_os_sp_ver": "Test Device_OS_SP_Ver","device_os_type_id": 0,"device_os_ver": "Windows 10","device_proxy_ip": "10.0.0.22","device_proxy_name": "Test Device_Proxy_Name","device_public_ip": "10.0.0.23","device_ref_uid": "Test Device_Ref_UID","device_site": "Test Device_Site","device_subnet": "81.2.69.142","device_time": 1613021404000,"device_type": "server","device_uid": "Test Device_UID","device_vhost": "Test Device_VHost","device_vhost_id": 0,"domain_uid": "Test Domain_UID","end_time": "2024-02-29T01:00:00.000Z","event_id": 8018004,"events": [{"connection": {"direction_id": 1,"dst_service": "C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip": "159.19.163.218"},"count": 1,"device_end_time": 1709225074618,"device_time": 1709225074618}],"feature_name": "Test Feature_Name","feature_path": "Test Feature_Path","feature_type": "Test Feature_Type","feature_uid": "Test Feature_UID","feature_ver": "2014.1.4.25","id": 12345678901,"impersonator_customer_uid": "Test Impersonator_Customer_UID","impersonator_domain_uid": "Test Impersonator_Domain_UID","impersonator_user_uid": "Test Impersonator_User_UID","is_user_present": true,"lineage": ["Test Lineage","Test Lineages"],"log_level": "Test Log Level","log_name": "Test Log_Name","log_time": "2024-02-29T01:00:00.000Z","logging_device_ip": "10.0.0.24","logging_device_name": "Test Logging_Device_Name","logging_device_post_time": 1613021404000,"logging_device_ref_uid": "Test Logging_Device_Ref_UID","message": "Test Message","message_code": "Test Message_Code","message_id": 0,"org_unit_uid": "Test Org_Unit_UID","orig_data": "Test Orig_Data","parent": {"app_name": "Test Parent-App_Name","app_uid": "Test Parent-App_UID","app_ver": "Test Parent-App_Ver","cmd_line": "Test Parent-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Parent-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-File-Creator","creator_process": "Test Parent-File-Creator_Process","desc": "Test Parent-File-Desc","folder": "c:\\windows\\system32\\parent\\file\\folder","folder_uid": "Test Parent-File-Folder_UID","is_system": true,"md5": "Test Parent-File-MD5","mime_type": "Test Parent-File-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-File-Modifier","name": "parent_file_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name": "Test Parent-File-Original_Name","owner": "Test Parent-File-Owner","parent_name": "Test Parent-File-Parent_Name","parent_sha2": "Test Parent-File-Parent_SHA2","path": "c:\\windows\\system32\\parent_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-File-Security_Descriptor","sha1": "Test Parent-File-SHA1","sha2": "Test Parent-File-SHA2","signature_company_name": "Test Parent-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithm","value": "Test Parent-File-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithms","value": "Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Parent Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.31","src_name": "Test Parent-File-SRC_Name","type_id": 1,"uid": "Test Parent-File-UID","url": {"categories": ["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-File-URL-Extension","host": "www.parent-file-url-host.com","method": "Test Parent-File-URL-Method","parent_categories": ["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path": "/download/trouble/parent/file/url/path","port": 80,"provider": "Test Parent-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-File-URL-Referrer","referrer_categories": ["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-File-URL-Scheme","text": "www.parent-file-url-text.com/download/trouble"},"version": "Test Parent-File-Version","xattributes": {"ads_name": "Test Parent-File-XAttributes-ADS_Name","ads_size": "Test Parent-File-XAttributes-ADS_Size","dacl": "Test Parent-File-XAttributes-DACL","owner": "Test Parent-File-XAttributes-Owner","primary_group": "Test Parent-File-XAttributes-Primary_Group","link_name": "Test Parent-File-XAttributes-Link_Name","hard_link_count": "Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules": ["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Parent-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Parent-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-Module-Creator","creator_process": "Test Parent-Module-Creator_Process","desc": "Test Parent-Module-Desc","folder": "c:\\windows\\system32\\parent\\module\\folder","folder_uid": "Test Parent-Module-Folder_UID","is_system": true,"load_type": "Test Parent-Module-Load_Type","load_type_id": 0,"md5": "Test Parent-Module-MD5","mime_type": "Test Parent-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-Module-Modifier","name": "parent_module_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name": "Test Parent-Module-Original_Name","owner": "Test Parent-Module-Owner","parent_name": "Test Parent-Module-Parent_Name","parent_sha2": "Test Parent-Module-Parent_SHA2","path": "c:\\windows\\system32\\parent_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-Module-Security_Descriptor","sha1": "Test Parent-Module-SHA1","sha2": "Test Parent-Module-SHA2","signature_company_name": "Test Parent-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithm","value": "Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithms","value": "Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Parent-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.32","src_name": "Test Parent-Module-SRC_Name","type_id": 1,"uid": "Test Parent-Module-UID","url": {"categories": ["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-Module-URL-Extension","host": "www.parent-module-url-host.com","method": "Test Parent-Module-URL-Method","parent_categories": ["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path": "/download/trouble/parent/module/url/path","port": 80,"provider": "Test Parent-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-Module-URL-Referrer","referrer_categories": ["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-Module-URL-Scheme","text": "www.parent-module-url-text.com/download/trouble"},"version": "Test Parent-Module-Version","xattributes": {"ads_name": "Test Parent-Module-XAttributes-ADS_Name","ads_size": "Test Parent-Module-XAttributes-ADS_Size","dacl": "Test Parent-Module-XAttributes-DACL","owner": "Test Parent-Module-XAttributes-Owner","primary_group": "Test Parent-Module-XAttributes-Primary_Group","link_name": "Test Parent-Module-XAttributes-Link_Name","hard_link_count": "Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Parent-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Parent-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote": true,"remote_host": "Test Parent-Session-Remote_Host","remote_ip": "10.0.0.33","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-Session-User-Cloud_Resource_UID","domain": "Test Parent-Session-User-Domain","external_account_uid": "Test Parent-Session-User-External_Account_UID","external_uid": "Test Parent-Session-User-External_UID","full_name": "Test Parent-Session-User-Full_Name","groups": ["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home": "Test Parent-Session-User-Home","is_admin": true,"logon_name": "Test Parent-Session-User-Logon_Name","name": "Test Parent-Session-User-Name","password_expires": true,"shell": "Test Parent-Session-User-Shell","sid": "Test Parent-Session-User-SID","uid": "Test Parent-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Parent-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-User-Cloud_Resource_UID","domain": "Test Parent-User-Domain","external_account_uid": "Test Parent-User-External_Account_UID","external_uid": "Test Parent-User-External_UID","full_name": "Test Parent-User-Full_Name","groups": ["Test Parent-User-Group","Test Parent-User-Groups"],"home": "Test Parent-User-Home","is_admin": true,"logon_name": "Test Parent-User-Logon_Name","name": "Test Parent-User-Name","password_expires": true,"shell": "Test Parent-User-Shell","sid": "Test Parent-User-SID","uid": "Test Parent-User-UID"},"xattributes": {"ads_name": "Test Parent-XAttributes-ADS_Name","ads_size": "Test Parent-XAttributes-ADS_Size","dacl": "Test Parent-XAttributes-DACL","owner": "Test Parent-XAttributes-Owner","primary_group": "Test Parent-XAttributes-Primary_Group","link_name": "Test Parent-XAttributes-Link_Name","hard_link_count": "Test Parent-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-XAttributes-Unix_Permissions"}},"policy": {"desc": "Test Policy-Desc","effective_date": 1613021404000,"group_desc": "Test Policy-Group_Desc","group_name": "Test Policy-Group_Name","group_uid": "Test Policy-Group_UID","label": "Test Policy-Label","name": "Test Policy-Name","rule_category_id": 0,"rule_desc": "Test Policy-Rule_Desc","rule_group_desc": "Test Policy-Rule_Group_Desc","rule_group_name": "Test Policy-Rule_Group_Name","rule_group_uid": "Test Policy-Rule_Group_UID","rule_name": "Test Policy-Rule_Name","rule_uid": "Test Policy-Rule_UID","rules": [{"category_id": 0,"desc": "Test Policy-Rules-Desc 1","dlp_type_id": 1,"name": "Test Policy-Rules-Name 1","num_violations": 12345678901,"uid": "Test Policy-Rules-UID 1"},{"category_id": 1,"desc": "Test Policy-Rules-Desc 2","dlp_type_id": 2,"name": "Test Policy-Rules-Name 2","num_violations": 12345678902,"uid": "Test Policy-Rules-UID 2"}],"state_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id": 0,"uid": "Test Policy-UID","version": "Test Policy-Version"},"product_data": {"sep_domain_uid": "Test Product_Data-Sep_Domain_UID","sep_hw_uid": "Test Product_Data-Sep_HW_UID"},"product_lang": "en","product_name": "Symantec Endpoint Security","product_uid": "Test Product_UID","product_ver": "2014.1.4.25-beta","proxy_device_ip": "10.0.0.25","proxy_device_name": "Test Proxy_Device_Name","raw_data": {"assetID": "vc9DagprQYyLZ23SEY1APw","assetOpstateDTO": {"productUuid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9","features": [{"uuid": "1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus": "SECURE","opstate": {"EDRContentSequence": "20231128005","EDREngineVersion": "4.11.0.10","EDRFramworkVersion": "4.10.0.59","FDRStatus": true,"LowDiskSpace": false,"MaxDBSizeHonored": true,"applied_policy": {"effective_date": 1709219437080,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "7dc29d40-f303-477a-9012-287ef252a391","version": "16"},"disk_usage_mb": 1546,"fdr_first_event_date": "20240227","fdr_state": 1},"state": "ENABLED","statusReason": ["-107","0"],"prevention_state": "1"}],"products_active": 0,"blades": 0}},"ref_log_name": "Test Ref_Log_Name","ref_log_time": "2024-02-29T01:00:00.000Z","ref_orig_uid": "Test Ref_Orig_UID","ref_uid": "Test Ref_UID","remediated": true,"remediation": "Test Remediation","remediation_ref": "Test Remediation_Ref","remediation_uid": 0,"resource": "Test Resource","risk_ref_value": 12345678901,"scan_uid": "Test Scan_UID","seq_num": 12345678901,"sessions": [{"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote": true,"remote_host": "Test Sessions-Remote_Host 1","remote_ip": "10.0.0.26","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 1","domain": "Test Sessions-User-Domain 1","external_account_uid": "Test Sessions-User-External_Account_UID 1","external_uid": "Test Sessions-User-External_UID 1","full_name": "Test Sessions-User-Full_Name 1","groups": ["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home": "Test Sessions-User-Home 1","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 1","name": "Test session-User-Name 1","password_expires": true,"shell": "Test Sessions-User-Shell 1","sid": "Test Sessions-User-SID 1","uid": "Test Sessions-User-UID 1"}},{"auth_protocol_id": 1,"cleartext_credentials": true,"direction_id": 1,"id": 67890123451,"is_admin": true,"logon_type_id": 2,"port": 81,"previous_users": ["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote": true,"remote_host": "Test Sessions-Remote_Host 2","remote_ip": "10.0.0.27","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 2","domain": "Test Sessions-User-Domain 2","external_account_uid": "Test Sessions-User-External_Account_UID 2","external_uid": "Test Sessions-User-External_UID 2","full_name": "Test Sessions-User-Full_Name 2","groups": ["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home": "Test Sessions-User-Home 2","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 2","name": "Test session-User-Name 2","password_expires": true,"shell": "Test Sessions-User-Shell 2","sid": "Test Sessions-User-SID 2","uid": "Test Sessions-User-UID 2"}}],"severity_id": 0,"source": {"facility": "Test Source-Facility","facility_detail": "Test Source-Facility_Detail","facility_uid": "Test Source-Facility_UID","type_id": 1},"status_detail": "Test Status_Detail","status_id": 0,"status_os": "Test Status_OS","status_os_src": 12345678901,"status_stack_trace": "Test Status_Stack_Trace","status_thread_name": "Test Status_Thread_Name","stic_has_pii": true,"stic_hw_uid": "Test STIC_HW_UID","stic_ip_hash": "Test STIC_IP_Hash","stic_legacy_ent_uids": ["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids": ["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids": ["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id": "Test STIC_Schema_ID","stic_uid": "Test STIC_UID","stic_version": "Test STIC_Version","subfeature_name": "Test Subfeature_Name","time": "2024-02-29T02:00:00Z","timezone": 12345678901,"type": "Test Type","type_id": 8018,"user": {"account_disabled": true,"cloud_resource_uid": "Test User-Cloud_Resource_UID","domain": "Test User-Domain","external_account_uid": "Test User-External_Account_UID","external_uid": "Test User-External_UID","full_name": "Test User-Full_Name","groups": ["Test User-Group 1","Test User-Groups 1"],"home": "Test User-Home","is_admin": true,"logon_name": "Test User-Logon_Name","name": "Test User-Name","password_expires": true,"shell": "Test User-Shell","sid": "Test User-SID","uid": "Test User-UID"},"user_name": "Test User_Name","user_uid": "Test User_UID","uuid": "Test UUID","version": "1.4"}
+{"actor":{"app_name":"Test Actor-App_Name","app_uid":"Test Actor-App_UID","app_ver":"Test Actor-App_Ver","cmd_line":"Test Actor-CMD_Line","file":{"accessed":1613021404000,"accessor":"Test Actor-File-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Actor-File-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Actor-File-Creator","creator_process":"Test Actor-File-Creator_Process","desc":"Test Actor-File-Desc","folder":"c:\\windows\\system32\\actor\\file\\folder","folder_uid":"Test Actor-File-Folder_UID","is_system":true,"md5":"Test Actor-File-MD5","mime_type":"Test Actor-File-MIME_Type","modified":1613021404000,"modifier":"Test Actor-File-Modifier","name":"actor_file_name.exe","normalized_path":"CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name":"Test Actor-File-Original_Name","owner":"Test Actor-File-Owner","parent_name":"Test Actor-File-Parent_Name","parent_sha2":"Test Actor-File-Parent_SHA2","path":"c:\\windows\\system32\\actor_file_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Actor-File-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Actor-File-Security_Descriptor","sha1":"Test Actor-File-SHA1","sha2":"Test Actor-File-SHA2","signature_company_name":"Test Actor-File-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Actor-File-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Actor-File-Signature_Fingerprints-Algorithm","value":"Test Actor-File-Signature_Fingerprints-Value"},{"algorithm":"Test Actor-File-Signature_Fingerprints-Algorithms","value":"Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer":"Test Actor-File-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Actor-File-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.28","src_name":"Test Actor-File-SRC_Name","type_id":1,"uid":"Test Actor-File-UID","url":{"categories":["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Actor-File-URL-Extension","host":"www.actor-file-url-host.com","method":"Test Actor-File-URL-Method","parent_categories":["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path":"/download/trouble/actor/file/url/path","port":80,"provider":"Test Actor-File-URL-Provider","query":"q=bad&sort=date","referrer":"Test Actor-File-URL-Referrer","referrer_categories":["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Actor-File-URL-Scheme","text":"www.actor-file-url-text.com/download/trouble"},"version":"Test Actor-File-Version","xattributes":{"ads_name":"Test Actor-File-XAttributes-ADS_Name","ads_size":"Test Actor-File-XAttributes-ADS_Size","dacl":"Test Actor-File-XAttributes-DACL","owner":"Test Actor-File-XAttributes-Owner","primary_group":"Test Actor-File-XAttributes-Primary_Group","link_name":"Test Actor-File-XAttributes-Link_Name","hard_link_count":"Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id":0,"lineage":["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules":["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module":{"accessed":1613021404000,"accessor":"Test Actor-Module-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"base_address":"Test Actor-Module-Base_Address","company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Actor-Module-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Actor-Module-Creator","creator_process":"Test Actor-Module-Creator_Process","desc":"Test Actor-Module-Desc","folder":"c:\\windows\\system32\\actor\\module\\folder","folder_uid":"Test Actor-Module-Folder_UID","is_system":true,"load_type":"Test Actor-Module-Load_Type","load_type_id":0,"md5":"Test Actor-Module-MD5","mime_type":"Test Actor-Module-MIME_Type","modified":1613021404000,"modifier":"Test Actor-Module-Modifier","name":"actor_module_name.exe","normalized_path":"CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name":"Test Actor-Module-Original_Name","owner":"Test Actor-Module-Owner","parent_name":"Test Actor-Module-Parent_Name","parent_sha2":"Test Actor-Module-Parent_SHA2","path":"c:\\windows\\system32\\actor_module_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Actor-Module-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Actor-Module-Security_Descriptor","sha1":"Test Actor-Module-SHA1","sha2":"Test Actor-Module-SHA2","signature_company_name":"Test Actor-Module-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Actor-Module-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithm","value":"Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithms","value":"Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer":"Test Actor-Module-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Actor-Module-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.29","src_name":"Test Actor-Module-SRC_Name","type_id":1,"uid":"Test Actor-Module-UID","url":{"categories":["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Actor-Module-URL-Extension","host":"www.actor-module-url-host.com","method":"Test Actor-Module-URL-Method","parent_categories":["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path":"/download/trouble/actor/module/url/path","port":80,"provider":"Test Actor-Module-URL-Provider","query":"q=bad&sort=date","referrer":"Test Actor-Module-URL-Referrer","referrer_categories":["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Actor-Module-URL-Scheme","text":"www.actor-module-url-text.com/download/trouble"},"version":"Test Actor-Module-Version","xattributes":{"ads_name":"Test Actor-Module-XAttributes-ADS_Name","ads_size":"Test Actor-Module-XAttributes-ADS_Size","dacl":"Test Actor-Module-XAttributes-DACL","owner":"Test Actor-Module-XAttributes-Owner","primary_group":"Test Actor-Module-XAttributes-Primary_Group","link_name":"Test Actor-Module-XAttributes-Link_Name","hard_link_count":"Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line":"Test Actor-Normalized_CMD_Line","pid":12345678901,"sandbox_name":"Test Actor-Sandbox_Name","session":{"auth_protocol_id":0,"cleartext_credentials":true,"direction_id":0,"id":12345678901,"is_admin":true,"logon_type_id":1,"port":80,"previous_users":["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote":true,"remote_host":"Test Actor-Session-Remote_Host","remote_ip":"10.0.0.30","user":{"account_disabled":true,"cloud_resource_uid":"Test Actor-Session-User-Cloud_Resource_UID","domain":"Test Actor-Session-User-Domain","external_account_uid":"Test Actor-Session-User-External_Account_UID","external_uid":"Test Actor-Session-User-External_UID","full_name":"Test Actor-Session-User-Full_Name","groups":["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home":"Test Actor-Session-User-Home","is_admin":true,"logon_name":"Test Actor-Session-User-Logon_Name","name":"Test Actor-Session-User-Name","password_expires":true,"shell":"Test Actor-Session-User-Shell","sid":"Test Actor-Session-User-SID","uid":"Test Actor-Session-User-UID"}},"session_id":12345678901,"start_time":1613021404000,"tid":12345678901,"uid":"Test Actor-UID","user":{"account_disabled":true,"cloud_resource_uid":"Test Actor-User-Cloud_Resource_UID","domain":"Test Actor-User-Domain","external_account_uid":"Test Actor-User-External_Account_UID","external_uid":"Test Actor-User-External_UID","full_name":"Test Actor-User-Full_Name","groups":["Test Actor-User-Group","Test Actor-User-Groups"],"home":"Test Actor-User-Home","is_admin":true,"logon_name":"Test Actor-User-Logon_Name","name":"Test Actor-User-Name","password_expires":true,"shell":"Test Actor-User-Shell","sid":"Test Actor-User-SID","uid":"Test Actor-User-UID"},"xattributes":{"ads_name":"Test Actor-XAttributes-ADS_Name","ads_size":"Test Actor-XAttributes-ADS_Size","dacl":"Test Actor-XAttributes-DACL","owner":"Test Actor-XAttributes-Owner","primary_group":"Test Actor-XAttributes-Primary_Group","link_name":"Test Actor-XAttributes-Link_Name","hard_link_count":"Test Actor-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-XAttributes-Unix_Permissions"}},"analysis":"Test Analysis","attacks":[{"sub_technique_name":"Test Attacks-Sub_Technique_Name 1","sub_technique_uid":"Test Attacks-Sub_Technique_UID 1","tactic_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids":["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name":"Test Attacks-Technique_Name 1","technique_uid":"Test Attacks-Technique_UID 1"},{"sub_technique_name":"Test Attacks-Sub_Technique_Name 2","sub_technique_uid":"Test Attacks-Sub_Technique_UID 2","tactic_ids":[21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids":["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name":"Test Attacks-Technique_Name 2","technique_uid":"Test Attacks-Technique_UID 2"}],"category_id":5,"collector_device_ip":"10.0.0.1","collector_device_name":"Test Collector_Device_Name","collector_name":"Test Collector_Name","collector_uid":"Test Collector_UID","composite":1,"container":{"host_name":"Test Container-Host_Name","image_name":"Test Container-Image_Name","image_uid":"Test Container-Image_UID","name":"Test Container-Name","networks":[{"bssid":"Test Container-Networks-BSSID 1","gateway_ip":"10.0.0.2","gateway_mac":"00:B0:D0:63:C2:01","ipv4":"10.0.0.3","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:02","rep_score_id":0,"ssid":"Test Container-Networks-SSID 1","type_id":0},{"bssid":"Test Container-Networks-BSSID 2","gateway_ip":"10.0.0.4","gateway_mac":"00:B0:D0:63:C2:03","ipv4":"10.0.0.5","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:04","rep_score_id":1,"ssid":"Test Container-Networks-SSID 2","type_id":1}],"os_name":"Test Container-OS_Name","uid":"Test Container-UID"},"correlation_uid":"Test Correltion_UID","count":12345678901,"customer_registry_uid":"Test Customer_Registry-UID","customer_uid":"Test Customer_UID","cybox":{"domains":["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails":[{"direction_id":0,"header_from":"Test Cybox-Emails-Header_From 1","header_message_id":"Test Cybox-Emails-Header_Message_ID 1","header_reply_to":"Test Cybox-Emails-Header_Reply_To 1","header_subject":"Test Cybox-Emails-Header_Subject 1","header_to":["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip":"10.0.0.6","size":12345678901,"smtp_from":"Test Cybox-Emails-SMTP_From 1","smtp_hello":"Test Cybox-Emails-SMTP_Hello 1","smtp_to":"Test Cybox-Emails-SMTP_To 1"},{"direction_id":1,"header_from":"Test Cybox-Emails-Header_From 2","header_message_id":"Test Cybox-Emails-Header_Message_ID 2","header_reply_to":"Test Cybox-Emails-Header_Reply_To 2","header_subject":"Test Cybox-Emails-Header_Subject 2","header_to":["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip":"10.0.0.7","size":12345678902,"smtp_from":"Test Cybox-Emails-SMTP_From 2","smtp_hello":"Test Cybox-Emails-SMTP_Hello 2","smtp_to":"Test Cybox-Emails-SMTP_To 2"}],"files":[{"accessed":1613021404000,"accessor":"Test Cybox-Files-Accessor 1","attribute_ids":[1,2,3,4,5,6,7,8,9,10],"attributes":12345678901,"company_name":"Microsoft Corporation 1","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Cybox-Files-Content_Type-SubType 1","type_id":0},"created":1613021404000,"creator":"Test Cybox-Files-Creator 1","creator_process":"Test Cybox-Files-Creator_Process 1","desc":"Test Cybox-Files-Desc 1","folder":"c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid":"Test Cybox-Files-Folder_UID 1","is_system":true,"md5":"Test Cybox-Files-MD5 1","mime_type":"Test Cybox-Files-MIME_Type 1","modified":1613021404000,"modifier":"Test Cybox-Files-Modifier 1","name":"cybox_files_name_1.exe","normalized_path":"CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name":"Test Cybox-Files-Original_Name 1","owner":"Test Cybox-Files-Owner 1","parent_name":"Test Cybox-Files-Parent_Name 1","parent_sha2":"Test Cybox-Files-Parent_SHA2 1","path":"c:\\windows\\system32\\cybox_files_path_1.exe","product_name":"Windows Internet Explorer 1","product_path":"Test Cybox-Files-Product_Path 1","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Cybox-Files-Security_Descriptor 1","sha1":"Test Cybox-Files-SHA1 1","sha2":"Test Cybox-Files-SHA2 1","signature_company_name":"Test Cybox-Files-Signature_Company_Name 1","signature_created_date":1613021404000,"signature_developer_uid":"Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints":[{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value":"Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value":"Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer":"Test Cybox-Files-Signature_Issuer 1","signature_level_id":0,"signature_serial_number":"Test Cybox-Files-Signature_Serial_Number 1","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.8","src_name":"Test Cybox-Files-SRC_Name 1","type_id":1,"uid":"Test Cybox-Files-UID 1","url":{"categories":["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension":"Test Cybox-Files-URL-Extension 1","host":"www.files-url-host-1.com","method":"Test Cybox-Files-URL-Method 1","parent_categories":["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path":"/download/trouble/cybox/files/url/path/1","port":80,"provider":"Test Cybox-Files-URL-Provider 1","query":"q=bad&sort=date_1","referrer":"Test Cybox-Files-URL-Referrer 1","referrer_categories":["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Cybox-Files-URL-Scheme 1","text":"www.files-url-text-1.com/download/trouble"},"version":"Test Cybox-Files-Version 1","xattributes":{"ads_name":"Test Cybox-Files-XAttributes-ADS_Name 1","ads_size":"Test Cybox-Files-XAttributes-ADS_Size 1","dacl":"Test Cybox-Files-XAttributes-DACL 1","owner":"Test Cybox-Files-XAttributes-Owner 1","primary_group":"Test Cybox-Files-XAttributes-Primary_Group 1","link_name":"Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count":"Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions":"Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed":1613021404000,"accessor":"Test Cybox-Files-Accessor 2","attribute_ids":[11,12,13,14,15,16,17],"attributes":12345678902,"company_name":"Microsoft Corporation 2","confidentiality_id":1,"content_type":{"family_id":1,"subtype":"Test Cybox-Files-Content_Type-SubType 2","type_id":1},"created":1613021404000,"creator":"Test Cybox-Files-Creator 2","creator_process":"Test Cybox-Files-Creator_Process 2","desc":"Test Cybox-Files-Desc 2","folder":"c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid":"Test Cybox-Files-Folder_UID 2","is_system":true,"md5":"Test Cybox-Files-MD5 2","mime_type":"Test Cybox-Files-MIME_Type 2","modified":1613021404000,"modifier":"Test Cybox-Files-Modifier 2","name":"cybox_files_name_2.exe","normalized_path":"CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name":"Test Cybox-Files-Original_Name 2","owner":"Test Cybox-Files-Owner 2","parent_name":"Test Cybox-Files-Parent_Name 2","parent_sha2":"Test Cybox-Files-Parent_SHA2 2","path":"c:\\windows\\system32\\cybox_files_path_2.exe","product_name":"Windows Internet Explorer 2","product_path":"Test Cybox-Files-Product_Path 2","rep_discovered_band":1,"rep_discovered_date":1613021404000,"rep_prevalence":12345678902,"rep_prevalence_band":1,"rep_score":12345678902,"rep_score_band":1,"security_descriptor":"Test Cybox-Files-Security_Descriptor 2","sha1":"Test Cybox-Files-SHA1 2","sha2":"Test Cybox-Files-SHA2 2","signature_company_name":"Test Cybox-Files-Signature_Company_Name 2","signature_created_date":1613021404000,"signature_developer_uid":"Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints":[{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value":"Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value":"Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer":"Test Cybox-Files-Signature_Issuer 2","signature_level_id":1,"signature_serial_number":"Test Cybox-Files-Signature_Serial_Number 2","signature_value":12345678902,"signature_value_ids":[11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678902,"size_compressed":12345678902,"src_ip":"10.0.0.9","src_name":"Test Cybox-Files-SRC_Name 2","type_id":1,"uid":"Test Cybox-Files-UID 2","url":{"categories":["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids":[101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Cybox-Files-URL-Extension 2","host":"www.files-url-host-2.com","method":"Test Cybox-Files-URL-Method 2","parent_categories":["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path":"/download/trouble/cybox/files/url/path/2","port":81,"provider":"Test Cybox-Files-URL-Provider 2","query":"q=bad&sort=date_2","referrer":"Test Cybox-Files-URL-Referrer 2","referrer_categories":["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids":[12345678902,67890123452],"rep_score_id":1,"scheme":"Test Cybox-Files-URL-Scheme 2","text":"www.files-url-text-2.com/download/trouble"},"version":"Test Cybox-Files-Version 2","xattributes":{"ads_name":"Test Cybox-Files-XAttributes-ADS_Name 2","ads_size":"Test Cybox-Files-XAttributes-ADS_Size 2","dacl":"Test Cybox-Files-XAttributes-DACL 2","owner":"Test Cybox-Files-XAttributes-Owner 2","primary_group":"Test Cybox-Files-XAttributes-Primary_Group 2","link_name":"Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count":"Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions":"Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames":["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod":[{"metadata":{"field1_keyword":"Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number":12345678901,"field1_boolean":true,"field1_ip":"10.0.0.10"},"service":"Test Cybox-ICAP_ReqMod-Service 1","status":"Test Cybox-ICAP_ReqMod-Status 1","status_detail":"Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata":{"field2_keyword":"Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number":12345678902,"field2_boolean":true,"field2_ip":"10.0.0.11"},"service":"Test Cybox-ICAP_ReqMod-Service 2","status":"Test Cybox-ICAP_ReqMod-Status 2","status_detail":"Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod":[{"metadata":{"field1_keyword":"Test Cybox-ICAP_RespMod-field1_Keyword","field1_number":12345678901,"field1_boolean":true,"field1_ip":"10.0.0.12"},"service":"Test Cybox-ICAP_RespMod-Service 1","status":"Test Cybox-ICAP_RespMod-Status 1","status_detail":"Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata":{"field2_keyword":"Test Cybox-ICAP_RespMod-field2_Keyword","field2_number":12345678902,"field2_boolean":true,"field2_ip":"10.0.0.13"},"service":"Test Cybox-ICAP_RespMod-Service 2","status":"Test Cybox-ICAP_RespMod-Status 2","status_detail":"Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s":["10.0.0.14","10.0.0.15"],"ipv6s":["2a02:cf40::","2a02:cf40::"],"macs":["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls":[{"categories":["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension":"Test Cybox-URLs-Extension 1","host":"www.urls-host-1.com","method":"Test Cybox-URLs-Method 1","parent_categories":["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path":"/download/trouble/cybox/urls/path/1","port":80,"provider":"Test Cybox-URLs-Provider 1","query":"q=bad&sort=date_1","referrer":"Test Cybox-URLs-Referrer 1","referrer_categories":["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Cybox-URLs-Scheme 1","text":"www.urls-text-1.com/download/trouble"},{"categories":["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids":[101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Cybox-URLs-Extension 2","host":"www.urls-host-2.com","method":"Test Cybox-URLs-Method 2","parent_categories":["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path":"/download/trouble/cybox/urls/path/2","port":81,"provider":"Test Cybox-URLs-Provider 2","query":"q=bad&sort=date_2","referrer":"Test Cybox-URLs-Referrer 2","referrer_categories":["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids":[12345678902,67890123452],"rep_score_id":1,"scheme":"Test Cybox-URLs-Scheme 2","text":"www.urls-text-2.com/download/trouble"}]},"device_alias_name":"Test Device_Alias_Name","device_cap":"Test Device_Cap","device_cloud_vm":{"autoscale_uid":"Test Device_Cloud_VM-Autoscale_UID","dc_region":"Test Device_Cloud_VM-DC_Region","instance_uid":"Test Device_Cloud_VM-Instance_UID","subnet_uid":"Test Device_Cloud_VM-Subnet_UID","vpc_uid":"Test Device_Cloud_VM-VPC_UID"},"device_desc":"Test Device_Desc","device_domain":"device.domain.internal.somecompany.com","device_domain_uid":"Test Device_Domain_UID","device_end_time":1613021404000,"device_gateway":"10.0.0.16","device_group":"Test Device_Group","device_group_name":"Test Device_Group_Name","device_hw_bios_date":"03/31/16","device_hw_bios_manufacturer":"LENOVO","device_hw_bios_ver":"LENOVO G5ETA2WW (2.62)","device_hw_cpu_type":"x86 Family 6 Model 37 Stepping 5","device_imei":"Test Device_IMEI","device_ip":"10.0.0.17","device_is_compliant":true,"device_is_personal":true,"device_is_trusted":true,"device_is_unmanaged":true,"device_location":{"city":"Test Device_Location-City","continent":"Test Device_Location-Continent","coordinates":[-12.345,56.789],"country":"US","desc":"Test Device_Location-Desc","isp":"Test Device_Location-ISP","on_premises":true,"region":"US-CA"},"device_mac":"00:B0:D0:63:C2:07","device_name":"device.name.computer.domain","device_name_md5":"4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks":[{"bssid":"Test Device_Networks-BSSID 1","gateway_ip":"10.0.0.18","gateway_mac":"00:B0:D0:63:C2:08","ipv4":"10.0.0.19","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:09","rep_score_id":0,"ssid":"Test Device_Networks-SSID 1","type_id":0},{"bssid":"Test Device_Networks-BSSID 2","gateway_ip":"10.0.0.20","gateway_mac":"00:B0:D0:63:C2:10","ipv4":"10.0.0.21","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:11","rep_score_id":1,"ssid":"Test Device_Networks-SSID 2","type_id":1}],"device_org_unit":"Test Device_Org_Unit","device_os_bits":12345678901,"device_os_build":"Test Device_OS_Build","device_os_country":"IN","device_os_edition":"Professional","device_os_lang":"en","device_os_name":"Windows Server 2019 Standard Edition","device_os_sp_name":"Test Device_OS_SP_Name","device_os_sp_ver":"Test Device_OS_SP_Ver","device_os_type_id":0,"device_os_ver":"Windows 10","device_proxy_ip":"10.0.0.22","device_proxy_name":"Test Device_Proxy_Name","device_public_ip":"10.0.0.23","device_ref_uid":"Test Device_Ref_UID","device_site":"Test Device_Site","device_subnet":"81.2.69.142","device_time":1613021404000,"device_type":"server","device_uid":"Test Device_UID","device_vhost":"Test Device_VHost","device_vhost_id":0,"domain_uid":"Test Domain_UID","end_time":"2024-02-29T01:00:00.000Z","event_id":8002000,"events":[{"connection":{"direction_id":1,"dst_service":"C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip":"159.19.163.218"},"count":1,"device_end_time":1709225074618,"device_time":1709225074618},{"connection":{"direction_id":1,"dst_service":"C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip":"159.19.163.177"},"count":15,"device_end_time":1709224900876,"device_time":1709223792864}],"feature_name":"Test Feature_Name","feature_path":"Test Feature_Path","feature_type":"Test Feature_Type","feature_uid":"Test Feature_UID","feature_ver":"2014.1.4.25","id":12345678901,"impersonator_customer_uid":"Test Impersonator_Customer_UID","impersonator_domain_uid":"Test Impersonator_Domain_UID","impersonator_user_uid":"Test Impersonator_User_UID","is_user_present":true,"lineage":["Test Lineage","Test Lineages"],"log_level":"Test Log Level","log_name":"Test Log_Name","log_time":"2024-02-29T01:00:00.000Z","logging_device_ip":"10.0.0.24","logging_device_name":"Test Logging_Device_Name","logging_device_post_time":1613021404000,"logging_device_ref_uid":"Test Logging_Device_Ref_UID","message":"Test Message","message_code":"Test Message_Code","message_id":0,"module":{"accessed":1613021404000,"accessor":"Test Actor-Module-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"base_address":"Test Actor-Module-Base_Address","company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Actor-Module-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Actor-Module-Creator","creator_process":"Test Actor-Module-Creator_Process","desc":"Test Actor-Module-Desc","folder":"c:\\windows\\system32\\actor\\module\\folder","folder_uid":"Test Actor-Module-Folder_UID","is_system":true,"load_type":"Test Actor-Module-Load_Type","load_type_id":0,"md5":"Test Actor-Module-MD5","mime_type":"Test Actor-Module-MIME_Type","modified":1613021404000,"modifier":"Test Actor-Module-Modifier","name":"actor_module_name.exe","normalized_path":"CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name":"Test Actor-Module-Original_Name","owner":"Test Actor-Module-Owner","parent_name":"Test Actor-Module-Parent_Name","parent_sha2":"Test Actor-Module-Parent_SHA2","path":"c:\\windows\\system32\\actor_module_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Actor-Module-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Actor-Module-Security_Descriptor","sha1":"Test Actor-Module-SHA1","sha2":"Test Actor-Module-SHA2","signature_company_name":"Test Actor-Module-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Actor-Module-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithm","value":"Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithms","value":"Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer":"Test Actor-Module-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Actor-Module-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.29","src_name":"Test Actor-Module-SRC_Name","type_id":1,"uid":"Test Actor-Module-UID","url":"www.actor-module-url-text.com/download/trouble","version":"Test Actor-Module-Version","xattributes":{"ads_name":"Test Actor-Module-XAttributes-ADS_Name","ads_size":"Test Actor-Module-XAttributes-ADS_Size","dacl":"Test Actor-Module-XAttributes-DACL","owner":"Test Actor-Module-XAttributes-Owner","primary_group":"Test Actor-Module-XAttributes-Primary_Group","link_name":"Test Actor-Module-XAttributes-Link_Name","hard_link_count":"Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-Module-XAttributes-Unix_Permissions"}},"org_unit_uid":"Test Org_Unit_UID","orig_data":"Test Orig_Data","parent":{"app_name":"Test Parent-App_Name","app_uid":"Test Parent-App_UID","app_ver":"Test Parent-App_Ver","cmd_line":"Test Parent-CMD_Line","file":{"accessed":1613021404000,"accessor":"Test Parent-File-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Parent-File-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Parent-File-Creator","creator_process":"Test Parent-File-Creator_Process","desc":"Test Parent-File-Desc","folder":"c:\\windows\\system32\\parent\\file\\folder","folder_uid":"Test Parent-File-Folder_UID","is_system":true,"md5":"Test Parent-File-MD5","mime_type":"Test Parent-File-MIME_Type","modified":1613021404000,"modifier":"Test Parent-File-Modifier","name":"parent_file_name.exe","normalized_path":"CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name":"Test Parent-File-Original_Name","owner":"Test Parent-File-Owner","parent_name":"Test Parent-File-Parent_Name","parent_sha2":"Test Parent-File-Parent_SHA2","path":"c:\\windows\\system32\\parent_file_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Parent-File-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Parent-File-Security_Descriptor","sha1":"Test Parent-File-SHA1","sha2":"Test Parent-File-SHA2","signature_company_name":"Test Parent-File-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Parent-File-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Parent-File-Signature_Fingerprints-Algorithm","value":"Test Parent-File-Signature_Fingerprints-Value"},{"algorithm":"Test Parent-File-Signature_Fingerprints-Algorithms","value":"Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer":"Test Parent-File-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Parent Actor-File-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.31","src_name":"Test Parent-File-SRC_Name","type_id":1,"uid":"Test Parent-File-UID","url":{"categories":["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Parent-File-URL-Extension","host":"www.parent-file-url-host.com","method":"Test Parent-File-URL-Method","parent_categories":["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path":"/download/trouble/parent/file/url/path","port":80,"provider":"Test Parent-File-URL-Provider","query":"q=bad&sort=date","referrer":"Test Parent-File-URL-Referrer","referrer_categories":["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Parent-File-URL-Scheme","text":"www.parent-file-url-text.com/download/trouble"},"version":"Test Parent-File-Version","xattributes":{"ads_name":"Test Parent-File-XAttributes-ADS_Name","ads_size":"Test Parent-File-XAttributes-ADS_Size","dacl":"Test Parent-File-XAttributes-DACL","owner":"Test Parent-File-XAttributes-Owner","primary_group":"Test Parent-File-XAttributes-Primary_Group","link_name":"Test Parent-File-XAttributes-Link_Name","hard_link_count":"Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions":"Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id":0,"lineage":["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules":["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module":{"accessed":1613021404000,"accessor":"Test Parent-Module-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"base_address":"Test Parent-Module-Base_Address","company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Parent-Module-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Parent-Module-Creator","creator_process":"Test Parent-Module-Creator_Process","desc":"Test Parent-Module-Desc","folder":"c:\\windows\\system32\\parent\\module\\folder","folder_uid":"Test Parent-Module-Folder_UID","is_system":true,"load_type":"Test Parent-Module-Load_Type","load_type_id":0,"md5":"Test Parent-Module-MD5","mime_type":"Test Parent-Module-MIME_Type","modified":1613021404000,"modifier":"Test Parent-Module-Modifier","name":"parent_module_name.exe","normalized_path":"CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name":"Test Parent-Module-Original_Name","owner":"Test Parent-Module-Owner","parent_name":"Test Parent-Module-Parent_Name","parent_sha2":"Test Parent-Module-Parent_SHA2","path":"c:\\windows\\system32\\parent_module_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Parent-Module-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Parent-Module-Security_Descriptor","sha1":"Test Parent-Module-SHA1","sha2":"Test Parent-Module-SHA2","signature_company_name":"Test Parent-Module-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Parent-Module-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Parent-Module-Signature_Fingerprints-Algorithm","value":"Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm":"Test Parent-Module-Signature_Fingerprints-Algorithms","value":"Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer":"Test Parent-Module-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Parent-Module-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.32","src_name":"Test Parent-Module-SRC_Name","type_id":1,"uid":"Test Parent-Module-UID","url":{"categories":["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Parent-Module-URL-Extension","host":"www.parent-module-url-host.com","method":"Test Parent-Module-URL-Method","parent_categories":["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path":"/download/trouble/parent/module/url/path","port":80,"provider":"Test Parent-Module-URL-Provider","query":"q=bad&sort=date","referrer":"Test Parent-Module-URL-Referrer","referrer_categories":["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Parent-Module-URL-Scheme","text":"www.parent-module-url-text.com/download/trouble"},"version":"Test Parent-Module-Version","xattributes":{"ads_name":"Test Parent-Module-XAttributes-ADS_Name","ads_size":"Test Parent-Module-XAttributes-ADS_Size","dacl":"Test Parent-Module-XAttributes-DACL","owner":"Test Parent-Module-XAttributes-Owner","primary_group":"Test Parent-Module-XAttributes-Primary_Group","link_name":"Test Parent-Module-XAttributes-Link_Name","hard_link_count":"Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions":"Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line":"Test Parent-Normalized_CMD_Line","pid":12345678901,"sandbox_name":"Test Parent-Sandbox_Name","session":{"auth_protocol_id":0,"cleartext_credentials":true,"direction_id":0,"id":12345678901,"is_admin":true,"logon_type_id":1,"port":80,"previous_users":["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote":true,"remote_host":"Test Parent-Session-Remote_Host","remote_ip":"10.0.0.33","user":{"account_disabled":true,"cloud_resource_uid":"Test Parent-Session-User-Cloud_Resource_UID","domain":"Test Parent-Session-User-Domain","external_account_uid":"Test Parent-Session-User-External_Account_UID","external_uid":"Test Parent-Session-User-External_UID","full_name":"Test Parent-Session-User-Full_Name","groups":["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home":"Test Parent-Session-User-Home","is_admin":true,"logon_name":"Test Parent-Session-User-Logon_Name","name":"Test Parent-Session-User-Name","password_expires":true,"shell":"Test Parent-Session-User-Shell","sid":"Test Parent-Session-User-SID","uid":"Test Parent-Session-User-UID"}},"session_id":12345678901,"start_time":1613021404000,"tid":12345678901,"uid":"Test Parent-UID","user":{"account_disabled":true,"cloud_resource_uid":"Test Parent-User-Cloud_Resource_UID","domain":"Test Parent-User-Domain","external_account_uid":"Test Parent-User-External_Account_UID","external_uid":"Test Parent-User-External_UID","full_name":"Test Parent-User-Full_Name","groups":["Test Parent-User-Group","Test Parent-User-Groups"],"home":"Test Parent-User-Home","is_admin":true,"logon_name":"Test Parent-User-Logon_Name","name":"Test Parent-User-Name","password_expires":true,"shell":"Test Parent-User-Shell","sid":"Test Parent-User-SID","uid":"Test Parent-User-UID"},"xattributes":{"ads_name":"Test Parent-XAttributes-ADS_Name","ads_size":"Test Parent-XAttributes-ADS_Size","dacl":"Test Parent-XAttributes-DACL","owner":"Test Parent-XAttributes-Owner","primary_group":"Test Parent-XAttributes-Primary_Group","link_name":"Test Parent-XAttributes-Link_Name","hard_link_count":"Test Parent-XAttributes-Hard_Link_Count","Unix_permissions":"Test Parent-XAttributes-Unix_Permissions"}},"policy":{"desc":"Test Policy-Desc","effective_date":1613021404000,"group_desc":"Test Policy-Group_Desc","group_name":"Test Policy-Group_Name","group_uid":"Test Policy-Group_UID","label":"Test Policy-Label","name":"Test Policy-Name","rule_category_id":0,"rule_desc":"Test Policy-Rule_Desc","rule_group_desc":"Test Policy-Rule_Group_Desc","rule_group_name":"Test Policy-Rule_Group_Name","rule_group_uid":"Test Policy-Rule_Group_UID","rule_name":"Test Policy-Rule_Name","rule_uid":"Test Policy-Rule_UID","rules":[{"category_id":0,"desc":"Test Policy-Rules-Desc 1","dlp_type_id":1,"name":"Test Policy-Rules-Name 1","num_violations":12345678901,"uid":"Test Policy-Rules-UID 1"},{"category_id":1,"desc":"Test Policy-Rules-Desc 2","dlp_type_id":2,"name":"Test Policy-Rules-Name 2","num_violations":12345678902,"uid":"Test Policy-Rules-UID 2"}],"state_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id":0,"uid":"Test Policy-UID","version":"Test Policy-Version"},"product_data":{"sep_domain_uid":"Test Product_Data-Sep_Domain_UID","sep_hw_uid":"Test Product_Data-Sep_HW_UID"},"product_lang":"en","product_name":"Symantec Endpoint Security","product_uid":"Test Product_UID","product_ver":"2014.1.4.25-beta","proxy_device_ip":"10.0.0.25","proxy_device_name":"Test Proxy_Device_Name","raw_data":{"assetID":"vc9DagprQYyLZ23SEY1APw","assetOpstateDTO":{"productUuid":"31B0C880-0229-49E8-94C5-48D56B1BD7B9","features":[{"uuid":"1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus":"SECURE","opstate":{"EDRContentSequence":"20231128005","EDREngineVersion":"4.11.0.10","EDRFramworkVersion":"4.10.0.59","FDRStatus":true,"LowDiskSpace":false,"MaxDBSizeHonored":true,"applied_policy":{"effective_date":1709219437080,"sha2":"ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid":"7dc29d40-f303-477a-9012-287ef252a391","version":"16"},"disk_usage_mb":1546,"fdr_first_event_date":"20240227","fdr_state":1},"state":"ENABLED","statusReason":["-107","0"],"prevention_state":"1"}],"products_active":0,"blades":0}},"ref_log_name":"Test Ref_Log_Name","ref_log_time":"2024-02-29T01:00:00.000Z","ref_orig_uid":"Test Ref_Orig_UID","ref_uid":"Test Ref_UID","remediated":true,"remediation":"Test Remediation","remediation_ref":"Test Remediation_Ref","remediation_uid":0,"seq_num":12345678901,"sessions":[{"auth_protocol_id":0,"cleartext_credentials":true,"direction_id":0,"id":12345678901,"is_admin":true,"logon_type_id":1,"port":80,"previous_users":["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote":true,"remote_host":"Test Sessions-Remote_Host 1","remote_ip":"10.0.0.26","user":{"account_disabled":true,"cloud_resource_uid":"Test Sessions-User-Cloud_Resource_UID 1","domain":"Test Sessions-User-Domain 1","external_account_uid":"Test Sessions-User-External_Account_UID 1","external_uid":"Test Sessions-User-External_UID 1","full_name":"Test Sessions-User-Full_Name 1","groups":["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home":"Test Sessions-User-Home 1","is_admin":true,"logon_name":"Test Sessions-User-Logon_Name 1","name":"Test session-User-Name 1","password_expires":true,"shell":"Test Sessions-User-Shell 1","sid":"Test Sessions-User-SID 1","uid":"Test Sessions-User-UID 1"}},{"auth_protocol_id":1,"cleartext_credentials":true,"direction_id":1,"id":67890123451,"is_admin":true,"logon_type_id":2,"port":81,"previous_users":["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote":true,"remote_host":"Test Sessions-Remote_Host 2","remote_ip":"10.0.0.27","user":{"account_disabled":true,"cloud_resource_uid":"Test Sessions-User-Cloud_Resource_UID 2","domain":"Test Sessions-User-Domain 2","external_account_uid":"Test Sessions-User-External_Account_UID 2","external_uid":"Test Sessions-User-External_UID 2","full_name":"Test Sessions-User-Full_Name 2","groups":["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home":"Test Sessions-User-Home 2","is_admin":true,"logon_name":"Test Sessions-User-Logon_Name 2","name":"Test session-User-Name 2","password_expires":true,"shell":"Test Sessions-User-Shell 2","sid":"Test Sessions-User-SID 2","uid":"Test Sessions-User-UID 2"}}],"severity_id":0,"source":{"facility":"Test Source-Facility","facility_detail":"Test Source-Facility_Detail","facility_uid":"Test Source-Facility_UID","type_id":1},"status_detail":"Test Status_Detail","status_id":0,"status_os":"Test Status_OS","status_os_src":12345678901,"status_stack_trace":"Test Status_Stack_Trace","status_thread_name":"Test Status_Thread_Name","stic_has_pii":true,"stic_hw_uid":"Test STIC_HW_UID","stic_ip_hash":"Test STIC_IP_Hash","stic_legacy_ent_uids":["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids":["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids":["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id":"Test STIC_Schema_ID","stic_uid":"Test STIC_UID","stic_version":"Test STIC_Version","subfeature_name":"Test Subfeature_Name","time":"2024-02-29T02:00:00Z","timezone":12345678901,"type":"Test Type","type_id":8002,"user":{"account_disabled":true,"cloud_resource_uid":"Test User-Cloud_Resource_UID","domain":"Test User-Domain","external_account_uid":"Test User-External_Account_UID","external_uid":"Test User-External_UID","full_name":"Test User-Full_Name","groups":["Test User-Group 1","Test User-Groups 1"],"home":"Test User-Home","is_admin":true,"logon_name":"Test User-Logon_Name","name":"Test User-Name","password_expires":true,"shell":"Test User-Shell","sid":"Test User-SID","uid":"Test User-UID"},"user_name":"Test User_Name","user_uid":"Test User_UID","uuid":"Test UUID","version":"1.4"}


This is same as line#3 but with "url":"www.actor-module-url-text.com/download/trouble" taken from its url.text

elasticmachine · 2025-05-30T10:27:36Z

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

efd6 · 2025-06-02T03:46:10Z

...ges/symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-category-system.log

@@ -11,3 +11,4 @@
 {"actor": {"app_name": "Test Actor-App_Name","app_uid": "Test Actor-App_UID","app_ver": "Test Actor-App_Ver","cmd_line": "Test Actor-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Actor-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-File-Creator","creator_process": "Test Actor-File-Creator_Process","desc": "Test Actor-File-Desc","folder": "c:\\windows\\system32\\actor\\file\\folder","folder_uid": "Test Actor-File-Folder_UID","is_system": true,"md5": "Test Actor-File-MD5","mime_type": "Test Actor-File-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-File-Modifier","name": "actor_file_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name": "Test Actor-File-Original_Name","owner": "Test Actor-File-Owner","parent_name": "Test Actor-File-Parent_Name","parent_sha2": "Test Actor-File-Parent_SHA2","path": "c:\\windows\\system32\\actor_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-File-Security_Descriptor","sha1": "Test Actor-File-SHA1","sha2": "Test Actor-File-SHA2","signature_company_name": "Test Actor-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithm","value": "Test Actor-File-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithms","value": "Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.28","src_name": "Test Actor-File-SRC_Name","type_id": 1,"uid": "Test Actor-File-UID","url": {"categories": ["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids": [1,3,4],"extension": "Test Actor-File-URL-Extension","host": "www.actor-file-url-host.com","method": "Test Actor-File-URL-Method","parent_categories": ["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path": "/download/trouble/actor/file/url/path","port": 80,"provider": "Test Actor-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-File-URL-Referrer","referrer_categories": ["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-File-URL-Scheme","text": "www.actor-file-url-text.com/download/trouble"},"version": "Test Actor-File-Version","xattributes": {"ads_name": "Test Actor-File-XAttributes-ADS_Name","ads_size": "Test Actor-File-XAttributes-ADS_Size","dacl": "Test Actor-File-XAttributes-DACL","owner": "Test Actor-File-XAttributes-Owner","primary_group": "Test Actor-File-XAttributes-Primary_Group","link_name": "Test Actor-File-XAttributes-Link_Name","hard_link_count": "Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules": ["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Actor-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Actor-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-Module-Creator","creator_process": "Test Actor-Module-Creator_Process","desc": "Test Actor-Module-Desc","folder": "c:\\windows\\system32\\actor\\module\\folder","folder_uid": "Test Actor-Module-Folder_UID","is_system": true,"load_type": "Test Actor-Module-Load_Type","load_type_id": 0,"md5": "Test Actor-Module-MD5","mime_type": "Test Actor-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-Module-Modifier","name": "actor_module_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name": "Test Actor-Module-Original_Name","owner": "Test Actor-Module-Owner","parent_name": "Test Actor-Module-Parent_Name","parent_sha2": "Test Actor-Module-Parent_SHA2","path": "c:\\windows\\system32\\actor_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-Module-Security_Descriptor","sha1": "Test Actor-Module-SHA1","sha2": "Test Actor-Module-SHA2","signature_company_name": "Test Actor-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithm","value": "Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithms","value": "Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.29","src_name": "Test Actor-Module-SRC_Name","type_id": 1,"uid": "Test Actor-Module-UID","url": {"categories": ["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids": [1,3,4,5],"extension": "Test Actor-Module-URL-Extension","host": "www.actor-module-url-host.com","method": "Test Actor-Module-URL-Method","parent_categories": ["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path": "/download/trouble/actor/module/url/path","port": 80,"provider": "Test Actor-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-Module-URL-Referrer","referrer_categories": ["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-Module-URL-Scheme","text": "www.actor-module-url-text.com/download/trouble"},"version": "Test Actor-Module-Version","xattributes": {"ads_name": "Test Actor-Module-XAttributes-ADS_Name","ads_size": "Test Actor-Module-XAttributes-ADS_Size","dacl": "Test Actor-Module-XAttributes-DACL","owner": "Test Actor-Module-XAttributes-Owner","primary_group": "Test Actor-Module-XAttributes-Primary_Group","link_name": "Test Actor-Module-XAttributes-Link_Name","hard_link_count": "Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Actor-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Actor-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote": true,"remote_host": "Test Actor-Session-Remote_Host","remote_ip": "10.0.0.30","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-Session-User-Cloud_Resource_UID","domain": "Test Actor-Session-User-Domain","external_account_uid": "Test Actor-Session-User-External_Account_UID","external_uid": "Test Actor-Session-User-External_UID","full_name": "Test Actor-Session-User-Full_Name","groups": ["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home": "Test Actor-Session-User-Home","is_admin": true,"logon_name": "Test Actor-Session-User-Logon_Name","name": "Test Actor-Session-User-Name","password_expires": true,"shell": "Test Actor-Session-User-Shell","sid": "Test Actor-Session-User-SID","uid": "Test Actor-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Actor-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-User-Cloud_Resource_UID","domain": "Test Actor-User-Domain","external_account_uid": "Test Actor-User-External_Account_UID","external_uid": "Test Actor-User-External_UID","full_name": "Test Actor-User-Full_Name","groups": ["Test Actor-User-Group","Test Actor-User-Groups"],"home": "Test Actor-User-Home","is_admin": true,"logon_name": "Test Actor-User-Logon_Name","name": "Test Actor-User-Name","password_expires": true,"shell": "Test Actor-User-Shell","sid": "Test Actor-User-SID","uid": "Test Actor-User-UID"},"xattributes": {"ads_name": "Test Actor-XAttributes-ADS_Name","ads_size": "Test Actor-XAttributes-ADS_Size","dacl": "Test Actor-XAttributes-DACL","owner": "Test Actor-XAttributes-Owner","primary_group": "Test Actor-XAttributes-Primary_Group","link_name": "Test Actor-XAttributes-Link_Name","hard_link_count": "Test Actor-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-XAttributes-Unix_Permissions"}},"analysis": "Test Analysis","attacks": [{"sub_technique_name": "Test Attacks-Sub_Technique_Name 1","sub_technique_uid": "Test Attacks-Sub_Technique_UID 1","tactic_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids": ["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name": "Test Attacks-Technique_Name 1","technique_uid": "Test Attacks-Technique_UID 1"},{"sub_technique_name": "Test Attacks-Sub_Technique_Name 2","sub_technique_uid": "Test Attacks-Sub_Technique_UID 2","tactic_ids": [21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids": ["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name": "Test Attacks-Technique_Name 2","technique_uid": "Test Attacks-Technique_UID 2"}],"category_id": 5,"collector_device_ip": "10.0.0.1","collector_device_name": "Test Collector_Device_Name","collector_name": "Test Collector_Name","collector_uid": "Test Collector_UID","composite": 1,"container": {"host_name": "Test Container-Host_Name","image_name": "Test Container-Image_Name","image_uid": "Test Container-Image_UID","name": "Test Container-Name","networks": [{"bssid": "Test Container-Networks-BSSID 1","gateway_ip": "10.0.0.2","gateway_mac": "00:B0:D0:63:C2:01","ipv4": "10.0.0.3","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:02","rep_score_id": 0,"ssid": "Test Container-Networks-SSID 1","type_id": 0},{"bssid": "Test Container-Networks-BSSID 2","gateway_ip": "10.0.0.4","gateway_mac": "00:B0:D0:63:C2:03","ipv4": "10.0.0.5","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:04","rep_score_id": 1,"ssid": "Test Container-Networks-SSID 2","type_id": 1}],"os_name": "Test Container-OS_Name","uid": "Test Container-UID"},"correlation_uid": "Test Correltion_UID","count": 12345678901,"customer_registry_uid": "Test Customer_Registry-UID","customer_uid": "Test Customer_UID","cybox": {"domains": ["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails": [{"direction_id": 0,"header_from": "Test Cybox-Emails-Header_From 1","header_message_id": "Test Cybox-Emails-Header_Message_ID 1","header_reply_to": "Test Cybox-Emails-Header_Reply_To 1","header_subject": "Test Cybox-Emails-Header_Subject 1","header_to": ["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip": "10.0.0.6","size": 12345678901,"smtp_from": "Test Cybox-Emails-SMTP_From 1","smtp_hello": "Test Cybox-Emails-SMTP_Hello 1","smtp_to": "Test Cybox-Emails-SMTP_To 1"},{"direction_id": 1,"header_from": "Test Cybox-Emails-Header_From 2","header_message_id": "Test Cybox-Emails-Header_Message_ID 2","header_reply_to": "Test Cybox-Emails-Header_Reply_To 2","header_subject": "Test Cybox-Emails-Header_Subject 2","header_to": ["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip": "10.0.0.7","size": 12345678902,"smtp_from": "Test Cybox-Emails-SMTP_From 2","smtp_hello": "Test Cybox-Emails-SMTP_Hello 2","smtp_to": "Test Cybox-Emails-SMTP_To 2"}],"files": [{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 1","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation 1","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Cybox-Files-Content_Type-SubType 1","type_id": 0},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 1","creator_process": "Test Cybox-Files-Creator_Process 1","desc": "Test Cybox-Files-Desc 1","folder": "c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid": "Test Cybox-Files-Folder_UID 1","is_system": true,"md5": "Test Cybox-Files-MD5 1","mime_type": "Test Cybox-Files-MIME_Type 1","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 1","name": "cybox_files_name_1.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name": "Test Cybox-Files-Original_Name 1","owner": "Test Cybox-Files-Owner 1","parent_name": "Test Cybox-Files-Parent_Name 1","parent_sha2": "Test Cybox-Files-Parent_SHA2 1","path": "c:\\windows\\system32\\cybox_files_path_1.exe","product_name": "Windows Internet Explorer 1","product_path": "Test Cybox-Files-Product_Path 1","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Cybox-Files-Security_Descriptor 1","sha1": "Test Cybox-Files-SHA1 1","sha2": "Test Cybox-Files-SHA2 1","signature_company_name": "Test Cybox-Files-Signature_Company_Name 1","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value": "Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value": "Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 1","signature_level_id": 0,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 1","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Cybox-Files-SRC_Name 1","type_id": 1,"uid": "Test Cybox-Files-UID 1","url": {"categories": ["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids": [1,3,4],"extension": "Test Cybox-Files-URL-Extension 1","host": "www.files-url-host-1.com","method": "Test Cybox-Files-URL-Method 1","parent_categories": ["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path": "/download/trouble/cybox/files/url/path/1","port": 80,"provider": "Test Cybox-Files-URL-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-Files-URL-Referrer 1","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-Files-URL-Scheme 1","text": "www.files-url-text-1.com/download/trouble"},"version": "Test Cybox-Files-Version 1","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 1","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 1","dacl": "Test Cybox-Files-XAttributes-DACL 1","owner": "Test Cybox-Files-XAttributes-Owner 1","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 1","link_name": "Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 2","attribute_ids": [11,12,13,14,15,16,17],"attributes": 12345678902,"company_name": "Microsoft Corporation 2","confidentiality_id": 1,"content_type": {"family_id": 1,"subtype": "Test Cybox-Files-Content_Type-SubType 2","type_id": 1},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 2","creator_process": "Test Cybox-Files-Creator_Process 2","desc": "Test Cybox-Files-Desc 2","folder": "c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid": "Test Cybox-Files-Folder_UID 2","is_system": true,"md5": "Test Cybox-Files-MD5 2","mime_type": "Test Cybox-Files-MIME_Type 2","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 2","name": "cybox_files_name_2.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name": "Test Cybox-Files-Original_Name 2","owner": "Test Cybox-Files-Owner 2","parent_name": "Test Cybox-Files-Parent_Name 2","parent_sha2": "Test Cybox-Files-Parent_SHA2 2","path": "c:\\windows\\system32\\cybox_files_path_2.exe","product_name": "Windows Internet Explorer 2","product_path": "Test Cybox-Files-Product_Path 2","rep_discovered_band": 1,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678902,"rep_prevalence_band": 1,"rep_score": 12345678902,"rep_score_band": 1,"security_descriptor": "Test Cybox-Files-Security_Descriptor 2","sha1": "Test Cybox-Files-SHA1 2","sha2": "Test Cybox-Files-SHA2 2","signature_company_name": "Test Cybox-Files-Signature_Company_Name 2","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value": "Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value": "Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 2","signature_level_id": 1,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 2","signature_value": 12345678902,"signature_value_ids": [11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678902,"size_compressed": 12345678902,"src_ip": "10.0.0.9","src_name": "Test Cybox-Files-SRC_Name 2","type_id": 1,"uid": "Test Cybox-Files-UID 2","url": {"categories": ["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-Files-URL-Extension 2","host": "www.files-url-host-2.com","method": "Test Cybox-Files-URL-Method 2","parent_categories": ["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path": "/download/trouble/cybox/files/url/path/2","port": 81,"provider": "Test Cybox-Files-URL-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-Files-URL-Referrer 2","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-Files-URL-Scheme 2","text": "www.files-url-text-2.com/download/trouble"},"version": "Test Cybox-Files-Version 2","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 2","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 2","dacl": "Test Cybox-Files-XAttributes-DACL 2","owner": "Test Cybox-Files-XAttributes-Owner 2","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 2","link_name": "Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames": ["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.10"},"service": "Test Cybox-ICAP_ReqMod-Service 1","status": "Test Cybox-ICAP_ReqMod-Status 1","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.11"},"service": "Test Cybox-ICAP_ReqMod-Service 2","status": "Test Cybox-ICAP_ReqMod-Status 2","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_RespMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.12"},"service": "Test Cybox-ICAP_RespMod-Service 1","status": "Test Cybox-ICAP_RespMod-Status 1","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_RespMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.13"},"service": "Test Cybox-ICAP_RespMod-Service 2","status": "Test Cybox-ICAP_RespMod-Status 2","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s": ["10.0.0.14","10.0.0.15"],"ipv6s": ["2a02:cf40::","2a02:cf40::"],"macs": ["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls": [{"categories": ["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids": [1,3,4,5,6],"extension": "Test Cybox-URLs-Extension 1","host": "www.urls-host-1.com","method": "Test Cybox-URLs-Method 1","parent_categories": ["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path": "/download/trouble/cybox/urls/path/1","port": 80,"provider": "Test Cybox-URLs-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-URLs-Referrer 1","referrer_categories": ["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-URLs-Scheme 1","text": "www.urls-text-1.com/download/trouble"},{"categories": ["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-URLs-Extension 2","host": "www.urls-host-2.com","method": "Test Cybox-URLs-Method 2","parent_categories": ["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path": "/download/trouble/cybox/urls/path/2","port": 81,"provider": "Test Cybox-URLs-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-URLs-Referrer 2","referrer_categories": ["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-URLs-Scheme 2","text": "www.urls-text-2.com/download/trouble"}]},"data": "{\"IpAddress\":\"81.2.69.144\"}","device_alias_name": "Test Device_Alias_Name","device_cap": "Test Device_Cap","device_cloud_vm": {"autoscale_uid": "Test Device_Cloud_VM-Autoscale_UID","dc_region": "Test Device_Cloud_VM-DC_Region","instance_uid": "Test Device_Cloud_VM-Instance_UID","subnet_uid": "Test Device_Cloud_VM-Subnet_UID","vpc_uid": "Test Device_Cloud_VM-VPC_UID"},"device_desc": "Test Device_Desc","device_domain": "device.domain.internal.somecompany.com","device_domain_uid": "Test Device_Domain_UID","device_end_time": 1613021404000,"device_gateway": "10.0.0.16","device_group": "Test Device_Group","device_group_name": "Test Device_Group_Name","device_hw_bios_date": "03/31/16","device_hw_bios_manufacturer": "LENOVO","device_hw_bios_ver": "LENOVO G5ETA2WW (2.62)","device_hw_cpu_type": "x86 Family 6 Model 37 Stepping 5","device_imei": "Test Device_IMEI","device_ip": "10.0.0.17","device_is_compliant": true,"device_is_personal": true,"device_is_trusted": true,"device_is_unmanaged": true,"device_location": {"city": "Test Device_Location-City","continent": "Test Device_Location-Continent","coordinates": [-12.345,56.789],"country": "US","desc": "Test Device_Location-Desc","isp": "Test Device_Location-ISP","on_premises": true,"region": "US-CA"},"device_mac": "00:B0:D0:63:C2:07","device_name": "device.name.computer.domain","device_name_md5": "4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks": [{"bssid": "Test Device_Networks-BSSID 1","gateway_ip": "10.0.0.18","gateway_mac": "00:B0:D0:63:C2:08","ipv4": "10.0.0.19","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:09","rep_score_id": 0,"ssid": "Test Device_Networks-SSID 1","type_id": 0},{"bssid": "Test Device_Networks-BSSID 2","gateway_ip": "10.0.0.20","gateway_mac": "00:B0:D0:63:C2:10","ipv4": "10.0.0.21","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:11","rep_score_id": 1,"ssid": "Test Device_Networks-SSID 2","type_id": 1}],"device_org_unit": "Test Device_Org_Unit","device_os_bits": 12345678901,"device_os_build": "Test Device_OS_Build","device_os_country": "IN","device_os_edition": "Professional","device_os_lang": "en","device_os_name": "Windows Server 2019 Standard Edition","device_os_sp_name": "Test Device_OS_SP_Name","device_os_sp_ver": "Test Device_OS_SP_Ver","device_os_type_id": 0,"device_os_ver": "Windows 10","device_proxy_ip": "10.0.0.22","device_proxy_name": "Test Device_Proxy_Name","device_public_ip": "10.0.0.23","device_ref_uid": "Test Device_Ref_UID","device_site": "Test Device_Site","device_subnet": "81.2.69.142","device_time": 1613021404000,"device_type": "server","device_uid": "Test Device_UID","device_vhost": "Test Device_VHost","device_vhost_id": 0,"domain_uid": "Test Domain_UID","end_time": "2024-02-29T01:00:00.000Z","event_id": 8015000,"events": [{"connection": {"direction_id": 1,"dst_service": "C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip": "159.19.163.218"},"count": 1,"device_end_time": 1709225074618,"device_time": 1709225074618}],"feature_name": "Test Feature_Name","feature_path": "Test Feature_Path","feature_type": "Test Feature_Type","feature_uid": "Test Feature_UID","feature_ver": "2014.1.4.25","id": 12345678901,"impersonator_customer_uid": "Test Impersonator_Customer_UID","impersonator_domain_uid": "Test Impersonator_Domain_UID","impersonator_user_uid": "Test Impersonator_User_UID","is_user_present": true,"lineage": ["Test Lineage","Test Lineages"],"log_level": "Test Log Level","log_name": "Test Log_Name","log_time": "2024-02-29T01:00:00.000Z","logging_device_ip": "10.0.0.24","logging_device_name": "Test Logging_Device_Name","logging_device_post_time": 1613021404000,"logging_device_ref_uid": "Test Logging_Device_Ref_UID","message": "Test Message","message_code": "Test Message_Code","message_id": 0,"org_unit_uid": "Test Org_Unit_UID","orig_data": "Test Orig_Data","parent": {"app_name": "Test Parent-App_Name","app_uid": "Test Parent-App_UID","app_ver": "Test Parent-App_Ver","cmd_line": "Test Parent-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Parent-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-File-Creator","creator_process": "Test Parent-File-Creator_Process","desc": "Test Parent-File-Desc","folder": "c:\\windows\\system32\\parent\\file\\folder","folder_uid": "Test Parent-File-Folder_UID","is_system": true,"md5": "Test Parent-File-MD5","mime_type": "Test Parent-File-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-File-Modifier","name": "parent_file_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name": "Test Parent-File-Original_Name","owner": "Test Parent-File-Owner","parent_name": "Test Parent-File-Parent_Name","parent_sha2": "Test Parent-File-Parent_SHA2","path": "c:\\windows\\system32\\parent_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-File-Security_Descriptor","sha1": "Test Parent-File-SHA1","sha2": "Test Parent-File-SHA2","signature_company_name": "Test Parent-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithm","value": "Test Parent-File-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithms","value": "Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Parent Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.31","src_name": "Test Parent-File-SRC_Name","type_id": 1,"uid": "Test Parent-File-UID","url": {"categories": ["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids": [1,3,4,5,6,7],"extension": "Test Parent-File-URL-Extension","host": "www.parent-file-url-host.com","method": "Test Parent-File-URL-Method","parent_categories": ["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path": "/download/trouble/parent/file/url/path","port": 80,"provider": "Test Parent-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-File-URL-Referrer","referrer_categories": ["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-File-URL-Scheme","text": "www.parent-file-url-text.com/download/trouble"},"version": "Test Parent-File-Version","xattributes": {"ads_name": "Test Parent-File-XAttributes-ADS_Name","ads_size": "Test Parent-File-XAttributes-ADS_Size","dacl": "Test Parent-File-XAttributes-DACL","owner": "Test Parent-File-XAttributes-Owner","primary_group": "Test Parent-File-XAttributes-Primary_Group","link_name": "Test Parent-File-XAttributes-Link_Name","hard_link_count": "Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules": ["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Parent-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Parent-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-Module-Creator","creator_process": "Test Parent-Module-Creator_Process","desc": "Test Parent-Module-Desc","folder": "c:\\windows\\system32\\parent\\module\\folder","folder_uid": "Test Parent-Module-Folder_UID","is_system": true,"load_type": "Test Parent-Module-Load_Type","load_type_id": 0,"md5": "Test Parent-Module-MD5","mime_type": "Test Parent-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-Module-Modifier","name": "parent_module_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name": "Test Parent-Module-Original_Name","owner": "Test Parent-Module-Owner","parent_name": "Test Parent-Module-Parent_Name","parent_sha2": "Test Parent-Module-Parent_SHA2","path": "c:\\windows\\system32\\parent_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-Module-Security_Descriptor","sha1": "Test Parent-Module-SHA1","sha2": "Test Parent-Module-SHA2","signature_company_name": "Test Parent-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithm","value": "Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithms","value": "Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Parent-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.32","src_name": "Test Parent-Module-SRC_Name","type_id": 1,"uid": "Test Parent-Module-UID","url": {"categories": ["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids": [1,3,4,5,6],"extension": "Test Parent-Module-URL-Extension","host": "www.parent-module-url-host.com","method": "Test Parent-Module-URL-Method","parent_categories": ["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path": "/download/trouble/parent/module/url/path","port": 80,"provider": "Test Parent-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-Module-URL-Referrer","referrer_categories": ["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-Module-URL-Scheme","text": "www.parent-module-url-text.com/download/trouble"},"version": "Test Parent-Module-Version","xattributes": {"ads_name": "Test Parent-Module-XAttributes-ADS_Name","ads_size": "Test Parent-Module-XAttributes-ADS_Size","dacl": "Test Parent-Module-XAttributes-DACL","owner": "Test Parent-Module-XAttributes-Owner","primary_group": "Test Parent-Module-XAttributes-Primary_Group","link_name": "Test Parent-Module-XAttributes-Link_Name","hard_link_count": "Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Parent-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Parent-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote": true,"remote_host": "Test Parent-Session-Remote_Host","remote_ip": "10.0.0.33","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-Session-User-Cloud_Resource_UID","domain": "Test Parent-Session-User-Domain","external_account_uid": "Test Parent-Session-User-External_Account_UID","external_uid": "Test Parent-Session-User-External_UID","full_name": "Test Parent-Session-User-Full_Name","groups": ["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home": "Test Parent-Session-User-Home","is_admin": true,"logon_name": "Test Parent-Session-User-Logon_Name","name": "Test Parent-Session-User-Name","password_expires": true,"shell": "Test Parent-Session-User-Shell","sid": "Test Parent-Session-User-SID","uid": "Test Parent-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Parent-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-User-Cloud_Resource_UID","domain": "Test Parent-User-Domain","external_account_uid": "Test Parent-User-External_Account_UID","external_uid": "Test Parent-User-External_UID","full_name": "Test Parent-User-Full_Name","groups": ["Test Parent-User-Group","Test Parent-User-Groups"],"home": "Test Parent-User-Home","is_admin": true,"logon_name": "Test Parent-User-Logon_Name","name": "Test Parent-User-Name","password_expires": true,"shell": "Test Parent-User-Shell","sid": "Test Parent-User-SID","uid": "Test Parent-User-UID"},"xattributes": {"ads_name": "Test Parent-XAttributes-ADS_Name","ads_size": "Test Parent-XAttributes-ADS_Size","dacl": "Test Parent-XAttributes-DACL","owner": "Test Parent-XAttributes-Owner","primary_group": "Test Parent-XAttributes-Primary_Group","link_name": "Test Parent-XAttributes-Link_Name","hard_link_count": "Test Parent-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-XAttributes-Unix_Permissions"}},"policy": {"desc": "Test Policy-Desc","effective_date": 1613021404000,"group_desc": "Test Policy-Group_Desc","group_name": "Test Policy-Group_Name","group_uid": "Test Policy-Group_UID","label": "Test Policy-Label","name": "Test Policy-Name","rule_category_id": 0,"rule_desc": "Test Policy-Rule_Desc","rule_group_desc": "Test Policy-Rule_Group_Desc","rule_group_name": "Test Policy-Rule_Group_Name","rule_group_uid": "Test Policy-Rule_Group_UID","rule_name": "Test Policy-Rule_Name","rule_uid": "Test Policy-Rule_UID","rules": [{"category_id": 0,"desc": "Test Policy-Rules-Desc 1","dlp_type_id": 1,"name": "Test Policy-Rules-Name 1","num_violations": 12345678901,"uid": "Test Policy-Rules-UID 1"},{"category_id": 1,"desc": "Test Policy-Rules-Desc 2","dlp_type_id": 2,"name": "Test Policy-Rules-Name 2","num_violations": 12345678902,"uid": "Test Policy-Rules-UID 2"}],"state_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id": 0,"uid": "Test Policy-UID","version": "Test Policy-Version"},"process": {"app_name": "Test Process-App_Name","app_uid": "Test Process-App_UID","app_ver": "Test Process-App_Ver","cmd_line": "Test Process-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Process-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Process-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Process-File-Creator","creator_process": "Test Process-File-Creator_Process","desc": "Test Process-File-Desc","folder": "c:\\windows\\system32\\process\\file\\folder","folder_uid": "Test Process-File-Folder_UID","is_system": true,"md5": "Test Process-File-MD5","mime_type": "Test Process-File-MIME_Type","modified": 1613021404000,"modifier": "Test Process-File-Modifier","name": "process_file_name.exe","normalized_path": "CSIDL_SYSTEM\\process_file_normalized_path.exe","original_name": "Test Process-File-Original_Name","owner": "Test Process-File-Owner","parent_name": "Test Process-File-Parent_Name","parent_sha2": "Test Process-File-Parent_SHA2","path": "c:\\windows\\system32\\process_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Process-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Process-File-Security_Descriptor","sha1": "Test Process-File-SHA1","sha2": "Test Process-File-SHA2","signature_company_name": "Test Process-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Process-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Process-File-Signature_Fingerprints-Algorithm","value": "Test Process-File-Signature_Fingerprints-Value"},{"algorithm": "Test Process-File-Signature_Fingerprints-Algorithms","value": "Test Process-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Process-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Process-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.35","src_name": "Test Process-File-SRC_Name","type_id": 1,"uid": "Test Process-File-UID","url": {"categories": ["Test Process-File-URL-Category","Test Process-File-URL-Categories"],"category_ids": [1,3,4],"extension": "Test Process-File-URL-Extension","host": "www.process-file-url-host.com","method": "Test Process-File-URL-Method","parent_categories": ["Test Process-File-URL-Parent_Category","Test Process-File-URL-Parent_Categories"],"path": "/download/trouble/process/file/url/path","port": 80,"provider": "Test Process-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Process-File-URL-Referrer","referrer_categories": ["Test Process-File-URL-Referrer_Category","Test Process-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Process-File-URL-Scheme","text": "www.process-file-url-text.com/download/trouble"},"version": "Test Process-File-Version","xattributes": {"ads_name": "Test Process-File-XAttributes-ADS_Name","ads_size": "Test Process-File-XAttributes-ADS_Size","dacl": "Test Process-File-XAttributes-DACL","owner": "Test Process-File-XAttributes-Owner","primary_group": "Test Process-File-XAttributes-Primary_Group","link_name": "Test Process-File-XAttributes-Link_Name","hard_link_count": "Test Process-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Process-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Process-Lineage 1","Test Process-Lineages 1"],"loaded_modules": ["Test Process-Loaded_Module 1","Test Process-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Process-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Process-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Process-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Process-Module-Creator","creator_process": "Test Process-Module-Creator_Process","desc": "Test Process-Module-Desc","folder": "c:\\windows\\system32\\process\\module\\folder","folder_uid": "Test Process-Module-Folder_UID","is_system": true,"load_type": "Test Process-Module-Load_Type","load_type_id": 0,"md5": "Test Process-Module-MD5","mime_type": "Test Process-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Process-Module-Modifier","name": "process_module_name.exe","normalized_path": "CSIDL_SYSTEM\\process_module_normalized_path.exe","original_name": "Test Process-Module-Original_Name","owner": "Test Process-Module-Owner","parent_name": "Test Process-Module-Parent_Name","parent_sha2": "Test Process-Module-Parent_SHA2","path": "c:\\windows\\system32\\process_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Process-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Process-Module-Security_Descriptor","sha1": "Test Process-Module-SHA1","sha2": "Test Process-Module-SHA2","signature_company_name": "Test Process-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Process-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Process-Module-Signature_Fingerprints-Algorithm","value": "Test Process-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Process-Module-Signature_Fingerprints-Algorithms","value": "Test Process-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Process-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Process-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.36","src_name": "Test Process-Module-SRC_Name","type_id": 1,"uid": "Test Process-Module-UID","url": {"categories": ["Test Process-Module-URL-Category","Test Process-Module-URL-Categories"],"category_ids": [1,3,4],"extension": "Test Process-Module-URL-Extension","host": "www.process-module-url-host.com","method": "Test Process-Module-URL-Method","parent_categories": ["Test Process-Module-URL-Parent_Category","Test Process-Module-URL-Parent_Categories"],"path": "/download/trouble/process/module/url/path","port": 80,"provider": "Test Process-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Process-Module-URL-Referrer","referrer_categories": ["Test Process-Module-URL-Referrer_Category","Test Process-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Process-Module-URL-Scheme","text": "www.process-module-url-text.com/download/trouble"},"version": "Test Process-Module-Version","xattributes": {"ads_name": "Test Process-Module-XAttributes-ADS_Name","ads_size": "Test Process-Module-XAttributes-ADS_Size","dacl": "Test Process-Module-XAttributes-DACL","owner": "Test Process-Module-XAttributes-Owner","primary_group": "Test Process-Module-XAttributes-Primary_Group","link_name": "Test Process-Module-XAttributes-Link_Name","hard_link_count": "Test Process-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Process-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Process-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Process-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Process-Session-Previous_User","Test Process-Session-Previous_Users"],"remote": true,"remote_host": "Test Process-Session-Remote_Host","remote_ip": "10.0.0.37","user": {"account_disabled": true,"cloud_resource_uid": "Test Process-Session-User-Cloud_Resource_UID","domain": "Test Process-Session-User-Domain","external_account_uid": "Test Process-Session-User-External_Account_UID","external_uid": "Test Process-Session-User-External_UID","full_name": "Test Process-Session-User-Full_Name","groups": ["Test Process-Session-User-Group","Test Process-Session-User-Groups"],"home": "Test Process-Session-User-Home","is_admin": true,"logon_name": "Test Process-Session-User-Logon_Name","name": "Test Process-Session-User-Name","password_expires": true,"shell": "Test Process-Session-User-Shell","sid": "Test Process-Session-User-SID","uid": "Test Process-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Process-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Process-User-Cloud_Resource_UID","domain": "Test Process-User-Domain","external_account_uid": "Test Process-User-External_Account_UID","external_uid": "Test Process-User-External_UID","full_name": "Test Process-User-Full_Name","groups": ["Test Process-User-Group","Test Process-User-Groups"],"home": "Test Process-User-Home","is_admin": true,"logon_name": "Test Process-User-Logon_Name","name": "Test Process-User-Name","password_expires": true,"shell": "Test Process-User-Shell","sid": "Test Process-User-SID","uid": "Test Process-User-UID"},"xattributes": {"ads_name": "Test Process-XAttributes-ADS_Name","ads_size": "Test Process-XAttributes-ADS_Size","dacl": "Test Process-XAttributes-DACL","owner": "Test Process-XAttributes-Owner","primary_group": "Test Process-XAttributes-Primary_Group","link_name": "Test Process-XAttributes-Link_Name","hard_link_count": "Test Process-XAttributes-Hard_Link_Count","Unix_permissions": "Test Process-XAttributes-Unix_Permissions"}},"product_data": {"sep_domain_uid": "Test Product_Data-Sep_Domain_UID","sep_hw_uid": "Test Product_Data-Sep_HW_UID"},"product_lang": "en","product_name": "Symantec Endpoint Security","product_uid": "Test Product_UID","product_ver": "2014.1.4.25-beta","proxy_device_ip": "10.0.0.25","proxy_device_name": "Test Proxy_Device_Name","raw_data": {"assetID": "vc9DagprQYyLZ23SEY1APw","assetOpstateDTO": {"productUuid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9","features": [{"uuid": "1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus": "SECURE","opstate": {"EDRContentSequence": "20231128005","EDREngineVersion": "4.11.0.10","EDRFramworkVersion": "4.10.0.59","FDRStatus": true,"LowDiskSpace": false,"MaxDBSizeHonored": true,"applied_policy": {"effective_date": 1709219437080,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "7dc29d40-f303-477a-9012-287ef252a391","version": "16"},"disk_usage_mb": 1546,"fdr_first_event_date": "20240227","fdr_state": 1},"state": "ENABLED","statusReason": ["-107","0"],"prevention_state": "1"}],"products_active": 0,"blades": 0}},"ref_event": 4624,"ref_event_name": "Test Ref_Event_Name","ref_log_name": "Test Ref_Log_Name","ref_log_time": "2024-02-29T01:00:00.000Z","ref_orig_uid": "Test Ref_Orig_UID","ref_uid": "Test Ref_UID","remediated": true,"remediation": "Test Remediation","remediation_ref": "Test Remediation_Ref","remediation_uid": 0,"remote_device_name": "Test Remote_Device_Name","remote_process": {"app_name": "Test Remote_Process-App_Name","app_uid": "Test Remote_Process-App_UID","app_ver": "Test Remote_Process-App_Ver","cmd_line": "Test Remote_Process-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Remote_Process-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Remote_Process-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Remote_Process-File-Creator","creator_process": "Test Remote_Process-File-Creator_Process","desc": "Test Remote_Process-File-Desc","folder": "c:\\windows\\system32\\remote_process\\file\\folder","folder_uid": "Test Remote_Process-File-Folder_UID","is_system": true,"md5": "Test Remote_Process-File-MD5","mime_type": "Test Remote_Process-File-MIME_Type","modified": 1613021404000,"modifier": "Test Remote_Process-File-Modifier","name": "remote_process_file_name.exe","normalized_path": "CSIDL_SYSTEM\\remote_process_file_normalized_path.exe","original_name": "Test Remote_Process-File-Original_Name","owner": "Test Remote_Process-File-Owner","parent_name": "Test Remote_Process-File-Parent_Name","parent_sha2": "Test Remote_Process-File-Parent_SHA2","path": "c:\\windows\\system32\\remote_process_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Remote_Process-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Remote_Process-File-Security_Descriptor","sha1": "Test Remote_Process-File-SHA1","sha2": "Test Remote_Process-File-SHA2","signature_company_name": "Test Remote_Process-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Remote_Process-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Remote_Process-File-Signature_Fingerprints-Algorithm","value": "Test Remote_Process-File-Signature_Fingerprints-Value"},{"algorithm": "Test Remote_Process-File-Signature_Fingerprints-Algorithms","value": "Test Remote_Process-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Remote_Process-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Remote_Process-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.35","src_name": "Test Remote_Process-File-SRC_Name","type_id": 1,"uid": "Test Remote_Process-File-UID","url": {"categories": ["Test Remote_Process-File-URL-Category","Test Remote_Process-File-URL-Categories"],"category_ids": [1,3,4,5],"extension": "Test Remote_Process-File-URL-Extension","host": "www.remote_process-file-url-host.com","method": "Test Remote_Process-File-URL-Method","parent_categories": ["Test Remote_Process-File-URL-Parent_Category","Test Remote_Process-File-URL-Parent_Categories"],"path": "/download/trouble/remote_process/file/url/path","port": 80,"provider": "Test Remote_Process-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Remote_Process-File-URL-Referrer","referrer_categories": ["Test Remote_Process-File-URL-Referrer_Category","Test Remote_Process-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Remote_Process-File-URL-Scheme","text": "www.remote_process-file-url-text.com/download/trouble"},"version": "Test Remote_Process-File-Version","xattributes": {"ads_name": "Test Remote_Process-File-XAttributes-ADS_Name","ads_size": "Test Remote_Process-File-XAttributes-ADS_Size","dacl": "Test Remote_Process-File-XAttributes-DACL","owner": "Test Remote_Process-File-XAttributes-Owner","primary_group": "Test Remote_Process-File-XAttributes-Primary_Group","link_name": "Test Remote_Process-File-XAttributes-Link_Name","hard_link_count": "Test Remote_Process-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Remote_Process-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Remote_Process-Lineage 1","Test Remote_Process-Lineages 1"],"loaded_modules": ["Test Remote_Process-Loaded_Module 1","Test Remote_Process-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Remote_Process-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Remote_Process-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Remote_Process-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Remote_Process-Module-Creator","creator_process": "Test Remote_Process-Module-Creator_Process","desc": "Test Remote_Process-Module-Desc","folder": "c:\\windows\\system32\\remote_process\\module\\folder","folder_uid": "Test Remote_Process-Module-Folder_UID","is_system": true,"load_type": "Test Remote_Process-Module-Load_Type","load_type_id": 0,"md5": "Test Remote_Process-Module-MD5","mime_type": "Test Remote_Process-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Remote_Process-Module-Modifier","name": "remote_process_module_name.exe","normalized_path": "CSIDL_SYSTEM\\remote_process_module_normalized_path.exe","original_name": "Test Remote_Process-Module-Original_Name","owner": "Test Remote_Process-Module-Owner","parent_name": "Test Remote_Process-Module-Parent_Name","parent_sha2": "Test Remote_Process-Module-Parent_SHA2","path": "c:\\windows\\system32\\remote_process_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Remote_Process-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Remote_Process-Module-Security_Descriptor","sha1": "Test Remote_Process-Module-SHA1","sha2": "Test Remote_Process-Module-SHA2","signature_company_name": "Test Remote_Process-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Remote_Process-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Remote_Process-Module-Signature_Fingerprints-Algorithm","value": "Test Remote_Process-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Remote_Process-Module-Signature_Fingerprints-Algorithms","value": "Test Remote_Process-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Remote_Process-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Remote_Process-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.36","src_name": "Test Remote_Process-Module-SRC_Name","type_id": 1,"uid": "Test Remote_Process-Module-UID","url": {"categories": ["Test Remote_Process-Module-URL-Category","Test Remote_Process-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Remote_Process-Module-URL-Extension","host": "www.remote_process-module-url-host.com","method": "Test Remote_Process-Module-URL-Method","parent_categories": ["Test Remote_Process-Module-URL-Parent_Category","Test Remote_Process-Module-URL-Parent_Categories"],"path": "/download/trouble/remote_process/module/url/path","port": 80,"provider": "Test Remote_Process-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Remote_Process-Module-URL-Referrer","referrer_categories": ["Test Remote_Process-Module-URL-Referrer_Category","Test Remote_Process-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Remote_Process-Module-URL-Scheme","text": "www.remote_process-module-url-text.com/download/trouble"},"version": "Test Remote_Process-Module-Version","xattributes": {"ads_name": "Test Remote_Process-Module-XAttributes-ADS_Name","ads_size": "Test Remote_Process-Module-XAttributes-ADS_Size","dacl": "Test Remote_Process-Module-XAttributes-DACL","owner": "Test Remote_Process-Module-XAttributes-Owner","primary_group": "Test Remote_Process-Module-XAttributes-Primary_Group","link_name": "Test Remote_Process-Module-XAttributes-Link_Name","hard_link_count": "Test Remote_Process-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Remote_Process-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Remote_Process-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Remote_Process-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Remote_Process-Session-Previous_User","Test Remote_Process-Session-Previous_Users"],"remote": true,"remote_host": "Test Remote_Process-Session-Remote_Host","remote_ip": "10.0.0.37","user": {"account_disabled": true,"cloud_resource_uid": "Test Remote_Process-Session-User-Cloud_Resource_UID","domain": "Test Remote_Process-Session-User-Domain","external_account_uid": "Test Remote_Process-Session-User-External_Account_UID","external_uid": "Test Remote_Process-Session-User-External_UID","full_name": "Test Remote_Process-Session-User-Full_Name","groups": ["Test Remote_Process-Session-User-Group","Test Remote_Process-Session-User-Groups"],"home": "Test Remote_Process-Session-User-Home","is_admin": true,"logon_name": "Test Remote_Process-Session-User-Logon_Name","name": "Test Remote_Process-Session-User-Name","password_expires": true,"shell": "Test Remote_Process-Session-User-Shell","sid": "Test Remote_Process-Session-User-SID","uid": "Test Remote_Process-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Remote_Process-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Remote_Process-User-Cloud_Resource_UID","domain": "Test Remote_Process-User-Domain","external_account_uid": "Test Remote_Process-User-External_Account_UID","external_uid": "Test Remote_Process-User-External_UID","full_name": "Test Remote_Process-User-Full_Name","groups": ["Test Remote_Process-User-Group","Test Remote_Process-User-Groups"],"home": "Test Remote_Process-User-Home","is_admin": true,"logon_name": "Test Remote_Process-User-Logon_Name","name": "Test Remote_Process-User-Name","password_expires": true,"shell": "Test Remote_Process-User-Shell","sid": "Test Remote_Process-User-SID","uid": "Test Remote_Process-User-UID"},"xattributes": {"ads_name": "Test Remote_Process-XAttributes-ADS_Name","ads_size": "Test Remote_Process-XAttributes-ADS_Size","dacl": "Test Remote_Process-XAttributes-DACL","owner": "Test Remote_Process-XAttributes-Owner","primary_group": "Test Remote_Process-XAttributes-Primary_Group","link_name": "Test Remote_Process-XAttributes-Link_Name","hard_link_count": "Test Remote_Process-XAttributes-Hard_Link_Count","Unix_permissions": "Test Remote_Process-XAttributes-Unix_Permissions"}},"seq_num": 12345678901,"sessions": [{"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote": true,"remote_host": "Test Sessions-Remote_Host 1","remote_ip": "10.0.0.26","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 1","domain": "Test Sessions-User-Domain 1","external_account_uid": "Test Sessions-User-External_Account_UID 1","external_uid": "Test Sessions-User-External_UID 1","full_name": "Test Sessions-User-Full_Name 1","groups": ["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home": "Test Sessions-User-Home 1","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 1","name": "Test session-User-Name 1","password_expires": true,"shell": "Test Sessions-User-Shell 1","sid": "Test Sessions-User-SID 1","uid": "Test Sessions-User-UID 1"}},{"auth_protocol_id": 1,"cleartext_credentials": true,"direction_id": 1,"id": 67890123451,"is_admin": true,"logon_type_id": 2,"port": 81,"previous_users": ["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote": true,"remote_host": "Test Sessions-Remote_Host 2","remote_ip": "10.0.0.27","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 2","domain": "Test Sessions-User-Domain 2","external_account_uid": "Test Sessions-User-External_Account_UID 2","external_uid": "Test Sessions-User-External_UID 2","full_name": "Test Sessions-User-Full_Name 2","groups": ["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home": "Test Sessions-User-Home 2","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 2","name": "Test session-User-Name 2","password_expires": true,"shell": "Test Sessions-User-Shell 2","sid": "Test Sessions-User-SID 2","uid": "Test Sessions-User-UID 2"}}],"severity_id": 0,"source": {"facility": "Test Source-Facility","facility_detail": "Test Source-Facility_Detail","facility_uid": "Test Source-Facility_UID","type_id": 1},"status_detail": "Test Status_Detail","status_id": 0,"status_os": "Test Status_OS","status_os_src": 12345678901,"status_stack_trace": "Test Status_Stack_Trace","status_thread_name": "Test Status_Thread_Name","stic_has_pii": true,"stic_hw_uid": "Test STIC_HW_UID","stic_ip_hash": "Test STIC_IP_Hash","stic_legacy_ent_uids": ["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids": ["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids": ["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id": "Test STIC_Schema_ID","stic_uid": "Test STIC_UID","stic_version": "Test STIC_Version","subfeature_name": "Test Subfeature_Name","time": "2024-02-29T02:00:00Z","timezone": 12345678901,"type": "Test Type","type_id": 8015,"user": {"account_disabled": true,"cloud_resource_uid": "Test User-Cloud_Resource_UID","domain": "Test User-Domain","external_account_uid": "Test User-External_Account_UID","external_uid": "Test User-External_UID","full_name": "Test User-Full_Name","groups": ["Test User-Group 1","Test User-Groups 1"],"home": "Test User-Home","is_admin": true,"logon_name": "Test User-Logon_Name","name": "Test User-Name","password_expires": true,"shell": "Test User-Shell","sid": "Test User-SID","uid": "Test User-UID"},"user_name": "Test User_Name","user_uid": "Test User_UID","uuid": "Test UUID","version": "1.4"}
 {"actor": {"app_name": "Test Actor-App_Name","app_uid": "Test Actor-App_UID","app_ver": "Test Actor-App_Ver","cmd_line": "Test Actor-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Actor-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-File-Creator","creator_process": "Test Actor-File-Creator_Process","desc": "Test Actor-File-Desc","folder": "c:\\windows\\system32\\actor\\file\\folder","folder_uid": "Test Actor-File-Folder_UID","is_system": true,"md5": "Test Actor-File-MD5","mime_type": "Test Actor-File-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-File-Modifier","name": "actor_file_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name": "Test Actor-File-Original_Name","owner": "Test Actor-File-Owner","parent_name": "Test Actor-File-Parent_Name","parent_sha2": "Test Actor-File-Parent_SHA2","path": "c:\\windows\\system32\\actor_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-File-Security_Descriptor","sha1": "Test Actor-File-SHA1","sha2": "Test Actor-File-SHA2","signature_company_name": "Test Actor-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithm","value": "Test Actor-File-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithms","value": "Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.28","src_name": "Test Actor-File-SRC_Name","type_id": 1,"uid": "Test Actor-File-UID","url": {"categories": ["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-File-URL-Extension","host": "www.actor-file-url-host.com","method": "Test Actor-File-URL-Method","parent_categories": ["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path": "/download/trouble/actor/file/url/path","port": 80,"provider": "Test Actor-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-File-URL-Referrer","referrer_categories": ["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-File-URL-Scheme","text": "www.actor-file-url-text.com/download/trouble"},"version": "Test Actor-File-Version","xattributes": {"ads_name": "Test Actor-File-XAttributes-ADS_Name","ads_size": "Test Actor-File-XAttributes-ADS_Size","dacl": "Test Actor-File-XAttributes-DACL","owner": "Test Actor-File-XAttributes-Owner","primary_group": "Test Actor-File-XAttributes-Primary_Group","link_name": "Test Actor-File-XAttributes-Link_Name","hard_link_count": "Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules": ["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Actor-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Actor-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-Module-Creator","creator_process": "Test Actor-Module-Creator_Process","desc": "Test Actor-Module-Desc","folder": "c:\\windows\\system32\\actor\\module\\folder","folder_uid": "Test Actor-Module-Folder_UID","is_system": true,"load_type": "Test Actor-Module-Load_Type","load_type_id": 0,"md5": "Test Actor-Module-MD5","mime_type": "Test Actor-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-Module-Modifier","name": "actor_module_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name": "Test Actor-Module-Original_Name","owner": "Test Actor-Module-Owner","parent_name": "Test Actor-Module-Parent_Name","parent_sha2": "Test Actor-Module-Parent_SHA2","path": "c:\\windows\\system32\\actor_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-Module-Security_Descriptor","sha1": "Test Actor-Module-SHA1","sha2": "Test Actor-Module-SHA2","signature_company_name": "Test Actor-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithm","value": "Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithms","value": "Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.29","src_name": "Test Actor-Module-SRC_Name","type_id": 1,"uid": "Test Actor-Module-UID","url": {"categories": ["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-Module-URL-Extension","host": "www.actor-module-url-host.com","method": "Test Actor-Module-URL-Method","parent_categories": ["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path": "/download/trouble/actor/module/url/path","port": 80,"provider": "Test Actor-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-Module-URL-Referrer","referrer_categories": ["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-Module-URL-Scheme","text": "www.actor-module-url-text.com/download/trouble"},"version": "Test Actor-Module-Version","xattributes": {"ads_name": "Test Actor-Module-XAttributes-ADS_Name","ads_size": "Test Actor-Module-XAttributes-ADS_Size","dacl": "Test Actor-Module-XAttributes-DACL","owner": "Test Actor-Module-XAttributes-Owner","primary_group": "Test Actor-Module-XAttributes-Primary_Group","link_name": "Test Actor-Module-XAttributes-Link_Name","hard_link_count": "Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Actor-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Actor-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote": true,"remote_host": "Test Actor-Session-Remote_Host","remote_ip": "10.0.0.30","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-Session-User-Cloud_Resource_UID","domain": "Test Actor-Session-User-Domain","external_account_uid": "Test Actor-Session-User-External_Account_UID","external_uid": "Test Actor-Session-User-External_UID","full_name": "Test Actor-Session-User-Full_Name","groups": ["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home": "Test Actor-Session-User-Home","is_admin": true,"logon_name": "Test Actor-Session-User-Logon_Name","name": "Test Actor-Session-User-Name","password_expires": true,"shell": "Test Actor-Session-User-Shell","sid": "Test Actor-Session-User-SID","uid": "Test Actor-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Actor-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-User-Cloud_Resource_UID","domain": "Test Actor-User-Domain","external_account_uid": "Test Actor-User-External_Account_UID","external_uid": "Test Actor-User-External_UID","full_name": "Test Actor-User-Full_Name","groups": ["Test Actor-User-Group","Test Actor-User-Groups"],"home": "Test Actor-User-Home","is_admin": true,"logon_name": "Test Actor-User-Logon_Name","name": "Test Actor-User-Name","password_expires": true,"shell": "Test Actor-User-Shell","sid": "Test Actor-User-SID","uid": "Test Actor-User-UID"},"xattributes": {"ads_name": "Test Actor-XAttributes-ADS_Name","ads_size": "Test Actor-XAttributes-ADS_Size","dacl": "Test Actor-XAttributes-DACL","owner": "Test Actor-XAttributes-Owner","primary_group": "Test Actor-XAttributes-Primary_Group","link_name": "Test Actor-XAttributes-Link_Name","hard_link_count": "Test Actor-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-XAttributes-Unix_Permissions"}},"analysis": "Test Analysis","attacks": [{"sub_technique_name": "Test Attacks-Sub_Technique_Name 1","sub_technique_uid": "Test Attacks-Sub_Technique_UID 1","tactic_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids": ["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name": "Test Attacks-Technique_Name 1","technique_uid": "Test Attacks-Technique_UID 1"},{"sub_technique_name": "Test Attacks-Sub_Technique_Name 2","sub_technique_uid": "Test Attacks-Sub_Technique_UID 2","tactic_ids": [21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids": ["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name": "Test Attacks-Technique_Name 2","technique_uid": "Test Attacks-Technique_UID 2"}],"category_id": 5,"collector_device_ip": "10.0.0.1","collector_device_name": "Test Collector_Device_Name","collector_name": "Test Collector_Name","collector_uid": "Test Collector_UID","composite": 1,"config_path": "Test Config_Path","container": {"host_name": "Test Container-Host_Name","image_name": "Test Container-Image_Name","image_uid": "Test Container-Image_UID","name": "Test Container-Name","networks": [{"bssid": "Test Container-Networks-BSSID 1","gateway_ip": "10.0.0.2","gateway_mac": "00:B0:D0:63:C2:01","ipv4": "10.0.0.3","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:02","rep_score_id": 0,"ssid": "Test Container-Networks-SSID 1","type_id": 0},{"bssid": "Test Container-Networks-BSSID 2","gateway_ip": "10.0.0.4","gateway_mac": "00:B0:D0:63:C2:03","ipv4": "10.0.0.5","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:04","rep_score_id": 1,"ssid": "Test Container-Networks-SSID 2","type_id": 1}],"os_name": "Test Container-OS_Name","uid": "Test Container-UID"},"correlation_uid": "Test Correltion_UID","count": 12345678901,"customer_registry_uid": "Test Customer_Registry-UID","customer_uid": "Test Customer_UID","cybox": {"domains": ["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails": [{"direction_id": 0,"header_from": "Test Cybox-Emails-Header_From 1","header_message_id": "Test Cybox-Emails-Header_Message_ID 1","header_reply_to": "Test Cybox-Emails-Header_Reply_To 1","header_subject": "Test Cybox-Emails-Header_Subject 1","header_to": ["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip": "10.0.0.6","size": 12345678901,"smtp_from": "Test Cybox-Emails-SMTP_From 1","smtp_hello": "Test Cybox-Emails-SMTP_Hello 1","smtp_to": "Test Cybox-Emails-SMTP_To 1"},{"direction_id": 1,"header_from": "Test Cybox-Emails-Header_From 2","header_message_id": "Test Cybox-Emails-Header_Message_ID 2","header_reply_to": "Test Cybox-Emails-Header_Reply_To 2","header_subject": "Test Cybox-Emails-Header_Subject 2","header_to": ["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip": "10.0.0.7","size": 12345678902,"smtp_from": "Test Cybox-Emails-SMTP_From 2","smtp_hello": "Test Cybox-Emails-SMTP_Hello 2","smtp_to": "Test Cybox-Emails-SMTP_To 2"}],"files": [{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 1","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation 1","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Cybox-Files-Content_Type-SubType 1","type_id": 0},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 1","creator_process": "Test Cybox-Files-Creator_Process 1","desc": "Test Cybox-Files-Desc 1","folder": "c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid": "Test Cybox-Files-Folder_UID 1","is_system": true,"md5": "Test Cybox-Files-MD5 1","mime_type": "Test Cybox-Files-MIME_Type 1","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 1","name": "cybox_files_name_1.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name": "Test Cybox-Files-Original_Name 1","owner": "Test Cybox-Files-Owner 1","parent_name": "Test Cybox-Files-Parent_Name 1","parent_sha2": "Test Cybox-Files-Parent_SHA2 1","path": "c:\\windows\\system32\\cybox_files_path_1.exe","product_name": "Windows Internet Explorer 1","product_path": "Test Cybox-Files-Product_Path 1","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Cybox-Files-Security_Descriptor 1","sha1": "Test Cybox-Files-SHA1 1","sha2": "Test Cybox-Files-SHA2 1","signature_company_name": "Test Cybox-Files-Signature_Company_Name 1","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value": "Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value": "Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 1","signature_level_id": 0,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 1","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Cybox-Files-SRC_Name 1","type_id": 1,"uid": "Test Cybox-Files-UID 1","url": {"categories": ["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-Files-URL-Extension 1","host": "www.files-url-host-1.com","method": "Test Cybox-Files-URL-Method 1","parent_categories": ["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path": "/download/trouble/cybox/files/url/path/1","port": 80,"provider": "Test Cybox-Files-URL-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-Files-URL-Referrer 1","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-Files-URL-Scheme 1","text": "www.files-url-text-1.com/download/trouble"},"version": "Test Cybox-Files-Version 1","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 1","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 1","dacl": "Test Cybox-Files-XAttributes-DACL 1","owner": "Test Cybox-Files-XAttributes-Owner 1","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 1","link_name": "Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 2","attribute_ids": [11,12,13,14,15,16,17],"attributes": 12345678902,"company_name": "Microsoft Corporation 2","confidentiality_id": 1,"content_type": {"family_id": 1,"subtype": "Test Cybox-Files-Content_Type-SubType 2","type_id": 1},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 2","creator_process": "Test Cybox-Files-Creator_Process 2","desc": "Test Cybox-Files-Desc 2","folder": "c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid": "Test Cybox-Files-Folder_UID 2","is_system": true,"md5": "Test Cybox-Files-MD5 2","mime_type": "Test Cybox-Files-MIME_Type 2","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 2","name": "cybox_files_name_2.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name": "Test Cybox-Files-Original_Name 2","owner": "Test Cybox-Files-Owner 2","parent_name": "Test Cybox-Files-Parent_Name 2","parent_sha2": "Test Cybox-Files-Parent_SHA2 2","path": "c:\\windows\\system32\\cybox_files_path_2.exe","product_name": "Windows Internet Explorer 2","product_path": "Test Cybox-Files-Product_Path 2","rep_discovered_band": 1,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678902,"rep_prevalence_band": 1,"rep_score": 12345678902,"rep_score_band": 1,"security_descriptor": "Test Cybox-Files-Security_Descriptor 2","sha1": "Test Cybox-Files-SHA1 2","sha2": "Test Cybox-Files-SHA2 2","signature_company_name": "Test Cybox-Files-Signature_Company_Name 2","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value": "Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value": "Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 2","signature_level_id": 1,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 2","signature_value": 12345678902,"signature_value_ids": [11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678902,"size_compressed": 12345678902,"src_ip": "10.0.0.9","src_name": "Test Cybox-Files-SRC_Name 2","type_id": 1,"uid": "Test Cybox-Files-UID 2","url": {"categories": ["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-Files-URL-Extension 2","host": "www.files-url-host-2.com","method": "Test Cybox-Files-URL-Method 2","parent_categories": ["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path": "/download/trouble/cybox/files/url/path/2","port": 81,"provider": "Test Cybox-Files-URL-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-Files-URL-Referrer 2","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-Files-URL-Scheme 2","text": "www.files-url-text-2.com/download/trouble"},"version": "Test Cybox-Files-Version 2","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 2","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 2","dacl": "Test Cybox-Files-XAttributes-DACL 2","owner": "Test Cybox-Files-XAttributes-Owner 2","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 2","link_name": "Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames": ["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.10"},"service": "Test Cybox-ICAP_ReqMod-Service 1","status": "Test Cybox-ICAP_ReqMod-Status 1","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.11"},"service": "Test Cybox-ICAP_ReqMod-Service 2","status": "Test Cybox-ICAP_ReqMod-Status 2","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_RespMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.12"},"service": "Test Cybox-ICAP_RespMod-Service 1","status": "Test Cybox-ICAP_RespMod-Status 1","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_RespMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.13"},"service": "Test Cybox-ICAP_RespMod-Service 2","status": "Test Cybox-ICAP_RespMod-Status 2","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s": ["10.0.0.14","10.0.0.15"],"ipv6s": ["2a02:cf40::","2a02:cf40::"],"macs": ["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls": [{"categories": ["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-URLs-Extension 1","host": "www.urls-host-1.com","method": "Test Cybox-URLs-Method 1","parent_categories": ["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path": "/download/trouble/cybox/urls/path/1","port": 80,"provider": "Test Cybox-URLs-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-URLs-Referrer 1","referrer_categories": ["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-URLs-Scheme 1","text": "www.urls-text-1.com/download/trouble"},{"categories": ["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-URLs-Extension 2","host": "www.urls-host-2.com","method": "Test Cybox-URLs-Method 2","parent_categories": ["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path": "/download/trouble/cybox/urls/path/2","port": 81,"provider": "Test Cybox-URLs-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-URLs-Referrer 2","referrer_categories": ["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-URLs-Scheme 2","text": "www.urls-text-2.com/download/trouble"}]},"device_alias_name": "Test Device_Alias_Name","device_cap": "Test Device_Cap","device_cloud_vm": {"autoscale_uid": "Test Device_Cloud_VM-Autoscale_UID","dc_region": "Test Device_Cloud_VM-DC_Region","instance_uid": "Test Device_Cloud_VM-Instance_UID","subnet_uid": "Test Device_Cloud_VM-Subnet_UID","vpc_uid": "Test Device_Cloud_VM-VPC_UID"},"device_desc": "Test Device_Desc","device_domain": "device.domain.internal.somecompany.com","device_domain_uid": "Test Device_Domain_UID","device_end_time": 1613021404000,"device_gateway": "10.0.0.16","device_group": "Test Device_Group","device_group_name": "Test Device_Group_Name","device_hw_bios_date": "03/31/16","device_hw_bios_manufacturer": "LENOVO","device_hw_bios_ver": "LENOVO G5ETA2WW (2.62)","device_hw_cpu_type": "x86 Family 6 Model 37 Stepping 5","device_imei": "Test Device_IMEI","device_ip": "10.0.0.17","device_is_compliant": true,"device_is_personal": true,"device_is_trusted": true,"device_is_unmanaged": true,"device_location": {"city": "Test Device_Location-City","continent": "Test Device_Location-Continent","coordinates": [-12.345,56.789],"country": "US","desc": "Test Device_Location-Desc","isp": "Test Device_Location-ISP","on_premises": true,"region": "US-CA"},"device_mac": "00:B0:D0:63:C2:07","device_name": "device.name.computer.domain","device_name_md5": "4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks": [{"bssid": "Test Device_Networks-BSSID 1","gateway_ip": "10.0.0.18","gateway_mac": "00:B0:D0:63:C2:08","ipv4": "10.0.0.19","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:09","rep_score_id": 0,"ssid": "Test Device_Networks-SSID 1","type_id": 0},{"bssid": "Test Device_Networks-BSSID 2","gateway_ip": "10.0.0.20","gateway_mac": "00:B0:D0:63:C2:10","ipv4": "10.0.0.21","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:11","rep_score_id": 1,"ssid": "Test Device_Networks-SSID 2","type_id": 1}],"device_org_unit": "Test Device_Org_Unit","device_os_bits": 12345678901,"device_os_build": "Test Device_OS_Build","device_os_country": "IN","device_os_edition": "Professional","device_os_lang": "en","device_os_name": "Windows Server 2019 Standard Edition","device_os_sp_name": "Test Device_OS_SP_Name","device_os_sp_ver": "Test Device_OS_SP_Ver","device_os_type_id": 0,"device_os_ver": "Windows 10","device_proxy_ip": "10.0.0.22","device_proxy_name": "Test Device_Proxy_Name","device_public_ip": "10.0.0.23","device_ref_uid": "Test Device_Ref_UID","device_site": "Test Device_Site","device_subnet": "81.2.69.142","device_time": 1613021404000,"device_type": "server","device_uid": "Test Device_UID","device_vhost": "Test Device_VHost","device_vhost_id": 0,"domain_uid": "Test Domain_UID","end_time": "2024-02-29T01:00:00.000Z","event_id": 8016000,"events": [{"connection": {"direction_id": 1,"dst_service": "C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip": "159.19.163.218"},"count": 1,"device_end_time": 1709225074618,"device_time": 1709225074618}],"feature_name": "Test Feature_Name","feature_path": "Test Feature_Path","feature_type": "Test Feature_Type","feature_uid": "Test Feature_UID","feature_ver": "2014.1.4.25","id": 12345678901,"impersonator_customer_uid": "Test Impersonator_Customer_UID","impersonator_domain_uid": "Test Impersonator_Domain_UID","impersonator_user_uid": "Test Impersonator_User_UID","is_user_present": true,"lineage": ["Test Lineage","Test Lineages"],"log_level": "Test Log Level","log_name": "Test Log_Name","log_time": "2024-02-29T01:00:00.000Z","logging_device_ip": "10.0.0.24","logging_device_name": "Test Logging_Device_Name","logging_device_post_time": 1613021404000,"logging_device_ref_uid": "Test Logging_Device_Ref_UID","message": "Test Message","message_code": "Test Message_Code","message_id": 0,"org_unit_uid": "Test Org_Unit_UID","orig_data": "Test Orig_Data","parent": {"app_name": "Test Parent-App_Name","app_uid": "Test Parent-App_UID","app_ver": "Test Parent-App_Ver","cmd_line": "Test Parent-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Parent-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-File-Creator","creator_process": "Test Parent-File-Creator_Process","desc": "Test Parent-File-Desc","folder": "c:\\windows\\system32\\parent\\file\\folder","folder_uid": "Test Parent-File-Folder_UID","is_system": true,"md5": "Test Parent-File-MD5","mime_type": "Test Parent-File-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-File-Modifier","name": "parent_file_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name": "Test Parent-File-Original_Name","owner": "Test Parent-File-Owner","parent_name": "Test Parent-File-Parent_Name","parent_sha2": "Test Parent-File-Parent_SHA2","path": "c:\\windows\\system32\\parent_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-File-Security_Descriptor","sha1": "Test Parent-File-SHA1","sha2": "Test Parent-File-SHA2","signature_company_name": "Test Parent-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithm","value": "Test Parent-File-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithms","value": "Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Parent Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.31","src_name": "Test Parent-File-SRC_Name","type_id": 1,"uid": "Test Parent-File-UID","url": {"categories": ["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-File-URL-Extension","host": "www.parent-file-url-host.com","method": "Test Parent-File-URL-Method","parent_categories": ["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path": "/download/trouble/parent/file/url/path","port": 80,"provider": "Test Parent-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-File-URL-Referrer","referrer_categories": ["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-File-URL-Scheme","text": "www.parent-file-url-text.com/download/trouble"},"version": "Test Parent-File-Version","xattributes": {"ads_name": "Test Parent-File-XAttributes-ADS_Name","ads_size": "Test Parent-File-XAttributes-ADS_Size","dacl": "Test Parent-File-XAttributes-DACL","owner": "Test Parent-File-XAttributes-Owner","primary_group": "Test Parent-File-XAttributes-Primary_Group","link_name": "Test Parent-File-XAttributes-Link_Name","hard_link_count": "Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules": ["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Parent-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Parent-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-Module-Creator","creator_process": "Test Parent-Module-Creator_Process","desc": "Test Parent-Module-Desc","folder": "c:\\windows\\system32\\parent\\module\\folder","folder_uid": "Test Parent-Module-Folder_UID","is_system": true,"load_type": "Test Parent-Module-Load_Type","load_type_id": 0,"md5": "Test Parent-Module-MD5","mime_type": "Test Parent-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-Module-Modifier","name": "parent_module_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name": "Test Parent-Module-Original_Name","owner": "Test Parent-Module-Owner","parent_name": "Test Parent-Module-Parent_Name","parent_sha2": "Test Parent-Module-Parent_SHA2","path": "c:\\windows\\system32\\parent_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-Module-Security_Descriptor","sha1": "Test Parent-Module-SHA1","sha2": "Test Parent-Module-SHA2","signature_company_name": "Test Parent-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithm","value": "Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithms","value": "Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Parent-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.32","src_name": "Test Parent-Module-SRC_Name","type_id": 1,"uid": "Test Parent-Module-UID","url": {"categories": ["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-Module-URL-Extension","host": "www.parent-module-url-host.com","method": "Test Parent-Module-URL-Method","parent_categories": ["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path": "/download/trouble/parent/module/url/path","port": 80,"provider": "Test Parent-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-Module-URL-Referrer","referrer_categories": ["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-Module-URL-Scheme","text": "www.parent-module-url-text.com/download/trouble"},"version": "Test Parent-Module-Version","xattributes": {"ads_name": "Test Parent-Module-XAttributes-ADS_Name","ads_size": "Test Parent-Module-XAttributes-ADS_Size","dacl": "Test Parent-Module-XAttributes-DACL","owner": "Test Parent-Module-XAttributes-Owner","primary_group": "Test Parent-Module-XAttributes-Primary_Group","link_name": "Test Parent-Module-XAttributes-Link_Name","hard_link_count": "Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Parent-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Parent-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote": true,"remote_host": "Test Parent-Session-Remote_Host","remote_ip": "10.0.0.33","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-Session-User-Cloud_Resource_UID","domain": "Test Parent-Session-User-Domain","external_account_uid": "Test Parent-Session-User-External_Account_UID","external_uid": "Test Parent-Session-User-External_UID","full_name": "Test Parent-Session-User-Full_Name","groups": ["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home": "Test Parent-Session-User-Home","is_admin": true,"logon_name": "Test Parent-Session-User-Logon_Name","name": "Test Parent-Session-User-Name","password_expires": true,"shell": "Test Parent-Session-User-Shell","sid": "Test Parent-Session-User-SID","uid": "Test Parent-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Parent-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-User-Cloud_Resource_UID","domain": "Test Parent-User-Domain","external_account_uid": "Test Parent-User-External_Account_UID","external_uid": "Test Parent-User-External_UID","full_name": "Test Parent-User-Full_Name","groups": ["Test Parent-User-Group","Test Parent-User-Groups"],"home": "Test Parent-User-Home","is_admin": true,"logon_name": "Test Parent-User-Logon_Name","name": "Test Parent-User-Name","password_expires": true,"shell": "Test Parent-User-Shell","sid": "Test Parent-User-SID","uid": "Test Parent-User-UID"},"xattributes": {"ads_name": "Test Parent-XAttributes-ADS_Name","ads_size": "Test Parent-XAttributes-ADS_Size","dacl": "Test Parent-XAttributes-DACL","owner": "Test Parent-XAttributes-Owner","primary_group": "Test Parent-XAttributes-Primary_Group","link_name": "Test Parent-XAttributes-Link_Name","hard_link_count": "Test Parent-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-XAttributes-Unix_Permissions"}},"policy": {"desc": "Test Policy-Desc","effective_date": 1613021404000,"group_desc": "Test Policy-Group_Desc","group_name": "Test Policy-Group_Name","group_uid": "Test Policy-Group_UID","label": "Test Policy-Label","name": "Test Policy-Name","rule_category_id": 0,"rule_desc": "Test Policy-Rule_Desc","rule_group_desc": "Test Policy-Rule_Group_Desc","rule_group_name": "Test Policy-Rule_Group_Name","rule_group_uid": "Test Policy-Rule_Group_UID","rule_name": "Test Policy-Rule_Name","rule_uid": "Test Policy-Rule_UID","rules": [{"category_id": 0,"desc": "Test Policy-Rules-Desc 1","dlp_type_id": 1,"name": "Test Policy-Rules-Name 1","num_violations": 12345678901,"uid": "Test Policy-Rules-UID 1"},{"category_id": 1,"desc": "Test Policy-Rules-Desc 2","dlp_type_id": 2,"name": "Test Policy-Rules-Name 2","num_violations": 12345678902,"uid": "Test Policy-Rules-UID 2"}],"state_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id": 0,"uid": "Test Policy-UID","version": "Test Policy-Version"},"product_data": {"sep_domain_uid": "Test Product_Data-Sep_Domain_UID","sep_hw_uid": "Test Product_Data-Sep_HW_UID"},"product_lang": "en","product_name": "Symantec Endpoint Security","product_uid": "Test Product_UID","product_ver": "2014.1.4.25-beta","proxy_device_ip": "10.0.0.25","proxy_device_name": "Test Proxy_Device_Name","raw_data": {"assetID": "vc9DagprQYyLZ23SEY1APw","assetOpstateDTO": {"productUuid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9","features": [{"uuid": "1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus": "SECURE","opstate": {"EDRContentSequence": "20231128005","EDREngineVersion": "4.11.0.10","EDRFramworkVersion": "4.10.0.59","FDRStatus": true,"LowDiskSpace": false,"MaxDBSizeHonored": true,"applied_policy": {"effective_date": 1709219437080,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "7dc29d40-f303-477a-9012-287ef252a391","version": "16"},"disk_usage_mb": 1546,"fdr_first_event_date": "20240227","fdr_state": 1},"state": "ENABLED","statusReason": ["-107","0"],"prevention_state": "1"},{"uuid": "225EB6FA-6404-4086-A45F-3C9AB5C21D36","featureStatus": "SECURE","opstate": {"advanced_state": 3,"applied_policy": {"effective_date": 1709128058705,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "05ee2b8e-2dbe-4c8b-9b4d-da7fa05c4499","version": "1"},"basic_state": 1,"contents": [{"content_last_download_time": 1709219662242,"content_type_id": 5,"engine_version": "2023-07-12","locked": false,"sequence": 240228092,"version": "2024-02-28 rev. 092"}],"licensing_state": "ENTITLED"},"state": "ENABLED","statusReason": ["0"],"prevention_state": "1"}],"products_active": 0,"blades": 0}},"ref_log_name": "Test Ref_Log_Name","ref_log_time": "2024-02-29T01:00:00.000Z","ref_orig_uid": "Test Ref_Orig_UID","ref_uid": "Test Ref_UID","remediated": true,"remediation": "Test Remediation","remediation_ref": "Test Remediation_Ref","remediation_uid": 0,"seq_num": 12345678901,"sessions": [{"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote": true,"remote_host": "Test Sessions-Remote_Host 1","remote_ip": "10.0.0.26","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 1","domain": "Test Sessions-User-Domain 1","external_account_uid": "Test Sessions-User-External_Account_UID 1","external_uid": "Test Sessions-User-External_UID 1","full_name": "Test Sessions-User-Full_Name 1","groups": ["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home": "Test Sessions-User-Home 1","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 1","name": "Test session-User-Name 1","password_expires": true,"shell": "Test Sessions-User-Shell 1","sid": "Test Sessions-User-SID 1","uid": "Test Sessions-User-UID 1"}},{"auth_protocol_id": 1,"cleartext_credentials": true,"direction_id": 1,"id": 67890123451,"is_admin": true,"logon_type_id": 2,"port": 81,"previous_users": ["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote": true,"remote_host": "Test Sessions-Remote_Host 2","remote_ip": "10.0.0.27","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 2","domain": "Test Sessions-User-Domain 2","external_account_uid": "Test Sessions-User-External_Account_UID 2","external_uid": "Test Sessions-User-External_UID 2","full_name": "Test Sessions-User-Full_Name 2","groups": ["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home": "Test Sessions-User-Home 2","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 2","name": "Test session-User-Name 2","password_expires": true,"shell": "Test Sessions-User-Shell 2","sid": "Test Sessions-User-SID 2","uid": "Test Sessions-User-UID 2"}}],"severity_id": 0,"source": {"facility": "Test Source-Facility","facility_detail": "Test Source-Facility_Detail","facility_uid": "Test Source-Facility_UID","type_id": 1},"startup_app": {"cmd_line": "Test Startup_App-CMD_Line","desc": "Test Startup_App-Desc","device_os_integrity_protection": true,"file": {"accessed": 1613021404000,"accessor": "Test Startup_App-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Startup_App-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Startup_App-File-Creator","creator_process": "Test Startup_App-File-Creator_Process","desc": "Test Startup_App-File-Desc 1","folder": "c:\\windows\\system32\\startup_app\\file\\folder","folder_uid": "Test Startup_App-File-Folder_UID","is_system": true,"md5": "Test Startup_App-File-MD5","mime_type": "Test Startup_App-File-MIME_Type","modified": 1613021404000,"modifier": "Test Startup_App-File-Modifier","name": "startup_app_file_name.exe","normalized_path": "CSIDL_SYSTEM\\startup_app_file_normalized_path.exe","original_name": "Test Startup_App-File-Original_Name","owner": "Test Startup_App-File-Owner","parent_name": "Test Startup_App-File-Parent_Name","parent_sha2": "Test Startup_App-File-Parent_SHA2","path": "c:\\windows\\system32\\startup_app_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Startup_App-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Startup_App-File-Security_Descriptor","sha1": "Test Startup_App-File-SHA1","sha2": "Test Startup_App-File-SHA2","signature_company_name": "Test Startup_App-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Startup_App-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Startup_App-File-Signature_Fingerprints-Algorithm","value": "Test Startup_App-File-Signature_Fingerprints-Value"},{"algorithm": "Test Startup_App-File-Signature_Fingerprints-Algorithms","value": "Test Startup_App-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Startup_App-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Startup_App-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Startup_App-File-SRC_Name","type_id": 1,"uid": "Test Startup_App-File-UID","url": {"categories": ["Test Startup_App-File-URL-Category","Test Startup_App-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Startup_App-File-URL-Extension","host": "www.startup_app-file-url-host.com","method": "Test Startup_App-File-URL-Method","parent_categories": ["Test Startup_App-File-URL-Parent_Category","Test Startup_App-File-URL-Parent_Categories"],"path": "/download/trouble/startup_app/file/url/path","port": 80,"provider": "Test Startup_App-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Startup_App-File-URL-Referrer","referrer_categories": ["Test Startup_App-File-URL-Referrer_Category","Test Startup_App-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Startup_App-File-URL-Scheme","text": "www.startup_app-file-url-text.com/download/trouble"},"version": "Test Startup_App-File-Version","xattributes": {"ads_name": "Test Startup_App-File-XAttributes-ADS_Name","ads_size": "Test Startup_App-File-XAttributes-ADS_Size","dacl": "Test Startup_App-File-XAttributes-DACL","owner": "Test Startup_App-File-XAttributes-Owner","primary_group": "Test Startup_App-File-XAttributes-Primary_Group","link_name": "Test Startup_App-File-XAttributes-Link_Name","hard_link_count": "Test Startup_App-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Startup_App-File-XAttributes-Unix_Permissions"}},"name": "Test Startup_App-Name","normalized_cmd_line": "Test Startup_App-Normalized_CMD_Line","run_state_id": 1,"start_id": 0,"subtype_ids": [0,1,2,3,4],"subtypes": ["Test Startup_App-Subtype","Test Startup_App-Subtypes"],"type_ids": [0,1,2,3,4,5,6,7,8,9,10,11],"vendor": "Test Startup_App-Vendor"},"status_detail": "Test Status_Detail","status_id": 0,"status_os": "Test Status_OS","status_os_src": 12345678901,"status_stack_trace": "Test Status_Stack_Trace","status_thread_name": "Test Status_Thread_Name","stic_has_pii": true,"stic_hw_uid": "Test STIC_HW_UID","stic_ip_hash": "Test STIC_IP_Hash","stic_legacy_ent_uids": ["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids": ["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids": ["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id": "Test STIC_Schema_ID","stic_uid": "Test STIC_UID","stic_version": "Test STIC_Version","subfeature_name": "Test Subfeature_Name","time": "2024-02-29T02:00:00Z","timezone": 12345678901,"type": "Test Type","type_id": 8016,"user": {"account_disabled": true,"cloud_resource_uid": "Test User-Cloud_Resource_UID","domain": "Test User-Domain","external_account_uid": "Test User-External_Account_UID","external_uid": "Test User-External_UID","full_name": "Test User-Full_Name","groups": ["Test User-Group 1","Test User-Groups 1"],"home": "Test User-Home","is_admin": true,"logon_name": "Test User-Logon_Name","name": "Test User-Name","password_expires": true,"shell": "Test User-Shell","sid": "Test User-SID","uid": "Test User-UID"},"user_name": "Test User_Name","user_uid": "Test User_UID","uuid": "Test UUID","version": "1.4"}
 {"actor": {"app_name": "Test Actor-App_Name","app_uid": "Test Actor-App_UID","app_ver": "Test Actor-App_Ver","cmd_line": "Test Actor-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Actor-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-File-Creator","creator_process": "Test Actor-File-Creator_Process","desc": "Test Actor-File-Desc","folder": "c:\\windows\\system32\\actor\\file\\folder","folder_uid": "Test Actor-File-Folder_UID","is_system": true,"md5": "Test Actor-File-MD5","mime_type": "Test Actor-File-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-File-Modifier","name": "actor_file_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name": "Test Actor-File-Original_Name","owner": "Test Actor-File-Owner","parent_name": "Test Actor-File-Parent_Name","parent_sha2": "Test Actor-File-Parent_SHA2","path": "c:\\windows\\system32\\actor_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-File-Security_Descriptor","sha1": "Test Actor-File-SHA1","sha2": "Test Actor-File-SHA2","signature_company_name": "Test Actor-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithm","value": "Test Actor-File-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-File-Signature_Fingerprints-Algorithms","value": "Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.28","src_name": "Test Actor-File-SRC_Name","type_id": 1,"uid": "Test Actor-File-UID","url": {"categories": ["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-File-URL-Extension","host": "www.actor-file-url-host.com","method": "Test Actor-File-URL-Method","parent_categories": ["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path": "/download/trouble/actor/file/url/path","port": 80,"provider": "Test Actor-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-File-URL-Referrer","referrer_categories": ["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-File-URL-Scheme","text": "www.actor-file-url-text.com/download/trouble"},"version": "Test Actor-File-Version","xattributes": {"ads_name": "Test Actor-File-XAttributes-ADS_Name","ads_size": "Test Actor-File-XAttributes-ADS_Size","dacl": "Test Actor-File-XAttributes-DACL","owner": "Test Actor-File-XAttributes-Owner","primary_group": "Test Actor-File-XAttributes-Primary_Group","link_name": "Test Actor-File-XAttributes-Link_Name","hard_link_count": "Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules": ["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Actor-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Actor-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Actor-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Actor-Module-Creator","creator_process": "Test Actor-Module-Creator_Process","desc": "Test Actor-Module-Desc","folder": "c:\\windows\\system32\\actor\\module\\folder","folder_uid": "Test Actor-Module-Folder_UID","is_system": true,"load_type": "Test Actor-Module-Load_Type","load_type_id": 0,"md5": "Test Actor-Module-MD5","mime_type": "Test Actor-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Actor-Module-Modifier","name": "actor_module_name.exe","normalized_path": "CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name": "Test Actor-Module-Original_Name","owner": "Test Actor-Module-Owner","parent_name": "Test Actor-Module-Parent_Name","parent_sha2": "Test Actor-Module-Parent_SHA2","path": "c:\\windows\\system32\\actor_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Actor-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Actor-Module-Security_Descriptor","sha1": "Test Actor-Module-SHA1","sha2": "Test Actor-Module-SHA2","signature_company_name": "Test Actor-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Actor-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithm","value": "Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Actor-Module-Signature_Fingerprints-Algorithms","value": "Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Actor-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Actor-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.29","src_name": "Test Actor-Module-SRC_Name","type_id": 1,"uid": "Test Actor-Module-UID","url": {"categories": ["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Actor-Module-URL-Extension","host": "www.actor-module-url-host.com","method": "Test Actor-Module-URL-Method","parent_categories": ["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path": "/download/trouble/actor/module/url/path","port": 80,"provider": "Test Actor-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Actor-Module-URL-Referrer","referrer_categories": ["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Actor-Module-URL-Scheme","text": "www.actor-module-url-text.com/download/trouble"},"version": "Test Actor-Module-Version","xattributes": {"ads_name": "Test Actor-Module-XAttributes-ADS_Name","ads_size": "Test Actor-Module-XAttributes-ADS_Size","dacl": "Test Actor-Module-XAttributes-DACL","owner": "Test Actor-Module-XAttributes-Owner","primary_group": "Test Actor-Module-XAttributes-Primary_Group","link_name": "Test Actor-Module-XAttributes-Link_Name","hard_link_count": "Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Actor-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Actor-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote": true,"remote_host": "Test Actor-Session-Remote_Host","remote_ip": "10.0.0.30","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-Session-User-Cloud_Resource_UID","domain": "Test Actor-Session-User-Domain","external_account_uid": "Test Actor-Session-User-External_Account_UID","external_uid": "Test Actor-Session-User-External_UID","full_name": "Test Actor-Session-User-Full_Name","groups": ["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home": "Test Actor-Session-User-Home","is_admin": true,"logon_name": "Test Actor-Session-User-Logon_Name","name": "Test Actor-Session-User-Name","password_expires": true,"shell": "Test Actor-Session-User-Shell","sid": "Test Actor-Session-User-SID","uid": "Test Actor-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Actor-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Actor-User-Cloud_Resource_UID","domain": "Test Actor-User-Domain","external_account_uid": "Test Actor-User-External_Account_UID","external_uid": "Test Actor-User-External_UID","full_name": "Test Actor-User-Full_Name","groups": ["Test Actor-User-Group","Test Actor-User-Groups"],"home": "Test Actor-User-Home","is_admin": true,"logon_name": "Test Actor-User-Logon_Name","name": "Test Actor-User-Name","password_expires": true,"shell": "Test Actor-User-Shell","sid": "Test Actor-User-SID","uid": "Test Actor-User-UID"},"xattributes": {"ads_name": "Test Actor-XAttributes-ADS_Name","ads_size": "Test Actor-XAttributes-ADS_Size","dacl": "Test Actor-XAttributes-DACL","owner": "Test Actor-XAttributes-Owner","primary_group": "Test Actor-XAttributes-Primary_Group","link_name": "Test Actor-XAttributes-Link_Name","hard_link_count": "Test Actor-XAttributes-Hard_Link_Count","Unix_permissions": "Test Actor-XAttributes-Unix_Permissions"}},"analysis": "Test Analysis","attacks": [{"sub_technique_name": "Test Attacks-Sub_Technique_Name 1","sub_technique_uid": "Test Attacks-Sub_Technique_UID 1","tactic_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids": ["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name": "Test Attacks-Technique_Name 1","technique_uid": "Test Attacks-Technique_UID 1"},{"sub_technique_name": "Test Attacks-Sub_Technique_Name 2","sub_technique_uid": "Test Attacks-Sub_Technique_UID 2","tactic_ids": [21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids": ["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name": "Test Attacks-Technique_Name 2","technique_uid": "Test Attacks-Technique_UID 2"}],"category_id": 5,"collector_device_ip": "10.0.0.1","collector_device_name": "Test Collector_Device_Name","collector_name": "Test Collector_Name","collector_uid": "Test Collector_UID","composite": 1,"container": {"host_name": "Test Container-Host_Name","image_name": "Test Container-Image_Name","image_uid": "Test Container-Image_UID","name": "Test Container-Name","networks": [{"bssid": "Test Container-Networks-BSSID 1","gateway_ip": "10.0.0.2","gateway_mac": "00:B0:D0:63:C2:01","ipv4": "10.0.0.3","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:02","rep_score_id": 0,"ssid": "Test Container-Networks-SSID 1","type_id": 0},{"bssid": "Test Container-Networks-BSSID 2","gateway_ip": "10.0.0.4","gateway_mac": "00:B0:D0:63:C2:03","ipv4": "10.0.0.5","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:04","rep_score_id": 1,"ssid": "Test Container-Networks-SSID 2","type_id": 1}],"os_name": "Test Container-OS_Name","uid": "Test Container-UID"},"correlation_uid": "Test Correltion_UID","count": 12345678901,"customer_registry_uid": "Test Customer_Registry-UID","customer_uid": "Test Customer_UID","cybox": {"domains": ["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails": [{"direction_id": 0,"header_from": "Test Cybox-Emails-Header_From 1","header_message_id": "Test Cybox-Emails-Header_Message_ID 1","header_reply_to": "Test Cybox-Emails-Header_Reply_To 1","header_subject": "Test Cybox-Emails-Header_Subject 1","header_to": ["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip": "10.0.0.6","size": 12345678901,"smtp_from": "Test Cybox-Emails-SMTP_From 1","smtp_hello": "Test Cybox-Emails-SMTP_Hello 1","smtp_to": "Test Cybox-Emails-SMTP_To 1"},{"direction_id": 1,"header_from": "Test Cybox-Emails-Header_From 2","header_message_id": "Test Cybox-Emails-Header_Message_ID 2","header_reply_to": "Test Cybox-Emails-Header_Reply_To 2","header_subject": "Test Cybox-Emails-Header_Subject 2","header_to": ["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip": "10.0.0.7","size": 12345678902,"smtp_from": "Test Cybox-Emails-SMTP_From 2","smtp_hello": "Test Cybox-Emails-SMTP_Hello 2","smtp_to": "Test Cybox-Emails-SMTP_To 2"}],"files": [{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 1","attribute_ids": [1,2,3,4,5,6,7,8,9,10],"attributes": 12345678901,"company_name": "Microsoft Corporation 1","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Cybox-Files-Content_Type-SubType 1","type_id": 0},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 1","creator_process": "Test Cybox-Files-Creator_Process 1","desc": "Test Cybox-Files-Desc 1","folder": "c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid": "Test Cybox-Files-Folder_UID 1","is_system": true,"md5": "Test Cybox-Files-MD5 1","mime_type": "Test Cybox-Files-MIME_Type 1","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 1","name": "cybox_files_name_1.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name": "Test Cybox-Files-Original_Name 1","owner": "Test Cybox-Files-Owner 1","parent_name": "Test Cybox-Files-Parent_Name 1","parent_sha2": "Test Cybox-Files-Parent_SHA2 1","path": "c:\\windows\\system32\\cybox_files_path_1.exe","product_name": "Windows Internet Explorer 1","product_path": "Test Cybox-Files-Product_Path 1","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Cybox-Files-Security_Descriptor 1","sha1": "Test Cybox-Files-SHA1 1","sha2": "Test Cybox-Files-SHA2 1","signature_company_name": "Test Cybox-Files-Signature_Company_Name 1","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value": "Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value": "Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 1","signature_level_id": 0,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 1","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.8","src_name": "Test Cybox-Files-SRC_Name 1","type_id": 1,"uid": "Test Cybox-Files-UID 1","url": {"categories": ["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-Files-URL-Extension 1","host": "www.files-url-host-1.com","method": "Test Cybox-Files-URL-Method 1","parent_categories": ["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path": "/download/trouble/cybox/files/url/path/1","port": 80,"provider": "Test Cybox-Files-URL-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-Files-URL-Referrer 1","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-Files-URL-Scheme 1","text": "www.files-url-text-1.com/download/trouble"},"version": "Test Cybox-Files-Version 1","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 1","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 1","dacl": "Test Cybox-Files-XAttributes-DACL 1","owner": "Test Cybox-Files-XAttributes-Owner 1","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 1","link_name": "Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed": 1613021404000,"accessor": "Test Cybox-Files-Accessor 2","attribute_ids": [11,12,13,14,15,16,17],"attributes": 12345678902,"company_name": "Microsoft Corporation 2","confidentiality_id": 1,"content_type": {"family_id": 1,"subtype": "Test Cybox-Files-Content_Type-SubType 2","type_id": 1},"created": 1613021404000,"creator": "Test Cybox-Files-Creator 2","creator_process": "Test Cybox-Files-Creator_Process 2","desc": "Test Cybox-Files-Desc 2","folder": "c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid": "Test Cybox-Files-Folder_UID 2","is_system": true,"md5": "Test Cybox-Files-MD5 2","mime_type": "Test Cybox-Files-MIME_Type 2","modified": 1613021404000,"modifier": "Test Cybox-Files-Modifier 2","name": "cybox_files_name_2.exe","normalized_path": "CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name": "Test Cybox-Files-Original_Name 2","owner": "Test Cybox-Files-Owner 2","parent_name": "Test Cybox-Files-Parent_Name 2","parent_sha2": "Test Cybox-Files-Parent_SHA2 2","path": "c:\\windows\\system32\\cybox_files_path_2.exe","product_name": "Windows Internet Explorer 2","product_path": "Test Cybox-Files-Product_Path 2","rep_discovered_band": 1,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678902,"rep_prevalence_band": 1,"rep_score": 12345678902,"rep_score_band": 1,"security_descriptor": "Test Cybox-Files-Security_Descriptor 2","sha1": "Test Cybox-Files-SHA1 2","sha2": "Test Cybox-Files-SHA2 2","signature_company_name": "Test Cybox-Files-Signature_Company_Name 2","signature_created_date": 1613021404000,"signature_developer_uid": "Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints": [{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value": "Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm": "Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value": "Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer": "Test Cybox-Files-Signature_Issuer 2","signature_level_id": 1,"signature_serial_number": "Test Cybox-Files-Signature_Serial_Number 2","signature_value": 12345678902,"signature_value_ids": [11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678902,"size_compressed": 12345678902,"src_ip": "10.0.0.9","src_name": "Test Cybox-Files-SRC_Name 2","type_id": 1,"uid": "Test Cybox-Files-UID 2","url": {"categories": ["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-Files-URL-Extension 2","host": "www.files-url-host-2.com","method": "Test Cybox-Files-URL-Method 2","parent_categories": ["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path": "/download/trouble/cybox/files/url/path/2","port": 81,"provider": "Test Cybox-Files-URL-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-Files-URL-Referrer 2","referrer_categories": ["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-Files-URL-Scheme 2","text": "www.files-url-text-2.com/download/trouble"},"version": "Test Cybox-Files-Version 2","xattributes": {"ads_name": "Test Cybox-Files-XAttributes-ADS_Name 2","ads_size": "Test Cybox-Files-XAttributes-ADS_Size 2","dacl": "Test Cybox-Files-XAttributes-DACL 2","owner": "Test Cybox-Files-XAttributes-Owner 2","primary_group": "Test Cybox-Files-XAttributes-Primary_Group 2","link_name": "Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count": "Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions": "Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames": ["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip": "10.0.0.10"},"service": "Test Cybox-ICAP_ReqMod-Service 1","status": "Test Cybox-ICAP_ReqMod-Status 1","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip": "10.0.0.11"},"service": "Test Cybox-ICAP_ReqMod-Service 2","status": "Test Cybox-ICAP_ReqMod-Status 2","status_detail": "Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod": [{"metadata": {"field1_keyword": "Test Cybox-ICAP_RespMod-field1_Keyword","field1_number": 12345678901,"field1_boolean": true,"field1_ip":"10.0.0.12"},"service": "Test Cybox-ICAP_RespMod-Service 1","status": "Test Cybox-ICAP_RespMod-Status 1","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata": {"field2_keyword": "Test Cybox-ICAP_RespMod-field2_Keyword","field2_number": 12345678902,"field2_boolean": true,"field2_ip":"10.0.0.13"},"service": "Test Cybox-ICAP_RespMod-Service 2","status": "Test Cybox-ICAP_RespMod-Status 2","status_detail": "Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s": ["10.0.0.14","10.0.0.15"],"ipv6s": ["2a02:cf40::","2a02:cf40::"],"macs": ["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls": [{"categories": ["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension": "Test Cybox-URLs-Extension 1","host": "www.urls-host-1.com","method": "Test Cybox-URLs-Method 1","parent_categories": ["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path": "/download/trouble/cybox/urls/path/1","port": 80,"provider": "Test Cybox-URLs-Provider 1","query": "q=bad&sort=date_1","referrer": "Test Cybox-URLs-Referrer 1","referrer_categories": ["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Cybox-URLs-Scheme 1","text": "www.urls-text-1.com/download/trouble"},{"categories": ["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids": [101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Cybox-URLs-Extension 2","host": "www.urls-host-2.com","method": "Test Cybox-URLs-Method 2","parent_categories": ["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path": "/download/trouble/cybox/urls/path/2","port": 81,"provider": "Test Cybox-URLs-Provider 2","query": "q=bad&sort=date_2","referrer": "Test Cybox-URLs-Referrer 2","referrer_categories": ["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids": [12345678902,67890123452],"rep_score_id": 1,"scheme": "Test Cybox-URLs-Scheme 2","text": "www.urls-text-2.com/download/trouble"}]},"data": "Test Data","data_size": 12345678901,"device_alias_name": "Test Device_Alias_Name","device_cap": "Test Device_Cap","device_cloud_vm": {"autoscale_uid": "Test Device_Cloud_VM-Autoscale_UID","dc_region": "Test Device_Cloud_VM-DC_Region","instance_uid": "Test Device_Cloud_VM-Instance_UID","subnet_uid": "Test Device_Cloud_VM-Subnet_UID","vpc_uid": "Test Device_Cloud_VM-VPC_UID"},"device_desc": "Test Device_Desc","device_domain": "device.domain.internal.somecompany.com","device_domain_uid": "Test Device_Domain_UID","device_end_time": 1613021404000,"device_gateway": "10.0.0.16","device_group": "Test Device_Group","device_group_name": "Test Device_Group_Name","device_hw_bios_date": "03/31/16","device_hw_bios_manufacturer": "LENOVO","device_hw_bios_ver": "LENOVO G5ETA2WW (2.62)","device_hw_cpu_type": "x86 Family 6 Model 37 Stepping 5","device_imei": "Test Device_IMEI","device_ip": "10.0.0.17","device_is_compliant": true,"device_is_personal": true,"device_is_trusted": true,"device_is_unmanaged": true,"device_location": {"city": "Test Device_Location-City","continent": "Test Device_Location-Continent","coordinates": [-12.345,56.789],"country": "US","desc": "Test Device_Location-Desc","isp": "Test Device_Location-ISP","on_premises": true,"region": "US-CA"},"device_mac": "00:B0:D0:63:C2:07","device_name": "device.name.computer.domain","device_name_md5": "4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks": [{"bssid": "Test Device_Networks-BSSID 1","gateway_ip": "10.0.0.18","gateway_mac": "00:B0:D0:63:C2:08","ipv4": "10.0.0.19","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:09","rep_score_id": 0,"ssid": "Test Device_Networks-SSID 1","type_id": 0},{"bssid": "Test Device_Networks-BSSID 2","gateway_ip": "10.0.0.20","gateway_mac": "00:B0:D0:63:C2:10","ipv4": "10.0.0.21","ipv6": "2a02:cf40::","is_public": true,"mac": "00:B0:D0:63:C2:11","rep_score_id": 1,"ssid": "Test Device_Networks-SSID 2","type_id": 1}],"device_org_unit": "Test Device_Org_Unit","device_os_bits": 12345678901,"device_os_build": "Test Device_OS_Build","device_os_country": "IN","device_os_edition": "Professional","device_os_lang": "en","device_os_name": "Windows Server 2019 Standard Edition","device_os_sp_name": "Test Device_OS_SP_Name","device_os_sp_ver": "Test Device_OS_SP_Ver","device_os_type_id": 0,"device_os_ver": "Windows 10","device_proxy_ip": "10.0.0.22","device_proxy_name": "Test Device_Proxy_Name","device_public_ip": "10.0.0.23","device_ref_uid": "Test Device_Ref_UID","device_site": "Test Device_Site","device_subnet": "81.2.69.142","device_time": 1613021404000,"device_type": "server","device_uid": "Test Device_UID","device_vhost": "Test Device_VHost","device_vhost_id": 0,"domain_uid": "Test Domain_UID","end_time": "2024-02-29T01:00:00.000Z","event_id": 8018004,"events": [{"connection": {"direction_id": 1,"dst_service": "C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip": "159.19.163.218"},"count": 1,"device_end_time": 1709225074618,"device_time": 1709225074618}],"feature_name": "Test Feature_Name","feature_path": "Test Feature_Path","feature_type": "Test Feature_Type","feature_uid": "Test Feature_UID","feature_ver": "2014.1.4.25","id": 12345678901,"impersonator_customer_uid": "Test Impersonator_Customer_UID","impersonator_domain_uid": "Test Impersonator_Domain_UID","impersonator_user_uid": "Test Impersonator_User_UID","is_user_present": true,"lineage": ["Test Lineage","Test Lineages"],"log_level": "Test Log Level","log_name": "Test Log_Name","log_time": "2024-02-29T01:00:00.000Z","logging_device_ip": "10.0.0.24","logging_device_name": "Test Logging_Device_Name","logging_device_post_time": 1613021404000,"logging_device_ref_uid": "Test Logging_Device_Ref_UID","message": "Test Message","message_code": "Test Message_Code","message_id": 0,"org_unit_uid": "Test Org_Unit_UID","orig_data": "Test Orig_Data","parent": {"app_name": "Test Parent-App_Name","app_uid": "Test Parent-App_UID","app_ver": "Test Parent-App_Ver","cmd_line": "Test Parent-CMD_Line","file": {"accessed": 1613021404000,"accessor": "Test Parent-File-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-File-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-File-Creator","creator_process": "Test Parent-File-Creator_Process","desc": "Test Parent-File-Desc","folder": "c:\\windows\\system32\\parent\\file\\folder","folder_uid": "Test Parent-File-Folder_UID","is_system": true,"md5": "Test Parent-File-MD5","mime_type": "Test Parent-File-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-File-Modifier","name": "parent_file_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name": "Test Parent-File-Original_Name","owner": "Test Parent-File-Owner","parent_name": "Test Parent-File-Parent_Name","parent_sha2": "Test Parent-File-Parent_SHA2","path": "c:\\windows\\system32\\parent_file_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-File-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-File-Security_Descriptor","sha1": "Test Parent-File-SHA1","sha2": "Test Parent-File-SHA2","signature_company_name": "Test Parent-File-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-File-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithm","value": "Test Parent-File-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-File-Signature_Fingerprints-Algorithms","value": "Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-File-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Parent Actor-File-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.31","src_name": "Test Parent-File-SRC_Name","type_id": 1,"uid": "Test Parent-File-UID","url": {"categories": ["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-File-URL-Extension","host": "www.parent-file-url-host.com","method": "Test Parent-File-URL-Method","parent_categories": ["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path": "/download/trouble/parent/file/url/path","port": 80,"provider": "Test Parent-File-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-File-URL-Referrer","referrer_categories": ["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-File-URL-Scheme","text": "www.parent-file-url-text.com/download/trouble"},"version": "Test Parent-File-Version","xattributes": {"ads_name": "Test Parent-File-XAttributes-ADS_Name","ads_size": "Test Parent-File-XAttributes-ADS_Size","dacl": "Test Parent-File-XAttributes-DACL","owner": "Test Parent-File-XAttributes-Owner","primary_group": "Test Parent-File-XAttributes-Primary_Group","link_name": "Test Parent-File-XAttributes-Link_Name","hard_link_count": "Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id": 0,"lineage": ["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules": ["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module": {"accessed": 1613021404000,"accessor": "Test Parent-Module-Accessor","attribute_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes": 12345678901,"base_address": "Test Parent-Module-Base_Address","company_name": "Microsoft Corporation","confidentiality_id": 0,"content_type": {"family_id": 0,"subtype": "Test Parent-Module-Content_Type-SubType","type_id": 0},"created": 1613021404000,"creator": "Test Parent-Module-Creator","creator_process": "Test Parent-Module-Creator_Process","desc": "Test Parent-Module-Desc","folder": "c:\\windows\\system32\\parent\\module\\folder","folder_uid": "Test Parent-Module-Folder_UID","is_system": true,"load_type": "Test Parent-Module-Load_Type","load_type_id": 0,"md5": "Test Parent-Module-MD5","mime_type": "Test Parent-Module-MIME_Type","modified": 1613021404000,"modifier": "Test Parent-Module-Modifier","name": "parent_module_name.exe","normalized_path": "CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name": "Test Parent-Module-Original_Name","owner": "Test Parent-Module-Owner","parent_name": "Test Parent-Module-Parent_Name","parent_sha2": "Test Parent-Module-Parent_SHA2","path": "c:\\windows\\system32\\parent_module_path.exe","product_name": "Windows Internet Explorer","product_path": "Test Parent-Module-Product_Path","rep_discovered_band": 0,"rep_discovered_date": 1613021404000,"rep_prevalence": 12345678901,"rep_prevalence_band": 0,"rep_score": 12345678901,"rep_score_band": 0,"security_descriptor": "Test Parent-Module-Security_Descriptor","sha1": "Test Parent-Module-SHA1","sha2": "Test Parent-Module-SHA2","signature_company_name": "Test Parent-Module-Signature_Company_Name","signature_created_date": 1613021404000,"signature_developer_uid": "Test Parent-Module-Signature_Developer_UID","signature_fingerprints": [{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithm","value": "Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm": "Test Parent-Module-Signature_Fingerprints-Algorithms","value": "Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer": "Test Parent-Module-Signature_Issuer","signature_level_id": 0,"signature_serial_number": "Test Parent-Module-Signature_Serial_Number","signature_value": 12345678901,"signature_value_ids": [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size": 12345678901,"size_compressed": 12345678901,"src_ip": "10.0.0.32","src_name": "Test Parent-Module-SRC_Name","type_id": 1,"uid": "Test Parent-Module-UID","url": {"categories": ["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids": [1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension": "Test Parent-Module-URL-Extension","host": "www.parent-module-url-host.com","method": "Test Parent-Module-URL-Method","parent_categories": ["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path": "/download/trouble/parent/module/url/path","port": 80,"provider": "Test Parent-Module-URL-Provider","query": "q=bad&sort=date","referrer": "Test Parent-Module-URL-Referrer","referrer_categories": ["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids": [12345678901,67890123451],"rep_score_id": 0,"scheme": "Test Parent-Module-URL-Scheme","text": "www.parent-module-url-text.com/download/trouble"},"version": "Test Parent-Module-Version","xattributes": {"ads_name": "Test Parent-Module-XAttributes-ADS_Name","ads_size": "Test Parent-Module-XAttributes-ADS_Size","dacl": "Test Parent-Module-XAttributes-DACL","owner": "Test Parent-Module-XAttributes-Owner","primary_group": "Test Parent-Module-XAttributes-Primary_Group","link_name": "Test Parent-Module-XAttributes-Link_Name","hard_link_count": "Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line": "Test Parent-Normalized_CMD_Line","pid": 12345678901,"sandbox_name": "Test Parent-Sandbox_Name","session": {"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote": true,"remote_host": "Test Parent-Session-Remote_Host","remote_ip": "10.0.0.33","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-Session-User-Cloud_Resource_UID","domain": "Test Parent-Session-User-Domain","external_account_uid": "Test Parent-Session-User-External_Account_UID","external_uid": "Test Parent-Session-User-External_UID","full_name": "Test Parent-Session-User-Full_Name","groups": ["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home": "Test Parent-Session-User-Home","is_admin": true,"logon_name": "Test Parent-Session-User-Logon_Name","name": "Test Parent-Session-User-Name","password_expires": true,"shell": "Test Parent-Session-User-Shell","sid": "Test Parent-Session-User-SID","uid": "Test Parent-Session-User-UID"}},"session_id": 12345678901,"start_time": 1613021404000,"tid": 12345678901,"uid": "Test Parent-UID","user": {"account_disabled": true,"cloud_resource_uid": "Test Parent-User-Cloud_Resource_UID","domain": "Test Parent-User-Domain","external_account_uid": "Test Parent-User-External_Account_UID","external_uid": "Test Parent-User-External_UID","full_name": "Test Parent-User-Full_Name","groups": ["Test Parent-User-Group","Test Parent-User-Groups"],"home": "Test Parent-User-Home","is_admin": true,"logon_name": "Test Parent-User-Logon_Name","name": "Test Parent-User-Name","password_expires": true,"shell": "Test Parent-User-Shell","sid": "Test Parent-User-SID","uid": "Test Parent-User-UID"},"xattributes": {"ads_name": "Test Parent-XAttributes-ADS_Name","ads_size": "Test Parent-XAttributes-ADS_Size","dacl": "Test Parent-XAttributes-DACL","owner": "Test Parent-XAttributes-Owner","primary_group": "Test Parent-XAttributes-Primary_Group","link_name": "Test Parent-XAttributes-Link_Name","hard_link_count": "Test Parent-XAttributes-Hard_Link_Count","Unix_permissions": "Test Parent-XAttributes-Unix_Permissions"}},"policy": {"desc": "Test Policy-Desc","effective_date": 1613021404000,"group_desc": "Test Policy-Group_Desc","group_name": "Test Policy-Group_Name","group_uid": "Test Policy-Group_UID","label": "Test Policy-Label","name": "Test Policy-Name","rule_category_id": 0,"rule_desc": "Test Policy-Rule_Desc","rule_group_desc": "Test Policy-Rule_Group_Desc","rule_group_name": "Test Policy-Rule_Group_Name","rule_group_uid": "Test Policy-Rule_Group_UID","rule_name": "Test Policy-Rule_Name","rule_uid": "Test Policy-Rule_UID","rules": [{"category_id": 0,"desc": "Test Policy-Rules-Desc 1","dlp_type_id": 1,"name": "Test Policy-Rules-Name 1","num_violations": 12345678901,"uid": "Test Policy-Rules-UID 1"},{"category_id": 1,"desc": "Test Policy-Rules-Desc 2","dlp_type_id": 2,"name": "Test Policy-Rules-Name 2","num_violations": 12345678902,"uid": "Test Policy-Rules-UID 2"}],"state_ids": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id": 0,"uid": "Test Policy-UID","version": "Test Policy-Version"},"product_data": {"sep_domain_uid": "Test Product_Data-Sep_Domain_UID","sep_hw_uid": "Test Product_Data-Sep_HW_UID"},"product_lang": "en","product_name": "Symantec Endpoint Security","product_uid": "Test Product_UID","product_ver": "2014.1.4.25-beta","proxy_device_ip": "10.0.0.25","proxy_device_name": "Test Proxy_Device_Name","raw_data": {"assetID": "vc9DagprQYyLZ23SEY1APw","assetOpstateDTO": {"productUuid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9","features": [{"uuid": "1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus": "SECURE","opstate": {"EDRContentSequence": "20231128005","EDREngineVersion": "4.11.0.10","EDRFramworkVersion": "4.10.0.59","FDRStatus": true,"LowDiskSpace": false,"MaxDBSizeHonored": true,"applied_policy": {"effective_date": 1709219437080,"sha2": "ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid": "7dc29d40-f303-477a-9012-287ef252a391","version": "16"},"disk_usage_mb": 1546,"fdr_first_event_date": "20240227","fdr_state": 1},"state": "ENABLED","statusReason": ["-107","0"],"prevention_state": "1"}],"products_active": 0,"blades": 0}},"ref_log_name": "Test Ref_Log_Name","ref_log_time": "2024-02-29T01:00:00.000Z","ref_orig_uid": "Test Ref_Orig_UID","ref_uid": "Test Ref_UID","remediated": true,"remediation": "Test Remediation","remediation_ref": "Test Remediation_Ref","remediation_uid": 0,"resource": "Test Resource","risk_ref_value": 12345678901,"scan_uid": "Test Scan_UID","seq_num": 12345678901,"sessions": [{"auth_protocol_id": 0,"cleartext_credentials": true,"direction_id": 0,"id": 12345678901,"is_admin": true,"logon_type_id": 1,"port": 80,"previous_users": ["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote": true,"remote_host": "Test Sessions-Remote_Host 1","remote_ip": "10.0.0.26","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 1","domain": "Test Sessions-User-Domain 1","external_account_uid": "Test Sessions-User-External_Account_UID 1","external_uid": "Test Sessions-User-External_UID 1","full_name": "Test Sessions-User-Full_Name 1","groups": ["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home": "Test Sessions-User-Home 1","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 1","name": "Test session-User-Name 1","password_expires": true,"shell": "Test Sessions-User-Shell 1","sid": "Test Sessions-User-SID 1","uid": "Test Sessions-User-UID 1"}},{"auth_protocol_id": 1,"cleartext_credentials": true,"direction_id": 1,"id": 67890123451,"is_admin": true,"logon_type_id": 2,"port": 81,"previous_users": ["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote": true,"remote_host": "Test Sessions-Remote_Host 2","remote_ip": "10.0.0.27","user": {"account_disabled": true,"cloud_resource_uid": "Test Sessions-User-Cloud_Resource_UID 2","domain": "Test Sessions-User-Domain 2","external_account_uid": "Test Sessions-User-External_Account_UID 2","external_uid": "Test Sessions-User-External_UID 2","full_name": "Test Sessions-User-Full_Name 2","groups": ["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home": "Test Sessions-User-Home 2","is_admin": true,"logon_name": "Test Sessions-User-Logon_Name 2","name": "Test session-User-Name 2","password_expires": true,"shell": "Test Sessions-User-Shell 2","sid": "Test Sessions-User-SID 2","uid": "Test Sessions-User-UID 2"}}],"severity_id": 0,"source": {"facility": "Test Source-Facility","facility_detail": "Test Source-Facility_Detail","facility_uid": "Test Source-Facility_UID","type_id": 1},"status_detail": "Test Status_Detail","status_id": 0,"status_os": "Test Status_OS","status_os_src": 12345678901,"status_stack_trace": "Test Status_Stack_Trace","status_thread_name": "Test Status_Thread_Name","stic_has_pii": true,"stic_hw_uid": "Test STIC_HW_UID","stic_ip_hash": "Test STIC_IP_Hash","stic_legacy_ent_uids": ["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids": ["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids": ["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id": "Test STIC_Schema_ID","stic_uid": "Test STIC_UID","stic_version": "Test STIC_Version","subfeature_name": "Test Subfeature_Name","time": "2024-02-29T02:00:00Z","timezone": 12345678901,"type": "Test Type","type_id": 8018,"user": {"account_disabled": true,"cloud_resource_uid": "Test User-Cloud_Resource_UID","domain": "Test User-Domain","external_account_uid": "Test User-External_Account_UID","external_uid": "Test User-External_UID","full_name": "Test User-Full_Name","groups": ["Test User-Group 1","Test User-Groups 1"],"home": "Test User-Home","is_admin": true,"logon_name": "Test User-Logon_Name","name": "Test User-Name","password_expires": true,"shell": "Test User-Shell","sid": "Test User-SID","uid": "Test User-UID"},"user_name": "Test User_Name","user_uid": "Test User_UID","uuid": "Test UUID","version": "1.4"}
+{"actor":{"app_name":"Test Actor-App_Name","app_uid":"Test Actor-App_UID","app_ver":"Test Actor-App_Ver","cmd_line":"Test Actor-CMD_Line","file":{"accessed":1613021404000,"accessor":"Test Actor-File-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Actor-File-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Actor-File-Creator","creator_process":"Test Actor-File-Creator_Process","desc":"Test Actor-File-Desc","folder":"c:\\windows\\system32\\actor\\file\\folder","folder_uid":"Test Actor-File-Folder_UID","is_system":true,"md5":"Test Actor-File-MD5","mime_type":"Test Actor-File-MIME_Type","modified":1613021404000,"modifier":"Test Actor-File-Modifier","name":"actor_file_name.exe","normalized_path":"CSIDL_SYSTEM\\actor_file_normalized_path.exe","original_name":"Test Actor-File-Original_Name","owner":"Test Actor-File-Owner","parent_name":"Test Actor-File-Parent_Name","parent_sha2":"Test Actor-File-Parent_SHA2","path":"c:\\windows\\system32\\actor_file_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Actor-File-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Actor-File-Security_Descriptor","sha1":"Test Actor-File-SHA1","sha2":"Test Actor-File-SHA2","signature_company_name":"Test Actor-File-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Actor-File-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Actor-File-Signature_Fingerprints-Algorithm","value":"Test Actor-File-Signature_Fingerprints-Value"},{"algorithm":"Test Actor-File-Signature_Fingerprints-Algorithms","value":"Test Actor-File-Signature_Fingerprints-Values"}],"signature_issuer":"Test Actor-File-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Actor-File-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.28","src_name":"Test Actor-File-SRC_Name","type_id":1,"uid":"Test Actor-File-UID","url":{"categories":["Test Actor-File-URL-Category","Test Actor-File-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Actor-File-URL-Extension","host":"www.actor-file-url-host.com","method":"Test Actor-File-URL-Method","parent_categories":["Test Actor-File-URL-Parent_Category","Test Actor-File-URL-Parent_Categories"],"path":"/download/trouble/actor/file/url/path","port":80,"provider":"Test Actor-File-URL-Provider","query":"q=bad&sort=date","referrer":"Test Actor-File-URL-Referrer","referrer_categories":["Test Actor-File-URL-Referrer_Category","Test Actor-File-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Actor-File-URL-Scheme","text":"www.actor-file-url-text.com/download/trouble"},"version":"Test Actor-File-Version","xattributes":{"ads_name":"Test Actor-File-XAttributes-ADS_Name","ads_size":"Test Actor-File-XAttributes-ADS_Size","dacl":"Test Actor-File-XAttributes-DACL","owner":"Test Actor-File-XAttributes-Owner","primary_group":"Test Actor-File-XAttributes-Primary_Group","link_name":"Test Actor-File-XAttributes-Link_Name","hard_link_count":"Test Actor-File-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-File-XAttributes-Unix_Permissions"}},"integrity_id":0,"lineage":["Test Actor-Lineage 1","Test Actor-Lineages 1"],"loaded_modules":["Test Actor-Loaded_Module 1","Test Actor-Loaded_Modules 1"],"module":{"accessed":1613021404000,"accessor":"Test Actor-Module-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"base_address":"Test Actor-Module-Base_Address","company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Actor-Module-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Actor-Module-Creator","creator_process":"Test Actor-Module-Creator_Process","desc":"Test Actor-Module-Desc","folder":"c:\\windows\\system32\\actor\\module\\folder","folder_uid":"Test Actor-Module-Folder_UID","is_system":true,"load_type":"Test Actor-Module-Load_Type","load_type_id":0,"md5":"Test Actor-Module-MD5","mime_type":"Test Actor-Module-MIME_Type","modified":1613021404000,"modifier":"Test Actor-Module-Modifier","name":"actor_module_name.exe","normalized_path":"CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name":"Test Actor-Module-Original_Name","owner":"Test Actor-Module-Owner","parent_name":"Test Actor-Module-Parent_Name","parent_sha2":"Test Actor-Module-Parent_SHA2","path":"c:\\windows\\system32\\actor_module_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Actor-Module-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Actor-Module-Security_Descriptor","sha1":"Test Actor-Module-SHA1","sha2":"Test Actor-Module-SHA2","signature_company_name":"Test Actor-Module-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Actor-Module-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithm","value":"Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithms","value":"Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer":"Test Actor-Module-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Actor-Module-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.29","src_name":"Test Actor-Module-SRC_Name","type_id":1,"uid":"Test Actor-Module-UID","url":{"categories":["Test Actor-Module-URL-Category","Test Actor-Module-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Actor-Module-URL-Extension","host":"www.actor-module-url-host.com","method":"Test Actor-Module-URL-Method","parent_categories":["Test Actor-Module-URL-Parent_Category","Test Actor-Module-URL-Parent_Categories"],"path":"/download/trouble/actor/module/url/path","port":80,"provider":"Test Actor-Module-URL-Provider","query":"q=bad&sort=date","referrer":"Test Actor-Module-URL-Referrer","referrer_categories":["Test Actor-Module-URL-Referrer_Category","Test Actor-Module-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Actor-Module-URL-Scheme","text":"www.actor-module-url-text.com/download/trouble"},"version":"Test Actor-Module-Version","xattributes":{"ads_name":"Test Actor-Module-XAttributes-ADS_Name","ads_size":"Test Actor-Module-XAttributes-ADS_Size","dacl":"Test Actor-Module-XAttributes-DACL","owner":"Test Actor-Module-XAttributes-Owner","primary_group":"Test Actor-Module-XAttributes-Primary_Group","link_name":"Test Actor-Module-XAttributes-Link_Name","hard_link_count":"Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line":"Test Actor-Normalized_CMD_Line","pid":12345678901,"sandbox_name":"Test Actor-Sandbox_Name","session":{"auth_protocol_id":0,"cleartext_credentials":true,"direction_id":0,"id":12345678901,"is_admin":true,"logon_type_id":1,"port":80,"previous_users":["Test Actor-Session-Previous_User","Test Actor-Session-Previous_Users"],"remote":true,"remote_host":"Test Actor-Session-Remote_Host","remote_ip":"10.0.0.30","user":{"account_disabled":true,"cloud_resource_uid":"Test Actor-Session-User-Cloud_Resource_UID","domain":"Test Actor-Session-User-Domain","external_account_uid":"Test Actor-Session-User-External_Account_UID","external_uid":"Test Actor-Session-User-External_UID","full_name":"Test Actor-Session-User-Full_Name","groups":["Test Actor-Session-User-Group","Test Actor-Session-User-Groups"],"home":"Test Actor-Session-User-Home","is_admin":true,"logon_name":"Test Actor-Session-User-Logon_Name","name":"Test Actor-Session-User-Name","password_expires":true,"shell":"Test Actor-Session-User-Shell","sid":"Test Actor-Session-User-SID","uid":"Test Actor-Session-User-UID"}},"session_id":12345678901,"start_time":1613021404000,"tid":12345678901,"uid":"Test Actor-UID","user":{"account_disabled":true,"cloud_resource_uid":"Test Actor-User-Cloud_Resource_UID","domain":"Test Actor-User-Domain","external_account_uid":"Test Actor-User-External_Account_UID","external_uid":"Test Actor-User-External_UID","full_name":"Test Actor-User-Full_Name","groups":["Test Actor-User-Group","Test Actor-User-Groups"],"home":"Test Actor-User-Home","is_admin":true,"logon_name":"Test Actor-User-Logon_Name","name":"Test Actor-User-Name","password_expires":true,"shell":"Test Actor-User-Shell","sid":"Test Actor-User-SID","uid":"Test Actor-User-UID"},"xattributes":{"ads_name":"Test Actor-XAttributes-ADS_Name","ads_size":"Test Actor-XAttributes-ADS_Size","dacl":"Test Actor-XAttributes-DACL","owner":"Test Actor-XAttributes-Owner","primary_group":"Test Actor-XAttributes-Primary_Group","link_name":"Test Actor-XAttributes-Link_Name","hard_link_count":"Test Actor-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-XAttributes-Unix_Permissions"}},"analysis":"Test Analysis","attacks":[{"sub_technique_name":"Test Attacks-Sub_Technique_Name 1","sub_technique_uid":"Test Attacks-Sub_Technique_UID 1","tactic_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20],"tactic_uids":["Test Attacks-Tactic_UID 1","Test Attacks-Tactic_UIDs 1"],"technique_name":"Test Attacks-Technique_Name 1","technique_uid":"Test Attacks-Technique_UID 1"},{"sub_technique_name":"Test Attacks-Sub_Technique_Name 2","sub_technique_uid":"Test Attacks-Sub_Technique_UID 2","tactic_ids":[21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"tactic_uids":["Test Attacks-Tactic_UID 2","Test Attacks-Tactic_UIDs 2"],"technique_name":"Test Attacks-Technique_Name 2","technique_uid":"Test Attacks-Technique_UID 2"}],"category_id":5,"collector_device_ip":"10.0.0.1","collector_device_name":"Test Collector_Device_Name","collector_name":"Test Collector_Name","collector_uid":"Test Collector_UID","composite":1,"container":{"host_name":"Test Container-Host_Name","image_name":"Test Container-Image_Name","image_uid":"Test Container-Image_UID","name":"Test Container-Name","networks":[{"bssid":"Test Container-Networks-BSSID 1","gateway_ip":"10.0.0.2","gateway_mac":"00:B0:D0:63:C2:01","ipv4":"10.0.0.3","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:02","rep_score_id":0,"ssid":"Test Container-Networks-SSID 1","type_id":0},{"bssid":"Test Container-Networks-BSSID 2","gateway_ip":"10.0.0.4","gateway_mac":"00:B0:D0:63:C2:03","ipv4":"10.0.0.5","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:04","rep_score_id":1,"ssid":"Test Container-Networks-SSID 2","type_id":1}],"os_name":"Test Container-OS_Name","uid":"Test Container-UID"},"correlation_uid":"Test Correltion_UID","count":12345678901,"customer_registry_uid":"Test Customer_Registry-UID","customer_uid":"Test Customer_UID","cybox":{"domains":["Test Cybox-Domain 1","Test Cybox-Domains 1"],"emails":[{"direction_id":0,"header_from":"Test Cybox-Emails-Header_From 1","header_message_id":"Test Cybox-Emails-Header_Message_ID 1","header_reply_to":"Test Cybox-Emails-Header_Reply_To 1","header_subject":"Test Cybox-Emails-Header_Subject 1","header_to":["Test Cybox-Emails-Header_To 1","Test Cybox-Emails-Header_Tos 1"],"sender_ip":"10.0.0.6","size":12345678901,"smtp_from":"Test Cybox-Emails-SMTP_From 1","smtp_hello":"Test Cybox-Emails-SMTP_Hello 1","smtp_to":"Test Cybox-Emails-SMTP_To 1"},{"direction_id":1,"header_from":"Test Cybox-Emails-Header_From 2","header_message_id":"Test Cybox-Emails-Header_Message_ID 2","header_reply_to":"Test Cybox-Emails-Header_Reply_To 2","header_subject":"Test Cybox-Emails-Header_Subject 2","header_to":["Test Cybox-Emails-Header_To 2","Test Cybox-Emails-Header_Tos 2"],"sender_ip":"10.0.0.7","size":12345678902,"smtp_from":"Test Cybox-Emails-SMTP_From 2","smtp_hello":"Test Cybox-Emails-SMTP_Hello 2","smtp_to":"Test Cybox-Emails-SMTP_To 2"}],"files":[{"accessed":1613021404000,"accessor":"Test Cybox-Files-Accessor 1","attribute_ids":[1,2,3,4,5,6,7,8,9,10],"attributes":12345678901,"company_name":"Microsoft Corporation 1","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Cybox-Files-Content_Type-SubType 1","type_id":0},"created":1613021404000,"creator":"Test Cybox-Files-Creator 1","creator_process":"Test Cybox-Files-Creator_Process 1","desc":"Test Cybox-Files-Desc 1","folder":"c:\\windows\\system32\\cybox\\files\\folder\\1","folder_uid":"Test Cybox-Files-Folder_UID 1","is_system":true,"md5":"Test Cybox-Files-MD5 1","mime_type":"Test Cybox-Files-MIME_Type 1","modified":1613021404000,"modifier":"Test Cybox-Files-Modifier 1","name":"cybox_files_name_1.exe","normalized_path":"CSIDL_SYSTEM\\cybox_files_normalized_path_1.exe","original_name":"Test Cybox-Files-Original_Name 1","owner":"Test Cybox-Files-Owner 1","parent_name":"Test Cybox-Files-Parent_Name 1","parent_sha2":"Test Cybox-Files-Parent_SHA2 1","path":"c:\\windows\\system32\\cybox_files_path_1.exe","product_name":"Windows Internet Explorer 1","product_path":"Test Cybox-Files-Product_Path 1","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Cybox-Files-Security_Descriptor 1","sha1":"Test Cybox-Files-SHA1 1","sha2":"Test Cybox-Files-SHA2 1","signature_company_name":"Test Cybox-Files-Signature_Company_Name 1","signature_created_date":1613021404000,"signature_developer_uid":"Test Cybox-Files-Signature_Developer_UID 1","signature_fingerprints":[{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithm 1","value":"Test Cybox-Files-Signature_Fingerprints-Value 1"},{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithms 1","value":"Test Cybox-Files-Signature_Fingerprints-Values 1"}],"signature_issuer":"Test Cybox-Files-Signature_Issuer 1","signature_level_id":0,"signature_serial_number":"Test Cybox-Files-Signature_Serial_Number 1","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.8","src_name":"Test Cybox-Files-SRC_Name 1","type_id":1,"uid":"Test Cybox-Files-UID 1","url":{"categories":["Test Cybox-Files-URL-Category 1","Test Cybox-Files-URL-Categories 1"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension":"Test Cybox-Files-URL-Extension 1","host":"www.files-url-host-1.com","method":"Test Cybox-Files-URL-Method 1","parent_categories":["Test Cybox-Files-URL-Parent_Category 1","Test Cybox-Files-URL-Parent_Categories 1"],"path":"/download/trouble/cybox/files/url/path/1","port":80,"provider":"Test Cybox-Files-URL-Provider 1","query":"q=bad&sort=date_1","referrer":"Test Cybox-Files-URL-Referrer 1","referrer_categories":["Test Cybox-Files-URL-Referrer_Category 1","Test Cybox-Files-URL-Referrer_Categories 1"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Cybox-Files-URL-Scheme 1","text":"www.files-url-text-1.com/download/trouble"},"version":"Test Cybox-Files-Version 1","xattributes":{"ads_name":"Test Cybox-Files-XAttributes-ADS_Name 1","ads_size":"Test Cybox-Files-XAttributes-ADS_Size 1","dacl":"Test Cybox-Files-XAttributes-DACL 1","owner":"Test Cybox-Files-XAttributes-Owner 1","primary_group":"Test Cybox-Files-XAttributes-Primary_Group 1","link_name":"Test Cybox-Files-XAttributes-Link_Name 1","hard_link_count":"Test Cybox-Files-XAttributes-Hard_Link_Count 1","Unix_permissions":"Test Cybox-Files-XAttributes-Unix_Permissions 1"}},{"accessed":1613021404000,"accessor":"Test Cybox-Files-Accessor 2","attribute_ids":[11,12,13,14,15,16,17],"attributes":12345678902,"company_name":"Microsoft Corporation 2","confidentiality_id":1,"content_type":{"family_id":1,"subtype":"Test Cybox-Files-Content_Type-SubType 2","type_id":1},"created":1613021404000,"creator":"Test Cybox-Files-Creator 2","creator_process":"Test Cybox-Files-Creator_Process 2","desc":"Test Cybox-Files-Desc 2","folder":"c:\\windows\\system32\\cybox\\files\\folder\\2","folder_uid":"Test Cybox-Files-Folder_UID 2","is_system":true,"md5":"Test Cybox-Files-MD5 2","mime_type":"Test Cybox-Files-MIME_Type 2","modified":1613021404000,"modifier":"Test Cybox-Files-Modifier 2","name":"cybox_files_name_2.exe","normalized_path":"CSIDL_SYSTEM\\cybox_files_normalized_path_2.exe","original_name":"Test Cybox-Files-Original_Name 2","owner":"Test Cybox-Files-Owner 2","parent_name":"Test Cybox-Files-Parent_Name 2","parent_sha2":"Test Cybox-Files-Parent_SHA2 2","path":"c:\\windows\\system32\\cybox_files_path_2.exe","product_name":"Windows Internet Explorer 2","product_path":"Test Cybox-Files-Product_Path 2","rep_discovered_band":1,"rep_discovered_date":1613021404000,"rep_prevalence":12345678902,"rep_prevalence_band":1,"rep_score":12345678902,"rep_score_band":1,"security_descriptor":"Test Cybox-Files-Security_Descriptor 2","sha1":"Test Cybox-Files-SHA1 2","sha2":"Test Cybox-Files-SHA2 2","signature_company_name":"Test Cybox-Files-Signature_Company_Name 2","signature_created_date":1613021404000,"signature_developer_uid":"Test Cybox-Files-Signature_Developer_UID 2","signature_fingerprints":[{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithm 2","value":"Test Cybox-Files-Signature_Fingerprints-Value 2"},{"algorithm":"Test Cybox-Files-Signature_Fingerprints-Algorithms 2","value":"Test Cybox-Files-Signature_Fingerprints-Values 2"}],"signature_issuer":"Test Cybox-Files-Signature_Issuer 2","signature_level_id":1,"signature_serial_number":"Test Cybox-Files-Signature_Serial_Number 2","signature_value":12345678902,"signature_value_ids":[11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678902,"size_compressed":12345678902,"src_ip":"10.0.0.9","src_name":"Test Cybox-Files-SRC_Name 2","type_id":1,"uid":"Test Cybox-Files-UID 2","url":{"categories":["Test Cybox-Files-URL-Category 2","Test Cybox-Files-URL-Categories 2"],"category_ids":[101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Cybox-Files-URL-Extension 2","host":"www.files-url-host-2.com","method":"Test Cybox-Files-URL-Method 2","parent_categories":["Test Cybox-Files-URL-Parent_Category 2","Test Cybox-Files-URL-Parent_Categories 2"],"path":"/download/trouble/cybox/files/url/path/2","port":81,"provider":"Test Cybox-Files-URL-Provider 2","query":"q=bad&sort=date_2","referrer":"Test Cybox-Files-URL-Referrer 2","referrer_categories":["Test Cybox-Files-URL-Referrer_Category 2","Test Cybox-Files-URL-Referrer_Categories 2"],"referrer_category_ids":[12345678902,67890123452],"rep_score_id":1,"scheme":"Test Cybox-Files-URL-Scheme 2","text":"www.files-url-text-2.com/download/trouble"},"version":"Test Cybox-Files-Version 2","xattributes":{"ads_name":"Test Cybox-Files-XAttributes-ADS_Name 2","ads_size":"Test Cybox-Files-XAttributes-ADS_Size 2","dacl":"Test Cybox-Files-XAttributes-DACL 2","owner":"Test Cybox-Files-XAttributes-Owner 2","primary_group":"Test Cybox-Files-XAttributes-Primary_Group 2","link_name":"Test Cybox-Files-XAttributes-Link_Name 2","hard_link_count":"Test Cybox-Files-XAttributes-Hard_Link_Count 2","Unix_permissions":"Test Cybox-Files-XAttributes-Unix_Permissions 2"}}],"hostnames":["Test Cybox-Hostname 1","Test Cybox-Hostnames 1"],"icap_reqmod":[{"metadata":{"field1_keyword":"Test Cybox-ICAP_ReqMod-field1_Keyword","field1_number":12345678901,"field1_boolean":true,"field1_ip":"10.0.0.10"},"service":"Test Cybox-ICAP_ReqMod-Service 1","status":"Test Cybox-ICAP_ReqMod-Status 1","status_detail":"Test Cybox-ICAP_ReqMod-Status_Detail 1"},{"metadata":{"field2_keyword":"Test Cybox-ICAP_ReqMod-field2_Keyword","field2_number":12345678902,"field2_boolean":true,"field2_ip":"10.0.0.11"},"service":"Test Cybox-ICAP_ReqMod-Service 2","status":"Test Cybox-ICAP_ReqMod-Status 2","status_detail":"Test Cybox-ICAP_ReqMod-Status_Detail 2"}],"icap_respmod":[{"metadata":{"field1_keyword":"Test Cybox-ICAP_RespMod-field1_Keyword","field1_number":12345678901,"field1_boolean":true,"field1_ip":"10.0.0.12"},"service":"Test Cybox-ICAP_RespMod-Service 1","status":"Test Cybox-ICAP_RespMod-Status 1","status_detail":"Test Cybox-ICAP_RespMod-Status_Detail 1"},{"metadata":{"field2_keyword":"Test Cybox-ICAP_RespMod-field2_Keyword","field2_number":12345678902,"field2_boolean":true,"field2_ip":"10.0.0.13"},"service":"Test Cybox-ICAP_RespMod-Service 2","status":"Test Cybox-ICAP_RespMod-Status 2","status_detail":"Test Cybox-ICAP_RespMod-Status_Detail 2"}],"ipv4s":["10.0.0.14","10.0.0.15"],"ipv6s":["2a02:cf40::","2a02:cf40::"],"macs":["00:B0:D0:63:C2:05","00:B0:D0:63:C2:06"],"urls":[{"categories":["Test Cybox-URLs-Category 1","Test Cybox-URLs-Categories 1"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98],"extension":"Test Cybox-URLs-Extension 1","host":"www.urls-host-1.com","method":"Test Cybox-URLs-Method 1","parent_categories":["Test Cybox-URLs-Parent_Category 1","Test Cybox-URLs-Parent_Categories 1"],"path":"/download/trouble/cybox/urls/path/1","port":80,"provider":"Test Cybox-URLs-Provider 1","query":"q=bad&sort=date_1","referrer":"Test Cybox-URLs-Referrer 1","referrer_categories":["Test Cybox-URLs-Referrer_Category 1","Test Cybox-URLs-Referrer_Categories 1"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Cybox-URLs-Scheme 1","text":"www.urls-text-1.com/download/trouble"},{"categories":["Test Cybox-URLs-Category 2","Test Cybox-URLs-Categories 2"],"category_ids":[101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Cybox-URLs-Extension 2","host":"www.urls-host-2.com","method":"Test Cybox-URLs-Method 2","parent_categories":["Test Cybox-URLs-Parent_Category 2","Test Cybox-URLs-Parent_Categories 2"],"path":"/download/trouble/cybox/urls/path/2","port":81,"provider":"Test Cybox-URLs-Provider 2","query":"q=bad&sort=date_2","referrer":"Test Cybox-URLs-Referrer 2","referrer_categories":["Test Cybox-URLs-Referrer_Category 2","Test Cybox-URLs-Referrer_Categories 2"],"referrer_category_ids":[12345678902,67890123452],"rep_score_id":1,"scheme":"Test Cybox-URLs-Scheme 2","text":"www.urls-text-2.com/download/trouble"}]},"device_alias_name":"Test Device_Alias_Name","device_cap":"Test Device_Cap","device_cloud_vm":{"autoscale_uid":"Test Device_Cloud_VM-Autoscale_UID","dc_region":"Test Device_Cloud_VM-DC_Region","instance_uid":"Test Device_Cloud_VM-Instance_UID","subnet_uid":"Test Device_Cloud_VM-Subnet_UID","vpc_uid":"Test Device_Cloud_VM-VPC_UID"},"device_desc":"Test Device_Desc","device_domain":"device.domain.internal.somecompany.com","device_domain_uid":"Test Device_Domain_UID","device_end_time":1613021404000,"device_gateway":"10.0.0.16","device_group":"Test Device_Group","device_group_name":"Test Device_Group_Name","device_hw_bios_date":"03/31/16","device_hw_bios_manufacturer":"LENOVO","device_hw_bios_ver":"LENOVO G5ETA2WW (2.62)","device_hw_cpu_type":"x86 Family 6 Model 37 Stepping 5","device_imei":"Test Device_IMEI","device_ip":"10.0.0.17","device_is_compliant":true,"device_is_personal":true,"device_is_trusted":true,"device_is_unmanaged":true,"device_location":{"city":"Test Device_Location-City","continent":"Test Device_Location-Continent","coordinates":[-12.345,56.789],"country":"US","desc":"Test Device_Location-Desc","isp":"Test Device_Location-ISP","on_premises":true,"region":"US-CA"},"device_mac":"00:B0:D0:63:C2:07","device_name":"device.name.computer.domain","device_name_md5":"4ED962DDBF17E2BBA7B14EBC00F3162E","device_networks":[{"bssid":"Test Device_Networks-BSSID 1","gateway_ip":"10.0.0.18","gateway_mac":"00:B0:D0:63:C2:08","ipv4":"10.0.0.19","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:09","rep_score_id":0,"ssid":"Test Device_Networks-SSID 1","type_id":0},{"bssid":"Test Device_Networks-BSSID 2","gateway_ip":"10.0.0.20","gateway_mac":"00:B0:D0:63:C2:10","ipv4":"10.0.0.21","ipv6":"2a02:cf40::","is_public":true,"mac":"00:B0:D0:63:C2:11","rep_score_id":1,"ssid":"Test Device_Networks-SSID 2","type_id":1}],"device_org_unit":"Test Device_Org_Unit","device_os_bits":12345678901,"device_os_build":"Test Device_OS_Build","device_os_country":"IN","device_os_edition":"Professional","device_os_lang":"en","device_os_name":"Windows Server 2019 Standard Edition","device_os_sp_name":"Test Device_OS_SP_Name","device_os_sp_ver":"Test Device_OS_SP_Ver","device_os_type_id":0,"device_os_ver":"Windows 10","device_proxy_ip":"10.0.0.22","device_proxy_name":"Test Device_Proxy_Name","device_public_ip":"10.0.0.23","device_ref_uid":"Test Device_Ref_UID","device_site":"Test Device_Site","device_subnet":"81.2.69.142","device_time":1613021404000,"device_type":"server","device_uid":"Test Device_UID","device_vhost":"Test Device_VHost","device_vhost_id":0,"domain_uid":"Test Domain_UID","end_time":"2024-02-29T01:00:00.000Z","event_id":8002000,"events":[{"connection":{"direction_id":1,"dst_service":"C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip":"159.19.163.218"},"count":1,"device_end_time":1709225074618,"device_time":1709225074618},{"connection":{"direction_id":1,"dst_service":"C:\\Windows\\system32\\NTOSKRNL.EXE","src_ip":"159.19.163.177"},"count":15,"device_end_time":1709224900876,"device_time":1709223792864}],"feature_name":"Test Feature_Name","feature_path":"Test Feature_Path","feature_type":"Test Feature_Type","feature_uid":"Test Feature_UID","feature_ver":"2014.1.4.25","id":12345678901,"impersonator_customer_uid":"Test Impersonator_Customer_UID","impersonator_domain_uid":"Test Impersonator_Domain_UID","impersonator_user_uid":"Test Impersonator_User_UID","is_user_present":true,"lineage":["Test Lineage","Test Lineages"],"log_level":"Test Log Level","log_name":"Test Log_Name","log_time":"2024-02-29T01:00:00.000Z","logging_device_ip":"10.0.0.24","logging_device_name":"Test Logging_Device_Name","logging_device_post_time":1613021404000,"logging_device_ref_uid":"Test Logging_Device_Ref_UID","message":"Test Message","message_code":"Test Message_Code","message_id":0,"module":{"accessed":1613021404000,"accessor":"Test Actor-Module-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"base_address":"Test Actor-Module-Base_Address","company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Actor-Module-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Actor-Module-Creator","creator_process":"Test Actor-Module-Creator_Process","desc":"Test Actor-Module-Desc","folder":"c:\\windows\\system32\\actor\\module\\folder","folder_uid":"Test Actor-Module-Folder_UID","is_system":true,"load_type":"Test Actor-Module-Load_Type","load_type_id":0,"md5":"Test Actor-Module-MD5","mime_type":"Test Actor-Module-MIME_Type","modified":1613021404000,"modifier":"Test Actor-Module-Modifier","name":"actor_module_name.exe","normalized_path":"CSIDL_SYSTEM\\actor_module_normalized_path.exe","original_name":"Test Actor-Module-Original_Name","owner":"Test Actor-Module-Owner","parent_name":"Test Actor-Module-Parent_Name","parent_sha2":"Test Actor-Module-Parent_SHA2","path":"c:\\windows\\system32\\actor_module_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Actor-Module-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Actor-Module-Security_Descriptor","sha1":"Test Actor-Module-SHA1","sha2":"Test Actor-Module-SHA2","signature_company_name":"Test Actor-Module-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Actor-Module-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithm","value":"Test Actor-Module-Signature_Fingerprints-Value"},{"algorithm":"Test Actor-Module-Signature_Fingerprints-Algorithms","value":"Test Actor-Module-Signature_Fingerprints-Values"}],"signature_issuer":"Test Actor-Module-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Actor-Module-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.29","src_name":"Test Actor-Module-SRC_Name","type_id":1,"uid":"Test Actor-Module-UID","url":"www.actor-module-url-text.com/download/trouble","version":"Test Actor-Module-Version","xattributes":{"ads_name":"Test Actor-Module-XAttributes-ADS_Name","ads_size":"Test Actor-Module-XAttributes-ADS_Size","dacl":"Test Actor-Module-XAttributes-DACL","owner":"Test Actor-Module-XAttributes-Owner","primary_group":"Test Actor-Module-XAttributes-Primary_Group","link_name":"Test Actor-Module-XAttributes-Link_Name","hard_link_count":"Test Actor-Module-XAttributes-Hard_Link_Count","Unix_permissions":"Test Actor-Module-XAttributes-Unix_Permissions"}},"org_unit_uid":"Test Org_Unit_UID","orig_data":"Test Orig_Data","parent":{"app_name":"Test Parent-App_Name","app_uid":"Test Parent-App_UID","app_ver":"Test Parent-App_Ver","cmd_line":"Test Parent-CMD_Line","file":{"accessed":1613021404000,"accessor":"Test Parent-File-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Parent-File-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Parent-File-Creator","creator_process":"Test Parent-File-Creator_Process","desc":"Test Parent-File-Desc","folder":"c:\\windows\\system32\\parent\\file\\folder","folder_uid":"Test Parent-File-Folder_UID","is_system":true,"md5":"Test Parent-File-MD5","mime_type":"Test Parent-File-MIME_Type","modified":1613021404000,"modifier":"Test Parent-File-Modifier","name":"parent_file_name.exe","normalized_path":"CSIDL_SYSTEM\\parent_file_normalized_path.exe","original_name":"Test Parent-File-Original_Name","owner":"Test Parent-File-Owner","parent_name":"Test Parent-File-Parent_Name","parent_sha2":"Test Parent-File-Parent_SHA2","path":"c:\\windows\\system32\\parent_file_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Parent-File-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Parent-File-Security_Descriptor","sha1":"Test Parent-File-SHA1","sha2":"Test Parent-File-SHA2","signature_company_name":"Test Parent-File-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Parent-File-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Parent-File-Signature_Fingerprints-Algorithm","value":"Test Parent-File-Signature_Fingerprints-Value"},{"algorithm":"Test Parent-File-Signature_Fingerprints-Algorithms","value":"Test Parent-File-Signature_Fingerprints-Values"}],"signature_issuer":"Test Parent-File-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Parent Actor-File-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.31","src_name":"Test Parent-File-SRC_Name","type_id":1,"uid":"Test Parent-File-UID","url":{"categories":["Test Parent-File-URL-Category","Test Parent-File-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Parent-File-URL-Extension","host":"www.parent-file-url-host.com","method":"Test Parent-File-URL-Method","parent_categories":["Test Parent-File-URL-Parent_Category","Test Parent-File-URL-Parent_Categories"],"path":"/download/trouble/parent/file/url/path","port":80,"provider":"Test Parent-File-URL-Provider","query":"q=bad&sort=date","referrer":"Test Parent-File-URL-Referrer","referrer_categories":["Test Parent-File-URL-Referrer_Category","Test Parent-File-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Parent-File-URL-Scheme","text":"www.parent-file-url-text.com/download/trouble"},"version":"Test Parent-File-Version","xattributes":{"ads_name":"Test Parent-File-XAttributes-ADS_Name","ads_size":"Test Parent-File-XAttributes-ADS_Size","dacl":"Test Parent-File-XAttributes-DACL","owner":"Test Parent-File-XAttributes-Owner","primary_group":"Test Parent-File-XAttributes-Primary_Group","link_name":"Test Parent-File-XAttributes-Link_Name","hard_link_count":"Test Parent-File-XAttributes-Hard_Link_Count","Unix_permissions":"Test Parent-File-XAttributes-Unix_Permissions"}},"integrity_id":0,"lineage":["Test Parent-Lineage 1","Test Parent-Lineages 1"],"loaded_modules":["Test Parent-Loaded_Module 1","Test Parent-Loaded_Modules 1"],"module":{"accessed":1613021404000,"accessor":"Test Parent-Module-Accessor","attribute_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],"attributes":12345678901,"base_address":"Test Parent-Module-Base_Address","company_name":"Microsoft Corporation","confidentiality_id":0,"content_type":{"family_id":0,"subtype":"Test Parent-Module-Content_Type-SubType","type_id":0},"created":1613021404000,"creator":"Test Parent-Module-Creator","creator_process":"Test Parent-Module-Creator_Process","desc":"Test Parent-Module-Desc","folder":"c:\\windows\\system32\\parent\\module\\folder","folder_uid":"Test Parent-Module-Folder_UID","is_system":true,"load_type":"Test Parent-Module-Load_Type","load_type_id":0,"md5":"Test Parent-Module-MD5","mime_type":"Test Parent-Module-MIME_Type","modified":1613021404000,"modifier":"Test Parent-Module-Modifier","name":"parent_module_name.exe","normalized_path":"CSIDL_SYSTEM\\parent_module_normalized_path.exe","original_name":"Test Parent-Module-Original_Name","owner":"Test Parent-Module-Owner","parent_name":"Test Parent-Module-Parent_Name","parent_sha2":"Test Parent-Module-Parent_SHA2","path":"c:\\windows\\system32\\parent_module_path.exe","product_name":"Windows Internet Explorer","product_path":"Test Parent-Module-Product_Path","rep_discovered_band":0,"rep_discovered_date":1613021404000,"rep_prevalence":12345678901,"rep_prevalence_band":0,"rep_score":12345678901,"rep_score_band":0,"security_descriptor":"Test Parent-Module-Security_Descriptor","sha1":"Test Parent-Module-SHA1","sha2":"Test Parent-Module-SHA2","signature_company_name":"Test Parent-Module-Signature_Company_Name","signature_created_date":1613021404000,"signature_developer_uid":"Test Parent-Module-Signature_Developer_UID","signature_fingerprints":[{"algorithm":"Test Parent-Module-Signature_Fingerprints-Algorithm","value":"Test Parent-Module-Signature_Fingerprints-Value"},{"algorithm":"Test Parent-Module-Signature_Fingerprints-Algorithms","value":"Test Parent-Module-Signature_Fingerprints-Values"}],"signature_issuer":"Test Parent-Module-Signature_Issuer","signature_level_id":0,"signature_serial_number":"Test Parent-Module-Signature_Serial_Number","signature_value":12345678901,"signature_value_ids":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"size":12345678901,"size_compressed":12345678901,"src_ip":"10.0.0.32","src_name":"Test Parent-Module-SRC_Name","type_id":1,"uid":"Test Parent-Module-UID","url":{"categories":["Test Parent-Module-URL-Category","Test Parent-Module-URL-Categories"],"category_ids":[1,3,4,5,6,7,9,11,14,15,16,17,18,20,21,22,23,24,25,26,27,29,30,31,32,33,34,35,36,37,38,40,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,59,60,61,63,64,65,66,67,68,71,83,84,85,86,87,88,89,90,92,93,95,96,97,98,101,102,103,104,105,106,107,108,109,110,111,112,113,114,116,117,118,121,124],"extension":"Test Parent-Module-URL-Extension","host":"www.parent-module-url-host.com","method":"Test Parent-Module-URL-Method","parent_categories":["Test Parent-Module-URL-Parent_Category","Test Parent-Module-URL-Parent_Categories"],"path":"/download/trouble/parent/module/url/path","port":80,"provider":"Test Parent-Module-URL-Provider","query":"q=bad&sort=date","referrer":"Test Parent-Module-URL-Referrer","referrer_categories":["Test Parent-Module-URL-Referrer_Category","Test Parent-Module-URL-Referrer_Categories"],"referrer_category_ids":[12345678901,67890123451],"rep_score_id":0,"scheme":"Test Parent-Module-URL-Scheme","text":"www.parent-module-url-text.com/download/trouble"},"version":"Test Parent-Module-Version","xattributes":{"ads_name":"Test Parent-Module-XAttributes-ADS_Name","ads_size":"Test Parent-Module-XAttributes-ADS_Size","dacl":"Test Parent-Module-XAttributes-DACL","owner":"Test Parent-Module-XAttributes-Owner","primary_group":"Test Parent-Module-XAttributes-Primary_Group","link_name":"Test Parent-Module-XAttributes-Link_Name","hard_link_count":"Test Parent-Module-XAttributes-Hard_Link_Count","Unix_permissions":"Test Parent-Module-XAttributes-Unix_Permissions"}},"normalized_cmd_line":"Test Parent-Normalized_CMD_Line","pid":12345678901,"sandbox_name":"Test Parent-Sandbox_Name","session":{"auth_protocol_id":0,"cleartext_credentials":true,"direction_id":0,"id":12345678901,"is_admin":true,"logon_type_id":1,"port":80,"previous_users":["Test Parent-Session-Previous_User","Test Parent-Session-Previous_Users"],"remote":true,"remote_host":"Test Parent-Session-Remote_Host","remote_ip":"10.0.0.33","user":{"account_disabled":true,"cloud_resource_uid":"Test Parent-Session-User-Cloud_Resource_UID","domain":"Test Parent-Session-User-Domain","external_account_uid":"Test Parent-Session-User-External_Account_UID","external_uid":"Test Parent-Session-User-External_UID","full_name":"Test Parent-Session-User-Full_Name","groups":["Test Parent-Session-User-Group","Test Parent-Session-User-Groups"],"home":"Test Parent-Session-User-Home","is_admin":true,"logon_name":"Test Parent-Session-User-Logon_Name","name":"Test Parent-Session-User-Name","password_expires":true,"shell":"Test Parent-Session-User-Shell","sid":"Test Parent-Session-User-SID","uid":"Test Parent-Session-User-UID"}},"session_id":12345678901,"start_time":1613021404000,"tid":12345678901,"uid":"Test Parent-UID","user":{"account_disabled":true,"cloud_resource_uid":"Test Parent-User-Cloud_Resource_UID","domain":"Test Parent-User-Domain","external_account_uid":"Test Parent-User-External_Account_UID","external_uid":"Test Parent-User-External_UID","full_name":"Test Parent-User-Full_Name","groups":["Test Parent-User-Group","Test Parent-User-Groups"],"home":"Test Parent-User-Home","is_admin":true,"logon_name":"Test Parent-User-Logon_Name","name":"Test Parent-User-Name","password_expires":true,"shell":"Test Parent-User-Shell","sid":"Test Parent-User-SID","uid":"Test Parent-User-UID"},"xattributes":{"ads_name":"Test Parent-XAttributes-ADS_Name","ads_size":"Test Parent-XAttributes-ADS_Size","dacl":"Test Parent-XAttributes-DACL","owner":"Test Parent-XAttributes-Owner","primary_group":"Test Parent-XAttributes-Primary_Group","link_name":"Test Parent-XAttributes-Link_Name","hard_link_count":"Test Parent-XAttributes-Hard_Link_Count","Unix_permissions":"Test Parent-XAttributes-Unix_Permissions"}},"policy":{"desc":"Test Policy-Desc","effective_date":1613021404000,"group_desc":"Test Policy-Group_Desc","group_name":"Test Policy-Group_Name","group_uid":"Test Policy-Group_UID","label":"Test Policy-Label","name":"Test Policy-Name","rule_category_id":0,"rule_desc":"Test Policy-Rule_Desc","rule_group_desc":"Test Policy-Rule_Group_Desc","rule_group_name":"Test Policy-Rule_Group_Name","rule_group_uid":"Test Policy-Rule_Group_UID","rule_name":"Test Policy-Rule_Name","rule_uid":"Test Policy-Rule_UID","rules":[{"category_id":0,"desc":"Test Policy-Rules-Desc 1","dlp_type_id":1,"name":"Test Policy-Rules-Name 1","num_violations":12345678901,"uid":"Test Policy-Rules-UID 1"},{"category_id":1,"desc":"Test Policy-Rules-Desc 2","dlp_type_id":2,"name":"Test Policy-Rules-Name 2","num_violations":12345678902,"uid":"Test Policy-Rules-UID 2"}],"state_ids":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25],"type_id":0,"uid":"Test Policy-UID","version":"Test Policy-Version"},"product_data":{"sep_domain_uid":"Test Product_Data-Sep_Domain_UID","sep_hw_uid":"Test Product_Data-Sep_HW_UID"},"product_lang":"en","product_name":"Symantec Endpoint Security","product_uid":"Test Product_UID","product_ver":"2014.1.4.25-beta","proxy_device_ip":"10.0.0.25","proxy_device_name":"Test Proxy_Device_Name","raw_data":{"assetID":"vc9DagprQYyLZ23SEY1APw","assetOpstateDTO":{"productUuid":"31B0C880-0229-49E8-94C5-48D56B1BD7B9","features":[{"uuid":"1DF0351C-146D-4F07-B155-BF5C7077FF40","featureStatus":"SECURE","opstate":{"EDRContentSequence":"20231128005","EDREngineVersion":"4.11.0.10","EDRFramworkVersion":"4.10.0.59","FDRStatus":true,"LowDiskSpace":false,"MaxDBSizeHonored":true,"applied_policy":{"effective_date":1709219437080,"sha2":"ee6b0bebbc4575b507ac616d2c362f2c54d462b92cf4068cb6681ae3187d4de3","uid":"7dc29d40-f303-477a-9012-287ef252a391","version":"16"},"disk_usage_mb":1546,"fdr_first_event_date":"20240227","fdr_state":1},"state":"ENABLED","statusReason":["-107","0"],"prevention_state":"1"}],"products_active":0,"blades":0}},"ref_log_name":"Test Ref_Log_Name","ref_log_time":"2024-02-29T01:00:00.000Z","ref_orig_uid":"Test Ref_Orig_UID","ref_uid":"Test Ref_UID","remediated":true,"remediation":"Test Remediation","remediation_ref":"Test Remediation_Ref","remediation_uid":0,"seq_num":12345678901,"sessions":[{"auth_protocol_id":0,"cleartext_credentials":true,"direction_id":0,"id":12345678901,"is_admin":true,"logon_type_id":1,"port":80,"previous_users":["Test Sessions-Previous_User 1","Test Sessions-Previous_Users 1"],"remote":true,"remote_host":"Test Sessions-Remote_Host 1","remote_ip":"10.0.0.26","user":{"account_disabled":true,"cloud_resource_uid":"Test Sessions-User-Cloud_Resource_UID 1","domain":"Test Sessions-User-Domain 1","external_account_uid":"Test Sessions-User-External_Account_UID 1","external_uid":"Test Sessions-User-External_UID 1","full_name":"Test Sessions-User-Full_Name 1","groups":["Test Sessions-User-Group 1","Test Sessions-User-Groups 1"],"home":"Test Sessions-User-Home 1","is_admin":true,"logon_name":"Test Sessions-User-Logon_Name 1","name":"Test session-User-Name 1","password_expires":true,"shell":"Test Sessions-User-Shell 1","sid":"Test Sessions-User-SID 1","uid":"Test Sessions-User-UID 1"}},{"auth_protocol_id":1,"cleartext_credentials":true,"direction_id":1,"id":67890123451,"is_admin":true,"logon_type_id":2,"port":81,"previous_users":["Test Sessions-Previous_User 2","Test Sessions-Previous_Users 2"],"remote":true,"remote_host":"Test Sessions-Remote_Host 2","remote_ip":"10.0.0.27","user":{"account_disabled":true,"cloud_resource_uid":"Test Sessions-User-Cloud_Resource_UID 2","domain":"Test Sessions-User-Domain 2","external_account_uid":"Test Sessions-User-External_Account_UID 2","external_uid":"Test Sessions-User-External_UID 2","full_name":"Test Sessions-User-Full_Name 2","groups":["Test Sessions-User-Group 2","Test Sessions-User-Groups 2"],"home":"Test Sessions-User-Home 2","is_admin":true,"logon_name":"Test Sessions-User-Logon_Name 2","name":"Test session-User-Name 2","password_expires":true,"shell":"Test Sessions-User-Shell 2","sid":"Test Sessions-User-SID 2","uid":"Test Sessions-User-UID 2"}}],"severity_id":0,"source":{"facility":"Test Source-Facility","facility_detail":"Test Source-Facility_Detail","facility_uid":"Test Source-Facility_UID","type_id":1},"status_detail":"Test Status_Detail","status_id":0,"status_os":"Test Status_OS","status_os_src":12345678901,"status_stack_trace":"Test Status_Stack_Trace","status_thread_name":"Test Status_Thread_Name","stic_has_pii":true,"stic_hw_uid":"Test STIC_HW_UID","stic_ip_hash":"Test STIC_IP_Hash","stic_legacy_ent_uids":["Test STIC_Legacy_Ent_UIDs 1","Test STIC_Legacy_Ent_UIDs 2"],"stic_legacy_hw_uids":["Test STIC_Legacy_HW_UIDs 1","Test STIC_Legacy_HW_UIDs 2"],"stic_legacy_uids":["Test STIC_Legacy_UIDs 1","Test STIC_Legacy_UIDs 2"],"stic_schema_id":"Test STIC_Schema_ID","stic_uid":"Test STIC_UID","stic_version":"Test STIC_Version","subfeature_name":"Test Subfeature_Name","time":"2024-02-29T02:00:00Z","timezone":12345678901,"type":"Test Type","type_id":8002,"user":{"account_disabled":true,"cloud_resource_uid":"Test User-Cloud_Resource_UID","domain":"Test User-Domain","external_account_uid":"Test User-External_Account_UID","external_uid":"Test User-External_UID","full_name":"Test User-Full_Name","groups":["Test User-Group 1","Test User-Groups 1"],"home":"Test User-Home","is_admin":true,"logon_name":"Test User-Logon_Name","name":"Test User-Name","password_expires":true,"shell":"Test User-Shell","sid":"Test User-SID","uid":"Test User-UID"},"user_name":"Test User_Name","user_uid":"Test User_UID","uuid":"Test UUID","version":"1.4"}


I think we can make this test case smaller so that it's just testing the behaviour that we need tested in this change.

updated in 892f3f0

elastic-vault-github-plugin-prod · 2025-06-03T13:22:47Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine · 2025-06-03T13:23:18Z

💚 Build Succeeded

Buildkite Build
Commit: 892f3f0

History

💚 Build #26624 succeeded bd4d454

cc @kcreddy

elastic-sonarqube · 2025-06-03T13:23:20Z

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elastic-vault-github-plugin-prod · 2025-06-04T04:25:02Z

Package symantec_endpoint_security - 1.12.0 containing this change is available at https://epr.elastic.co/package/symantec_endpoint_security/1.12.0/

kcreddy added 2 commits May 30, 2025 15:47

Parse events containing "module.url" as string.

f9f6b83

update pr number

bd4d454

kcreddy commented May 30, 2025

View reviewed changes

kcreddy self-assigned this May 30, 2025

kcreddy added enhancement New feature or request Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:symantec_endpoint_security Symantec Endpoint Security labels May 30, 2025

kcreddy marked this pull request as ready for review May 30, 2025 10:27

kcreddy requested a review from a team as a code owner May 30, 2025 10:27

efd6 reviewed Jun 2, 2025

View reviewed changes

Address PR comment

892f3f0

kcreddy requested a review from efd6 June 3, 2025 12:58

efd6 approved these changes Jun 4, 2025

View reviewed changes

kcreddy merged commit 6fad94b into elastic:main Jun 4, 2025
8 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

symantec_endpoint_security: Parse events containing "module.url" as string. #14078

symantec_endpoint_security: Parse events containing "module.url" as string. #14078

Uh oh!

kcreddy commented May 30, 2025 •

edited

Loading

Uh oh!

kcreddy May 30, 2025

Uh oh!

elasticmachine commented May 30, 2025

Uh oh!

efd6 Jun 2, 2025

Uh oh!

kcreddy Jun 3, 2025

Uh oh!

elastic-vault-github-plugin-prod bot commented Jun 3, 2025

Uh oh!

elasticmachine commented Jun 3, 2025

Uh oh!

elastic-sonarqube bot commented Jun 3, 2025

Uh oh!

Uh oh!

elastic-vault-github-plugin-prod bot commented Jun 4, 2025

Uh oh!

Uh oh!

symantec_endpoint_security: Parse events containing "module.url" as string. #14078

symantec_endpoint_security: Parse events containing "module.url" as string. #14078

Uh oh!

Conversation

kcreddy commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed commit message

Checklist

How to test this PR locally

Uh oh!

kcreddy May 30, 2025

Choose a reason for hiding this comment

Uh oh!

elasticmachine commented May 30, 2025

Uh oh!

efd6 Jun 2, 2025

Choose a reason for hiding this comment

Uh oh!

kcreddy Jun 3, 2025

Choose a reason for hiding this comment

Uh oh!

elastic-vault-github-plugin-prod bot commented Jun 3, 2025

🚀 Benchmarks report

Uh oh!

elasticmachine commented Jun 3, 2025

💚 Build Succeeded

History

Uh oh!

elastic-sonarqube bot commented Jun 3, 2025

Quality Gate passed

Uh oh!

Uh oh!

elastic-vault-github-plugin-prod bot commented Jun 4, 2025

Uh oh!

Uh oh!

kcreddy commented May 30, 2025 •

edited

Loading