diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index 3b07bb035c9..1e29850e897 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,9 +1,14 @@ # newer versions go on top +- version: "2.32.0" + changes: + - description: Add device.id and user_agent fields from ExtendedProperties.additionalDetails. + type: enhancement + link: https://github.com/elastic/integrations/pull/15632 - version: "2.31.0" changes: - description: Improve documentation. type: enhancement - link: https://github.com/elastic/integrations/pull/1 + link: https://github.com/elastic/integrations/pull/15660 - version: "2.30.0" changes: - description: >- diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json index af5bceda098..0a3f1f16fe4 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json @@ -25876,6 +25876,103 @@ "Version": 1, "Workload": "AzureActiveDirectory" } + }, + { + "event": { + "original": "{\"Actor\":[{\"ID\":\"Device Registration Service\",\"Type\":1},{\"ID\":\"02cb2876-7ebd-4aa4-9cc9-d28bd4d359a9\",\"Type\":2},{\"ID\":\"ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a\",\"Type\":2},{\"ID\":\"1263c36d-a4ea-4035-9a23-4c61f65c8f0a\",\"Type\":2},{\"ID\":\"ServicePrincipal\",\"Type\":2}],\"ActorContextId\":\"f283355b-3bfe-4849-a3bc-480c7564e41b\",\"AzureActiveDirectoryEventType\":1,\"CreationTime\":\"2025-10-07T08:22:33\",\"ExtendedProperties\":[{\"Name\":\"additionalDetails\",\"Value\":\"{\\\"DeviceId\\\":\\\"62eedfc0-b73c-206c-a59d-16457c7ebcd8\\\",\\\"DeviceOSType\\\":\\\"Linux\\\",\\\"DeviceTrustType\\\":\\\"\\\"}\"},{\"Name\":\"extendedAuditEventCategory\",\"Value\":\"Device\"}],\"Id\":\"f2fd4b5b-c2ba-41e9-9733-b47ab08c632f\",\"InterSystemsId\":\"42d4768c-e894-43e0-8ac2-ad2f347b8c72\",\"IntraSystemId\":\"b2ec3429-a9c6-4d2e-823b-bd5853dad59c\",\"ModifiedProperties\":[{\"Name\":\"Included Updated Properties\",\"NewValue\":\"\",\"OldValue\":\"\"},{\"Name\":\"TargetId.DeviceId\",\"NewValue\":\"62aedfc0-b73c-206c-a59d-16457c7ebcd8\",\"OldValue\":\"\"},{\"Name\":\"TargetId.DeviceOSType\",\"NewValue\":\"Linux\",\"OldValue\":\"\"},{\"Name\":\"TargetId.DeviceTrustType\",\"NewValue\":\"\",\"OldValue\":\"\"}],\"ObjectId\":\"Device_f228a358-2d71-4c08-95dc-bbcfa6d0305e\",\"Operation\":\"Update device.\",\"OrganizationId\":\"fb23355b-3bfe-4849-a3bc-480c7564e41b\",\"RecordType\":8,\"ResultStatus\":\"Success\",\"SupportTicketId\":\"\",\"Target\":[{\"ID\":\"Device_f228a358-2d72-4c08-95dc-bbcfa6d0305e\",\"Type\":2},{\"ID\":\"f228a358-2d72-4c08-95dc-bbcfa6d0305e\",\"Type\":2},{\"ID\":\"Device\",\"Type\":2},{\"ID\":\"DeJesus-Elastic-Agent-Host\",\"Type\":1}],\"TargetContextId\":\"fb83355b-32fe-4849-a3bc-480c7564e41b\",\"UserId\":\"ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a\",\"UserKey\":\"Not Available\",\"UserType\":4,\"Version\":1,\"Workload\":\"AzureActiveDirectory\"}" + }, + "o365audit": { + "Actor": [ + { + "ID": "Device Registration Service", + "Type": 1 + }, + { + "ID": "02cb2876-7ebd-4aa4-9cc9-d28bd4d359a9", + "Type": 2 + }, + { + "ID": "ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a", + "Type": 2 + }, + { + "ID": "1263c36d-a4ea-4035-9a23-4c61f65c8f0a", + "Type": 2 + }, + { + "ID": "ServicePrincipal", + "Type": 2 + } + ], + "ActorContextId": "f283355b-3bfe-4849-a3bc-480c7564e41b", + "AzureActiveDirectoryEventType": 1, + "CreationTime": "2025-10-07T08:22:33", + "ExtendedProperties": [ + { + "Name": "additionalDetails", + "Value": "{\"DeviceId\":\"62eedfc0-b73c-206c-a59d-16457c7ebcd8\",\"DeviceOSType\":\"Linux\",\"DeviceTrustType\":\"\"}" + }, + { + "Name": "extendedAuditEventCategory", + "Value": "Device" + } + ], + "Id": "f2fd4b5b-c2ba-41e9-9733-b47ab08c632f", + "InterSystemsId": "42d4768c-e894-43e0-8ac2-ad2f347b8c72", + "IntraSystemId": "b2ec3429-a9c6-4d2e-823b-bd5853dad59c", + "ModifiedProperties": [ + { + "Name": "Included Updated Properties", + "NewValue": "", + "OldValue": "" + }, + { + "Name": "TargetId.DeviceId", + "NewValue": "62aedfc0-b73c-206c-a59d-16457c7ebcd8", + "OldValue": "" + }, + { + "Name": "TargetId.DeviceOSType", + "NewValue": "Linux", + "OldValue": "" + }, + { + "Name": "TargetId.DeviceTrustType", + "NewValue": "", + "OldValue": "" + } + ], + "ObjectId": "Device_f228a358-2d71-4c08-95dc-bbcfa6d0305e", + "Operation": "Update device.", + "OrganizationId": "fb23355b-3bfe-4849-a3bc-480c7564e41b", + "RecordType": 8, + "ResultStatus": "Success", + "SupportTicketId": "", + "Target": [ + { + "ID": "Device_f228a358-2d72-4c08-95dc-bbcfa6d0305e", + "Type": 2 + }, + { + "ID": "f228a358-2d72-4c08-95dc-bbcfa6d0305e", + "Type": 2 + }, + { + "ID": "Device", + "Type": 2 + }, + { + "ID": "DeJesus-Elastic-Agent-Host", + "Type": 1 + } + ], + "TargetContextId": "fb83355b-32fe-4849-a3bc-480c7564e41b", + "UserId": "ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a", + "UserKey": "Not Available", + "UserType": 4, + "Version": 1, + "Workload": "AzureActiveDirectory" + } } ] } \ No newline at end of file diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json index d196b1d1e8a..cfe06a771af 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json @@ -71,6 +71,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", "env_appId": "restdirectoryservice", @@ -178,6 +181,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -251,6 +267,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", "env_appId": "restdirectoryservice", @@ -358,6 +377,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -431,6 +463,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", "env_appId": "restdirectoryservice", @@ -538,6 +573,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -611,6 +659,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", "env_appId": "restdirectoryservice", @@ -723,6 +774,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -796,6 +860,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9", "env_appId": "restdirectoryservice", @@ -908,6 +975,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -981,6 +1061,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", @@ -1106,6 +1189,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -1179,6 +1275,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", @@ -1304,6 +1403,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -1377,6 +1489,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", @@ -1502,6 +1617,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -1575,6 +1703,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", @@ -1700,6 +1831,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -1773,6 +1917,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f", @@ -1898,6 +2045,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -1971,6 +2131,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -2096,6 +2259,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -2169,6 +2345,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -2294,6 +2473,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -2367,6 +2559,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -2492,6 +2687,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -2565,6 +2773,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -2690,6 +2901,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -2763,6 +2987,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -2888,6 +3115,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -2961,6 +3201,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -3086,6 +3329,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -3159,6 +3415,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -3284,6 +3543,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -3357,6 +3629,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74", @@ -3482,6 +3757,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -3555,6 +3843,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "5345f95e-44e0-48fc-823c-8206ff821338", "env_appId": "restdirectoryservice", @@ -3662,6 +3953,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -3735,6 +4039,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "5345f95e-44e0-48fc-823c-8206ff821338", "env_appId": "restdirectoryservice", @@ -3842,6 +4149,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -3915,6 +4235,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "5345f95e-44e0-48fc-823c-8206ff821338", "env_appId": "restdirectoryservice", @@ -4027,6 +4350,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -4100,6 +4436,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", "env_appId": "restdirectoryservice", @@ -4207,6 +4546,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -4280,6 +4632,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", "env_appId": "restdirectoryservice", @@ -4387,6 +4742,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -4460,6 +4828,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", "env_appId": "restdirectoryservice", @@ -4567,6 +4938,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -4640,6 +5024,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528", "env_appId": "restdirectoryservice", @@ -4752,6 +5139,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -4825,6 +5225,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -4950,6 +5353,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -5023,6 +5439,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -5148,6 +5567,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -5221,6 +5653,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -5346,6 +5781,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -5419,6 +5867,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -5544,6 +5995,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -5617,6 +6081,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -5742,6 +6209,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -5815,6 +6295,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -5940,6 +6423,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -6013,6 +6509,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -6138,6 +6637,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -6211,6 +6723,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", @@ -6336,6 +6851,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -6409,6 +6937,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", "env_appId": "restdirectoryservice", @@ -6533,6 +7064,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -6606,6 +7150,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452", "env_appId": "restdirectoryservice", @@ -6730,6 +7277,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -6793,6 +7353,9 @@ "actorPUID": "100300008060F582", "actorUPN": "fim_password_service@support.onmicrosoft.com", "additionalDetails": "{\"UserType\":\"Member\"}", + "additionalDetails_value": { + "UserType": "Member" + }, "auditEventCategory": "UserManagement", "correlationId": "4aa56c6c-8fa5-4787-a165-03f181541438", "env_appId": "becwebservice", @@ -6967,6 +7530,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2e358876-29c8-45b5-8dba-e233cf769988", @@ -7083,6 +7649,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -7156,6 +7735,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2e358876-29c8-45b5-8dba-e233cf769988", @@ -7272,6 +7854,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -7345,6 +7940,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2e358876-29c8-45b5-8dba-e233cf769988", @@ -7461,6 +8059,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -7534,6 +8145,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", @@ -7659,6 +8273,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -7732,6 +8359,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", @@ -7857,6 +8487,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -7930,6 +8573,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", @@ -8055,6 +8701,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -8128,6 +8787,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", @@ -8253,6 +8915,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -8326,6 +9001,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "b2484c3c-5461-43ab-850b-70fccf706796", @@ -8451,6 +9129,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -8524,6 +9215,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", @@ -8649,6 +9343,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -8722,6 +9429,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", @@ -8847,6 +9557,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -8920,6 +9643,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", @@ -9045,6 +9771,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -9118,6 +9857,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", @@ -9243,6 +9985,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -9316,6 +10071,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", @@ -9441,6 +10199,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -9514,6 +10285,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", @@ -9639,6 +10413,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -9712,6 +10499,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b", @@ -9837,6 +10627,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -9910,6 +10713,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", "env_appId": "restdirectoryservice", @@ -10034,6 +10840,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -10107,6 +10926,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", "env_appId": "restdirectoryservice", @@ -10231,6 +11053,19 @@ "target": { "id": "71a0194b-b70c-44a6-82f2-d4670aee4585" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -10304,6 +11139,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -10420,6 +11258,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -10493,6 +11344,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -10609,6 +11463,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -10682,6 +11549,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -10798,6 +11668,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -10871,6 +11754,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -10987,6 +11873,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -11060,6 +11959,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -11185,6 +12087,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -11258,6 +12173,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -11383,6 +12301,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -11456,6 +12387,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -11581,6 +12515,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -11654,6 +12601,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -11779,6 +12729,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -11852,6 +12815,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "654d7080-aee6-4826-abd9-c5710b336614", @@ -11977,6 +12943,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -12050,6 +13029,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "484659af-7387-4b77-b889-c4d2a8060004", "env_appId": "restdirectoryservice", @@ -12169,6 +13151,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -12242,6 +13237,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "484659af-7387-4b77-b889-c4d2a8060004", "env_appId": "restdirectoryservice", @@ -12361,6 +13359,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -12434,6 +13445,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "484659af-7387-4b77-b889-c4d2a8060004", "env_appId": "restdirectoryservice", @@ -12553,6 +13567,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -12626,6 +13653,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "484659af-7387-4b77-b889-c4d2a8060004", "env_appId": "restdirectoryservice", @@ -12745,6 +13775,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -12818,6 +13861,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"33cdc459-1335-4d6c-b773-f5eef4df7793\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"Application\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "484659af-7387-4b77-b889-c4d2a8060004", @@ -12936,6 +13982,19 @@ "id": "asr@testsiem.onmicrosoft.com", "name": "asr" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -13009,6 +14068,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", "env_appId": "restdirectoryservice", @@ -13144,6 +14206,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -13217,6 +14292,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", "env_appId": "restdirectoryservice", @@ -13352,6 +14430,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -13425,6 +14516,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", "env_appId": "restdirectoryservice", @@ -13560,6 +14654,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -13633,6 +14740,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d", "env_appId": "restdirectoryservice", @@ -13768,6 +14878,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -13841,6 +14964,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", "env_appId": "restdirectoryservice", @@ -13939,6 +15065,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -14012,6 +15151,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", "env_appId": "restdirectoryservice", @@ -14119,6 +15261,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -14192,6 +15347,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", "env_appId": "restdirectoryservice", @@ -14299,6 +15457,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -14372,6 +15543,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", "env_appId": "restdirectoryservice", @@ -14484,6 +15658,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -14557,6 +15744,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", "env_appId": "restdirectoryservice", @@ -14669,6 +15859,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -14742,6 +15945,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168", "env_appId": "restdirectoryservice", @@ -14854,6 +16060,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -14927,6 +16146,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", "env_appId": "restdirectoryservice", @@ -15034,6 +16256,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -15107,6 +16342,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", "env_appId": "restdirectoryservice", @@ -15214,6 +16452,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -15287,6 +16538,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", "env_appId": "restdirectoryservice", @@ -15394,6 +16648,19 @@ "target": { "id": "Not Available" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -15467,6 +16734,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", "env_appId": "restdirectoryservice", @@ -15579,6 +16849,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -15652,6 +16935,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", "env_appId": "restdirectoryservice", @@ -15764,6 +17050,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -15837,6 +17136,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c", "env_appId": "restdirectoryservice", @@ -15949,6 +17251,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -16022,6 +17337,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -16147,6 +17465,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -16220,6 +17551,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -16345,6 +17679,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -16418,6 +17765,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -16543,6 +17893,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -16616,6 +17979,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -16741,6 +18107,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -16814,6 +18193,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -16939,6 +18321,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -17012,6 +18407,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -17137,6 +18535,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -17210,6 +18621,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -17335,6 +18749,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -17408,6 +18835,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -17533,6 +18963,19 @@ "target": { "id": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -17606,6 +19049,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -17722,6 +19168,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -17795,6 +19254,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -17911,6 +19373,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -17984,6 +19459,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]", "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -18100,6 +19578,19 @@ "target": { "id": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -18173,6 +19664,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", "env_appId": "restdirectoryservice", @@ -18297,6 +19791,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -18370,6 +19877,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", "env_appId": "restdirectoryservice", @@ -18494,6 +20004,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -18567,6 +20090,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "auditEventCategory": "ApplicationManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", "env_appId": "restdirectoryservice", @@ -18691,6 +20217,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -18764,6 +20303,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]", "auditEventCategory": "UserManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -18886,6 +20428,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -18959,6 +20514,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]", "auditEventCategory": "UserManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -19081,6 +20639,19 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" } }, { @@ -19154,6 +20725,9 @@ "actorPUID": "1003200096971F55", "actorUPN": "asr@testsiem.onmicrosoft.com", "additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}", + "additionalDetails_value": { + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" + }, "additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]", "auditEventCategory": "UserManagement", "correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780", @@ -19276,6 +20850,131 @@ "target": { "id": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40" } + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "os": { + "full": "Mac OS X 10.14", + "name": "Mac OS X", + "version": "10.14" + }, + "version": "72.0" + } + }, + { + "@timestamp": "2025-10-07T08:22:33.000Z", + "device": { + "id": "62eedfc0-b73c-206c-a59d-16457c7ebcd8" + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "Update device.", + "category": [ + "web" + ], + "code": "AzureActiveDirectory", + "id": "f2fd4b5b-c2ba-41e9-9733-b47ab08c632f", + "kind": "event", + "original": "{\"Actor\":[{\"ID\":\"Device Registration Service\",\"Type\":1},{\"ID\":\"02cb2876-7ebd-4aa4-9cc9-d28bd4d359a9\",\"Type\":2},{\"ID\":\"ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a\",\"Type\":2},{\"ID\":\"1263c36d-a4ea-4035-9a23-4c61f65c8f0a\",\"Type\":2},{\"ID\":\"ServicePrincipal\",\"Type\":2}],\"ActorContextId\":\"f283355b-3bfe-4849-a3bc-480c7564e41b\",\"AzureActiveDirectoryEventType\":1,\"CreationTime\":\"2025-10-07T08:22:33\",\"ExtendedProperties\":[{\"Name\":\"additionalDetails\",\"Value\":\"{\\\"DeviceId\\\":\\\"62eedfc0-b73c-206c-a59d-16457c7ebcd8\\\",\\\"DeviceOSType\\\":\\\"Linux\\\",\\\"DeviceTrustType\\\":\\\"\\\"}\"},{\"Name\":\"extendedAuditEventCategory\",\"Value\":\"Device\"}],\"Id\":\"f2fd4b5b-c2ba-41e9-9733-b47ab08c632f\",\"InterSystemsId\":\"42d4768c-e894-43e0-8ac2-ad2f347b8c72\",\"IntraSystemId\":\"b2ec3429-a9c6-4d2e-823b-bd5853dad59c\",\"ModifiedProperties\":[{\"Name\":\"Included Updated Properties\",\"NewValue\":\"\",\"OldValue\":\"\"},{\"Name\":\"TargetId.DeviceId\",\"NewValue\":\"62aedfc0-b73c-206c-a59d-16457c7ebcd8\",\"OldValue\":\"\"},{\"Name\":\"TargetId.DeviceOSType\",\"NewValue\":\"Linux\",\"OldValue\":\"\"},{\"Name\":\"TargetId.DeviceTrustType\",\"NewValue\":\"\",\"OldValue\":\"\"}],\"ObjectId\":\"Device_f228a358-2d71-4c08-95dc-bbcfa6d0305e\",\"Operation\":\"Update device.\",\"OrganizationId\":\"fb23355b-3bfe-4849-a3bc-480c7564e41b\",\"RecordType\":8,\"ResultStatus\":\"Success\",\"SupportTicketId\":\"\",\"Target\":[{\"ID\":\"Device_f228a358-2d72-4c08-95dc-bbcfa6d0305e\",\"Type\":2},{\"ID\":\"f228a358-2d72-4c08-95dc-bbcfa6d0305e\",\"Type\":2},{\"ID\":\"Device\",\"Type\":2},{\"ID\":\"DeJesus-Elastic-Agent-Host\",\"Type\":1}],\"TargetContextId\":\"fb83355b-32fe-4849-a3bc-480c7564e41b\",\"UserId\":\"ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a\",\"UserKey\":\"Not Available\",\"UserType\":4,\"Version\":1,\"Workload\":\"AzureActiveDirectory\"}", + "outcome": "success", + "provider": "AzureActiveDirectory", + "type": [ + "info" + ] + }, + "host": { + "id": "fb23355b-3bfe-4849-a3bc-480c7564e41b" + }, + "o365": { + "audit": { + "Actor": [ + { + "ID": "Device Registration Service", + "Type": "1" + }, + { + "ID": "02cb2876-7ebd-4aa4-9cc9-d28bd4d359a9", + "Type": "2" + }, + { + "ID": "ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a", + "Type": "2" + }, + { + "ID": "1263c36d-a4ea-4035-9a23-4c61f65c8f0a", + "Type": "2" + }, + { + "ID": "ServicePrincipal", + "Type": "2" + } + ], + "ActorContextId": "f283355b-3bfe-4849-a3bc-480c7564e41b", + "AzureActiveDirectoryEventType": "1", + "CreationTime": "2025-10-07T08:22:33", + "ExtendedProperties": { + "additionalDetails": "{\"DeviceId\":\"62eedfc0-b73c-206c-a59d-16457c7ebcd8\",\"DeviceOSType\":\"Linux\",\"DeviceTrustType\":\"\"}", + "additionalDetails_value": { + "DeviceId": "62eedfc0-b73c-206c-a59d-16457c7ebcd8", + "DeviceOSType": "Linux" + }, + "extendedAuditEventCategory": "Device" + }, + "InterSystemsId": "42d4768c-e894-43e0-8ac2-ad2f347b8c72", + "IntraSystemId": "b2ec3429-a9c6-4d2e-823b-bd5853dad59c", + "ModifiedProperties": { + "TargetId_DeviceId": { + "NewValue": "62aedfc0-b73c-206c-a59d-16457c7ebcd8" + }, + "TargetId_DeviceOSType": { + "NewValue": "Linux" + } + }, + "ObjectId": "Device_f228a358-2d71-4c08-95dc-bbcfa6d0305e", + "RecordType": "8", + "ResultStatus": "Success", + "Target": [ + { + "ID": "Device_f228a358-2d72-4c08-95dc-bbcfa6d0305e", + "Type": "2" + }, + { + "ID": "f228a358-2d72-4c08-95dc-bbcfa6d0305e", + "Type": "2" + }, + { + "ID": "Device", + "Type": "2" + }, + { + "ID": "DeJesus-Elastic-Agent-Host", + "Type": "1" + } + ], + "TargetContextId": "fb83355b-32fe-4849-a3bc-480c7564e41b", + "UserId": "ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a", + "UserKey": "Not Available", + "UserType": "4", + "Version": "1" + } + }, + "organization": { + "id": "fb23355b-3bfe-4849-a3bc-480c7564e41b" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "ServicePrincipal_1263c36d-a4ea-4035-9a23-4c61f65c8f0a", + "target": { + "id": "Device_f228a358-2d71-4c08-95dc-bbcfa6d0305e" + } } } ] diff --git a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 0ce7532a878..2ebdef4e402 100644 --- a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1755,6 +1755,25 @@ processors: copy_from: o365audit.AppAccessContext.DeviceId tag: set_device_id_from_AppAccessContext_DeviceID ignore_empty_value: true + - json: + tag: json-extract-stringly-ExtendedProperties-additionalDetails + field: o365audit.ExtendedProperties.additionalDetails + target_field: o365audit.ExtendedProperties.additionalDetails_value + if: ctx.o365audit?.ExtendedProperties?.additionalDetails instanceof String + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - set: + field: device.id + copy_from: o365audit.ExtendedProperties.additionalDetails_value.DeviceId + tag: set_device_id_from_additionalDetails_value_DeviceID + ignore_empty_value: true + override: false + - user_agent: + field: o365audit.ExtendedProperties.additionalDetails_value.User-Agent + if: ctx.user_agent == null + ignore_missing: true - set: field: session.id copy_from: o365audit.AppAccessContext.AADSessionId diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index 016ccf300ba..d1539230bb9 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Microsoft Office 365 -version: "2.31.0" +version: "2.32.0" description: Collect logs from Microsoft Office 365 with Elastic Agent. type: integration format_version: "3.2.3"