Mirrors/marcredhat-kql
1
0
Fork 0
mirror of https://github.com/marcredhat/kql synced 2026-06-08 13:23:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
23cbaa9c08e081cbfa54c7ec8959f1d4fc78d7b4
marcredhat-kql/sample_data/events.jsonl
T

446 lines
200 KiB
JSON
Raw Blame History

{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:10:05.000Z", "ts_epoch_ms": 1780229405000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.20", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:50:05.000Z", "ts_epoch_ms": 1780231805000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.21", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:30:05.000Z", "ts_epoch_ms": 1780234205000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.22", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:10:05.000Z", "ts_epoch_ms": 1780229405000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.20", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:50:05.000Z", "ts_epoch_ms": 1780231805000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.21", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:30:05.000Z", "ts_epoch_ms": 1780234205000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.22", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:15:05.000Z", "ts_epoch_ms": 1780229705000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.30", "Location": "FR", "LocationDetails_country": "FR", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:55:05.000Z", "ts_epoch_ms": 1780232105000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.31", "Location": "FR", "LocationDetails_country": "FR", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:35:05.000Z", "ts_epoch_ms": 1780234505000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.32", "Location": "FR", "LocationDetails_country": "FR", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:15:05.000Z", "ts_epoch_ms": 1780229705000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.30", "Location": "FR", "LocationDetails_country": "FR", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:55:05.000Z", "ts_epoch_ms": 1780232105000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.31", "Location": "FR", "LocationDetails_country": "FR", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:35:05.000Z", "ts_epoch_ms": 1780234505000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.32", "Location": "FR", "LocationDetails_country": "FR", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:20:05.000Z", "ts_epoch_ms": 1780230005000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.40", "Location": "GB", "LocationDetails_country": "GB", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:00:05.000Z", "ts_epoch_ms": 1780232405000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.41", "Location": "GB", "LocationDetails_country": "GB", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:40:05.000Z", "ts_epoch_ms": 1780234805000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.42", "Location": "GB", "LocationDetails_country": "GB", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:20:05.000Z", "ts_epoch_ms": 1780230005000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.40", "Location": "GB", "LocationDetails_country": "GB", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:00:05.000Z", "ts_epoch_ms": 1780232405000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.41", "Location": "GB", "LocationDetails_country": "GB", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:40:05.000Z", "ts_epoch_ms": 1780234805000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.42", "Location": "GB", "LocationDetails_country": "GB", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:25:05.000Z", "ts_epoch_ms": 1780230305000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.50", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:05:05.000Z", "ts_epoch_ms": 1780232705000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.51", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:45:05.000Z", "ts_epoch_ms": 1780235105000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.52", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:25:05.000Z", "ts_epoch_ms": 1780230305000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.50", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:05:05.000Z", "ts_epoch_ms": 1780232705000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.51", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:45:05.000Z", "ts_epoch_ms": 1780235105000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.52", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:30:05.000Z", "ts_epoch_ms": 1780230605000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.60", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:10:05.000Z", "ts_epoch_ms": 1780233005000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.61", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:50:05.000Z", "ts_epoch_ms": 1780235405000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 0, "IPAddress": "10.0.0.62", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T12:30:05.000Z", "ts_epoch_ms": 1780230605000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.60", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:10:05.000Z", "ts_epoch_ms": 1780233005000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.61", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T13:50:05.000Z", "ts_epoch_ms": 1780235405000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.62", "Location": "US", "LocationDetails_country": "US", "LocationDetails_state": "HQ", "LocationDetails_city": "HQ", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:11:05.000Z", "ts_epoch_ms": 1780251065000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.10", "Location": "BR", "LocationDetails_country": "BR", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:11:35.000Z", "ts_epoch_ms": 1780251095000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.11", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:12:05.000Z", "ts_epoch_ms": 1780251125000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.12", "Location": "CN", "LocationDetails_country": "CN", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:12:35.000Z", "ts_epoch_ms": 1780251155000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.13", "Location": "IR", "LocationDetails_country": "IR", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:13:05.000Z", "ts_epoch_ms": 1780251185000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.14", "Location": "NG", "LocationDetails_country": "NG", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:13:35.000Z", "ts_epoch_ms": 1780251215000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.15", "Location": "VN", "LocationDetails_country": "VN", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:14:05.000Z", "ts_epoch_ms": 1780251245000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.16", "Location": "TR", "LocationDetails_country": "TR", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:14:35.000Z", "ts_epoch_ms": 1780251275000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.17", "Location": "ID", "LocationDetails_country": "ID", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:15:05.000Z", "ts_epoch_ms": 1780251305000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.18", "Location": "PK", "LocationDetails_country": "PK", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:15:35.000Z", "ts_epoch_ms": 1780251335000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.19", "Location": "AR", "LocationDetails_country": "AR", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "curl/8.4.0", "DeviceDetail_os": "Linux"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:12:05.000Z", "ts_epoch_ms": 1780251125000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:12:15.000Z", "ts_epoch_ms": 1780251135000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:12:25.000Z", "ts_epoch_ms": 1780251145000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:12:35.000Z", "ts_epoch_ms": 1780251155000, "UserPrincipalName": "alice@contoso.com", "Identity": "alice@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:13:05.000Z", "ts_epoch_ms": 1780251185000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:13:15.000Z", "ts_epoch_ms": 1780251195000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:13:25.000Z", "ts_epoch_ms": 1780251205000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:13:35.000Z", "ts_epoch_ms": 1780251215000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:14:05.000Z", "ts_epoch_ms": 1780251245000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:14:15.000Z", "ts_epoch_ms": 1780251255000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:14:25.000Z", "ts_epoch_ms": 1780251265000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:14:35.000Z", "ts_epoch_ms": 1780251275000, "UserPrincipalName": "carol@contoso.com", "Identity": "carol@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:15:05.000Z", "ts_epoch_ms": 1780251305000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:15:15.000Z", "ts_epoch_ms": 1780251315000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:15:25.000Z", "ts_epoch_ms": 1780251325000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:15:35.000Z", "ts_epoch_ms": 1780251335000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:16:05.000Z", "ts_epoch_ms": 1780251365000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:16:15.000Z", "ts_epoch_ms": 1780251375000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:16:25.000Z", "ts_epoch_ms": 1780251385000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:16:35.000Z", "ts_epoch_ms": 1780251395000, "UserPrincipalName": "eve@contoso.com", "Identity": "eve@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:17:05.000Z", "ts_epoch_ms": 1780251425000, "UserPrincipalName": "frank@contoso.com", "Identity": "frank@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:17:15.000Z", "ts_epoch_ms": 1780251435000, "UserPrincipalName": "frank@contoso.com", "Identity": "frank@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:17:25.000Z", "ts_epoch_ms": 1780251445000, "UserPrincipalName": "frank@contoso.com", "Identity": "frank@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:17:35.000Z", "ts_epoch_ms": 1780251455000, "UserPrincipalName": "frank@contoso.com", "Identity": "frank@contoso.com", "AppDisplayName": "Office 365 Exchange Online", "ResultType": 50126, "ResultDescription": "Invalid username or password", "IPAddress": "198.51.100.7", "Location": "RU", "LocationDetails_country": "RU", "LocationDetails_state": "NA", "LocationDetails_city": "Moscow", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:10:35.000Z", "ts_epoch_ms": 1780251035000, "UserPrincipalName": "dave@contoso.com", "Identity": "dave@contoso.com", "AppDisplayName": "Azure Portal", "ResultType": 0, "IPAddress": "203.0.113.99", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "BE", "LocationDetails_city": "Berlin", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:10:25.000Z", "ts_epoch_ms": 1780251025000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.60", "Location": "FR", "LocationDetails_country": "FR", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:10:30.000Z", "ts_epoch_ms": 1780251030000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.61", "Location": "DE", "LocationDetails_country": "DE", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:10:35.000Z", "ts_epoch_ms": 1780251035000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.62", "Location": "IT", "LocationDetails_country": "IT", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "SigninLogs", "TimeGenerated": "2026-05-31T18:10:40.000Z", "ts_epoch_ms": 1780251040000, "UserPrincipalName": "bob@contoso.com", "Identity": "bob@contoso.com", "AppDisplayName": "Microsoft Teams", "ResultType": 0, "IPAddress": "10.0.0.63", "Location": "ES", "LocationDetails_country": "ES", "LocationDetails_state": "NA", "LocationDetails_city": "NA", "UserAgent": "Mozilla/5.0 (Windows NT 10.0) Edge/120.0", "DeviceDetail_os": "Windows 10"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T12:10:05.000Z", "ts_epoch_ms": 1780229405000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-0", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T12:40:05.000Z", "ts_epoch_ms": 1780231205000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-1", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T13:10:05.000Z", "ts_epoch_ms": 1780233005000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-2", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T13:40:05.000Z", "ts_epoch_ms": 1780234805000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-3", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T14:10:05.000Z", "ts_epoch_ms": 1780236605000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-4", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T14:40:05.000Z", "ts_epoch_ms": 1780238405000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-5", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T15:10:05.000Z", "ts_epoch_ms": 1780240205000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-6", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T15:40:05.000Z", "ts_epoch_ms": 1780242005000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-7", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T16:10:05.000Z", "ts_epoch_ms": 1780243805000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-8", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T16:40:05.000Z", "ts_epoch_ms": 1780245605000, "OperationName": "Update user", "Category": "UserManagement", "CorrelationId": "base-9", "InitiatedBy_app_displayName": "HR-Sync", "InitiatedBy_app_ipAddress": "10.0.0.5", "InitiatedBy_user_userPrincipalName": null, "InitiatedBy_user_ipAddress": null, "TargetResources_0_userPrincipalName": "alice@contoso.com", "TargetResources_0_displayName": "alice"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T18:13:05.000Z", "ts_epoch_ms": 1780251185000, "OperationName": "Add service principal", "Category": "ApplicationManagement", "CorrelationId": "corr-priv-esc-1", "InitiatedBy_app_displayName": null, "InitiatedBy_app_ipAddress": null, "InitiatedBy_user_userPrincipalName": "dave@contoso.com", "InitiatedBy_user_ipAddress": "203.0.113.99", "TargetResources_0_userPrincipalName": "svcprincipal@contoso.com", "TargetResources_0_displayName": "SuspiciousApp"}
{"event_type": "AuditLogs", "TimeGenerated": "2026-05-31T18:14:05.000Z", "ts_epoch_ms": 1780251245000, "OperationName": "Consent to application", "Category": "ApplicationManagement", "CorrelationId": "corr-consent-1", "InitiatedBy_app_displayName": null, "InitiatedBy_app_ipAddress": null, "InitiatedBy_user_userPrincipalName": "eve@contoso.com", "InitiatedBy_user_ipAddress": "203.0.113.10", "TargetResources_0_userPrincipalName": "eve@contoso.com", "TargetResources_0_displayName": "MaliciousOAuthApp"}
{"event_type": "AzureActivity", "TimeGenerated": "2026-05-31T18:15:05.000Z", "ts_epoch_ms": 1780251305000, "OperationNameValue": "microsoft.compute/snapshots/write", "ActivityStatusValue": "Success", "CallerIpAddress": "198.51.100.50", "Caller": "attacker@external.com", "CorrelationId": "az-corr-0", "ResourceGroup": "prod-rg", "SubscriptionId": "sub-001"}
{"event_type": "AzureActivity", "TimeGenerated": "2026-05-31T18:15:35.000Z", "ts_epoch_ms": 1780251335000, "OperationNameValue": "microsoft.compute/snapshots/write", "ActivityStatusValue": "Success", "CallerIpAddress": "198.51.100.50", "Caller": "attacker@external.com", "CorrelationId": "az-corr-1", "ResourceGroup": "prod-rg", "SubscriptionId": "sub-001"}
{"event_type": "AzureActivity", "TimeGenerated": "2026-05-31T18:16:05.000Z", "ts_epoch_ms": 1780251365000, "OperationNameValue": "microsoft.compute/snapshots/write", "ActivityStatusValue": "Success", "CallerIpAddress": "198.51.100.50", "Caller": "attacker@external.com", "CorrelationId": "az-corr-2", "ResourceGroup": "prod-rg", "SubscriptionId": "sub-001"}
{"event_type": "AzureActivity", "TimeGenerated": "2026-05-31T18:16:35.000Z", "ts_epoch_ms": 1780251395000, "OperationNameValue": "microsoft.compute/snapshots/write", "ActivityStatusValue": "Success", "CallerIpAddress": "198.51.100.50", "Caller": "attacker@external.com", "CorrelationId": "az-corr-3", "ResourceGroup": "prod-rg", "SubscriptionId": "sub-001"}
{"event_type": "AzureActivity", "TimeGenerated": "2026-05-31T18:17:05.000Z", "ts_epoch_ms": 1780251425000, "OperationNameValue": "microsoft.compute/snapshots/write", "ActivityStatusValue": "Success", "CallerIpAddress": "198.51.100.50", "Caller": "attacker@external.com", "CorrelationId": "az-corr-4", "ResourceGroup": "prod-rg", "SubscriptionId": "sub-001"}
{"event_type": "AzureActivity", "TimeGenerated": "2026-05-31T18:17:35.000Z", "ts_epoch_ms": 1780251455000, "OperationNameValue": "microsoft.compute/snapshots/write", "ActivityStatusValue": "Success", "CallerIpAddress": "198.51.100.50", "Caller": "attacker@external.com", "CorrelationId": "az-corr-5", "ResourceGroup": "prod-rg", "SubscriptionId": "sub-001"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T12:10:05.000Z", "ts_epoch_ms": 1780229405000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.10", "SourcePort": 49000, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T12:25:05.000Z", "ts_epoch_ms": 1780230305000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.11", "SourcePort": 49001, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T12:40:05.000Z", "ts_epoch_ms": 1780231205000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.12", "SourcePort": 49002, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T12:55:05.000Z", "ts_epoch_ms": 1780232105000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.13", "SourcePort": 49003, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T13:10:05.000Z", "ts_epoch_ms": 1780233005000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.14", "SourcePort": 49004, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T13:25:05.000Z", "ts_epoch_ms": 1780233905000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.15", "SourcePort": 49005, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T13:40:05.000Z", "ts_epoch_ms": 1780234805000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.16", "SourcePort": 49006, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T13:55:05.000Z", "ts_epoch_ms": 1780235705000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.17", "SourcePort": 49007, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T14:10:05.000Z", "ts_epoch_ms": 1780236605000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.18", "SourcePort": 49008, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T14:25:05.000Z", "ts_epoch_ms": 1780237505000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.19", "SourcePort": 49009, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T14:40:05.000Z", "ts_epoch_ms": 1780238405000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.20", "SourcePort": 49010, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T14:55:05.000Z", "ts_epoch_ms": 1780239305000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.21", "SourcePort": 49011, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T15:10:05.000Z", "ts_epoch_ms": 1780240205000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.22", "SourcePort": 49012, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T15:25:05.000Z", "ts_epoch_ms": 1780241105000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.23", "SourcePort": 49013, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T15:40:05.000Z", "ts_epoch_ms": 1780242005000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.24", "SourcePort": 49014, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T15:55:05.000Z", "ts_epoch_ms": 1780242905000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.25", "SourcePort": 49015, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T16:10:05.000Z", "ts_epoch_ms": 1780243805000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.26", "SourcePort": 49016, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T16:25:05.000Z", "ts_epoch_ms": 1780244705000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.27", "SourcePort": 49017, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T16:40:05.000Z", "ts_epoch_ms": 1780245605000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.28", "SourcePort": 49018, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T16:55:05.000Z", "ts_epoch_ms": 1780246505000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "alice", "SourceIP": "10.0.1.29", "SourcePort": 49019, "DestinationIP": "142.250.74.110", "DestinationPort": 443, "SentBytes": 2048, "ReceivedBytes": 16384, "Message": "allow web access to 142.250.74.110", "DeviceEventClassID": "end", "LogSeverity": 3, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:10:05.000Z", "ts_epoch_ms": 1780251005000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51000, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:11:05.000Z", "ts_epoch_ms": 1780251065000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51001, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:12:05.000Z", "ts_epoch_ms": 1780251125000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51002, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:13:05.000Z", "ts_epoch_ms": 1780251185000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51003, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:14:05.000Z", "ts_epoch_ms": 1780251245000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51004, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:15:05.000Z", "ts_epoch_ms": 1780251305000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51005, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:16:05.000Z", "ts_epoch_ms": 1780251365000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51006, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:17:05.000Z", "ts_epoch_ms": 1780251425000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51007, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:18:05.000Z", "ts_epoch_ms": 1780251485000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51008, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:19:05.000Z", "ts_epoch_ms": 1780251545000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51009, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:20:05.000Z", "ts_epoch_ms": 1780251605000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51010, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:21:05.000Z", "ts_epoch_ms": 1780251665000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51011, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:22:05.000Z", "ts_epoch_ms": 1780251725000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51012, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:23:05.000Z", "ts_epoch_ms": 1780251785000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51013, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:24:05.000Z", "ts_epoch_ms": 1780251845000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51014, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:25:05.000Z", "ts_epoch_ms": 1780251905000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51015, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:26:05.000Z", "ts_epoch_ms": 1780251965000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51016, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:27:05.000Z", "ts_epoch_ms": 1780252025000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51017, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:28:05.000Z", "ts_epoch_ms": 1780252085000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51018, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:29:05.000Z", "ts_epoch_ms": 1780252145000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51019, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:30:05.000Z", "ts_epoch_ms": 1780252205000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51020, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:31:05.000Z", "ts_epoch_ms": 1780252265000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51021, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:32:05.000Z", "ts_epoch_ms": 1780252325000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51022, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:33:05.000Z", "ts_epoch_ms": 1780252385000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51023, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:34:05.000Z", "ts_epoch_ms": 1780252445000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51024, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:35:05.000Z", "ts_epoch_ms": 1780252505000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51025, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:36:05.000Z", "ts_epoch_ms": 1780252565000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51026, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:37:05.000Z", "ts_epoch_ms": 1780252625000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51027, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:38:05.000Z", "ts_epoch_ms": 1780252685000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51028, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:39:05.000Z", "ts_epoch_ms": 1780252745000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51029, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:40:05.000Z", "ts_epoch_ms": 1780252805000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51030, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:41:05.000Z", "ts_epoch_ms": 1780252865000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51031, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:42:05.000Z", "ts_epoch_ms": 1780252925000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51032, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:43:05.000Z", "ts_epoch_ms": 1780252985000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51033, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:44:05.000Z", "ts_epoch_ms": 1780253045000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51034, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:45:05.000Z", "ts_epoch_ms": 1780253105000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51035, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:46:05.000Z", "ts_epoch_ms": 1780253165000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51036, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:47:05.000Z", "ts_epoch_ms": 1780253225000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51037, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:48:05.000Z", "ts_epoch_ms": 1780253285000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51038, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:49:05.000Z", "ts_epoch_ms": 1780253345000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51039, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:50:05.000Z", "ts_epoch_ms": 1780253405000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51040, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:51:05.000Z", "ts_epoch_ms": 1780253465000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51041, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:52:05.000Z", "ts_epoch_ms": 1780253525000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51042, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:53:05.000Z", "ts_epoch_ms": 1780253585000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51043, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:54:05.000Z", "ts_epoch_ms": 1780253645000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51044, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:55:05.000Z", "ts_epoch_ms": 1780253705000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51045, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:56:05.000Z", "ts_epoch_ms": 1780253765000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51046, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:57:05.000Z", "ts_epoch_ms": 1780253825000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51047, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:58:05.000Z", "ts_epoch_ms": 1780253885000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51048, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:59:05.000Z", "ts_epoch_ms": 1780253945000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51049, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:00:05.000Z", "ts_epoch_ms": 1780254005000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51050, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:01:05.000Z", "ts_epoch_ms": 1780254065000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51051, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:02:05.000Z", "ts_epoch_ms": 1780254125000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51052, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:03:05.000Z", "ts_epoch_ms": 1780254185000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51053, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:04:05.000Z", "ts_epoch_ms": 1780254245000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51054, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:05:05.000Z", "ts_epoch_ms": 1780254305000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51055, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:06:05.000Z", "ts_epoch_ms": 1780254365000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51056, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:07:05.000Z", "ts_epoch_ms": 1780254425000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51057, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:08:05.000Z", "ts_epoch_ms": 1780254485000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51058, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T19:09:05.000Z", "ts_epoch_ms": 1780254545000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "dave", "SourceIP": "10.0.2.42", "SourcePort": 51059, "DestinationIP": "185.220.101.7", "DestinationPort": 8443, "SentBytes": 512, "ReceivedBytes": 128, "Message": "beacon to C2 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:18:25.000Z", "ts_epoch_ms": 1780251505000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "carol", "SourceIP": "10.0.3.11", "SourcePort": 49888, "DestinationIP": "185.220.101.7", "DestinationPort": 443, "SentBytes": 1024, "ReceivedBytes": 2048, "Message": "allow access to 185.220.101.7", "DeviceEventClassID": "end", "LogSeverity": 5, "DeviceAction": "allow", "DeviceProduct": "PAN-OS"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:21:45.000Z", "ts_epoch_ms": 1780251705000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "-", "SourceIP": "198.51.100.7", "SourcePort": 44000, "DestinationIP": "10.0.0.10", "DestinationPort": 443, "SentBytes": 256, "ReceivedBytes": 512, "Message": "deny session from 198.51.100.7", "DeviceEventClassID": "deny", "LogSeverity": 6, "DeviceAction": "deny", "DeviceProduct": "PAN-OS", "AdditionalExtensions": "src=198.51.100.7 dst=10.0.0.10"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:22:45.000Z", "ts_epoch_ms": 1780251765000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "-", "SourceIP": "198.51.100.7", "SourcePort": 44001, "DestinationIP": "10.0.0.10", "DestinationPort": 443, "SentBytes": 256, "ReceivedBytes": 512, "Message": "deny session from 198.51.100.7", "DeviceEventClassID": "deny", "LogSeverity": 6, "DeviceAction": "deny", "DeviceProduct": "PAN-OS", "AdditionalExtensions": "src=198.51.100.7 dst=10.0.0.10"}
{"event_type": "CommonSecurityLog", "TimeGenerated": "2026-05-31T18:23:45.000Z", "ts_epoch_ms": 1780251825000, "DeviceVendor": "Palo Alto Networks", "Activity": "TRAFFIC", "DeviceName": "pa-fw-01", "SourceUserID": "-", "SourceIP": "198.51.100.7", "SourcePort": 44002, "DestinationIP": "10.0.0.10", "DestinationPort": 443, "SentBytes": 256, "ReceivedBytes": 512, "Message": "deny session from 198.51.100.7", "DeviceEventClassID": "deny", "LogSeverity": 6, "DeviceAction": "deny", "DeviceProduct": "PAN-OS", "AdditionalExtensions": "src=198.51.100.7 dst=10.0.0.10"}
{"event_type": "ThreatIntelIndicators", "TimeGenerated": "2026-05-31T13:10:05.000Z", "ts_epoch_ms": 1780233005000, "Id": "ti-ioc-001", "ObservableKey": "ipv4-addr:value", "ObservableValue": "185.220.101.7", "IsActive": true, "ValidUntil": "2026-06-30T20:10:05.000Z", "Confidence": 85, "Tags": "c2,tor-exit", "AdditionalFields_TLPLevel": "AMBER"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:10:05.000Z", "ts_epoch_ms": 1780229405000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:18:05.000Z", "ts_epoch_ms": 1780229885000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:26:05.000Z", "ts_epoch_ms": 1780230365000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:34:05.000Z", "ts_epoch_ms": 1780230845000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:42:05.000Z", "ts_epoch_ms": 1780231325000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:50:05.000Z", "ts_epoch_ms": 1780231805000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:58:05.000Z", "ts_epoch_ms": 1780232285000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:06:05.000Z", "ts_epoch_ms": 1780232765000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:14:05.000Z", "ts_epoch_ms": 1780233245000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:22:05.000Z", "ts_epoch_ms": 1780233725000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:30:05.000Z", "ts_epoch_ms": 1780234205000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:38:05.000Z", "ts_epoch_ms": 1780234685000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:46:05.000Z", "ts_epoch_ms": 1780235165000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:54:05.000Z", "ts_epoch_ms": 1780235645000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:02:05.000Z", "ts_epoch_ms": 1780236125000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:10:05.000Z", "ts_epoch_ms": 1780236605000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:18:05.000Z", "ts_epoch_ms": 1780237085000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:26:05.000Z", "ts_epoch_ms": 1780237565000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:34:05.000Z", "ts_epoch_ms": 1780238045000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:42:05.000Z", "ts_epoch_ms": 1780238525000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:50:05.000Z", "ts_epoch_ms": 1780239005000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:58:05.000Z", "ts_epoch_ms": 1780239485000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:06:05.000Z", "ts_epoch_ms": 1780239965000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:14:05.000Z", "ts_epoch_ms": 1780240445000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:22:05.000Z", "ts_epoch_ms": 1780240925000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:30:05.000Z", "ts_epoch_ms": 1780241405000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:38:05.000Z", "ts_epoch_ms": 1780241885000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:46:05.000Z", "ts_epoch_ms": 1780242365000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:54:05.000Z", "ts_epoch_ms": 1780242845000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:02:05.000Z", "ts_epoch_ms": 1780243325000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:10:05.000Z", "ts_epoch_ms": 1780243805000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:18:05.000Z", "ts_epoch_ms": 1780244285000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:26:05.000Z", "ts_epoch_ms": 1780244765000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:34:05.000Z", "ts_epoch_ms": 1780245245000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:42:05.000Z", "ts_epoch_ms": 1780245725000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:50:05.000Z", "ts_epoch_ms": 1780246205000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:58:05.000Z", "ts_epoch_ms": 1780246685000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T17:06:05.000Z", "ts_epoch_ms": 1780247165000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T17:14:05.000Z", "ts_epoch_ms": 1780247645000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T17:22:05.000Z", "ts_epoch_ms": 1780248125000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T18:25:05.000Z", "ts_epoch_ms": 1780251905000, "EventID": 4688, "Computer": "WIN-WS02", "Account": "CONTOSO\\dave", "NewProcessName": "C:\\Users\\dave\\AppData\\Local\\Temp\\mimikatz.exe", "CommandLine": "mimikatz.exe sekurlsa::logonpasswords", "ParentProcessName": "C:\\Windows\\System32\\cmd.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T18:27:36.000Z", "ts_epoch_ms": 1780252056000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\svchost.exe", "CommandLine": "\"svchost.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T18:27:40.000Z", "ts_epoch_ms": 1780252060000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\explorer.exe", "CommandLine": "\"explorer.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T18:28:20.000Z", "ts_epoch_ms": 1780252100000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\chrome.exe", "CommandLine": "\"chrome.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T18:26:56.000Z", "ts_epoch_ms": 1780252016000, "EventID": 4688, "Computer": "WIN-WS01", "Account": "CONTOSO\\alice", "NewProcessName": "C:\\Windows\\System32\\outlook.exe", "CommandLine": "\"outlook.exe\"", "ParentProcessName": "C:\\Windows\\explorer.exe"}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:10:05.000Z", "ts_epoch_ms": 1780229405000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:30:05.000Z", "ts_epoch_ms": 1780230605000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T12:50:05.000Z", "ts_epoch_ms": 1780231805000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:10:05.000Z", "ts_epoch_ms": 1780233005000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:30:05.000Z", "ts_epoch_ms": 1780234205000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T13:50:05.000Z", "ts_epoch_ms": 1780235405000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:10:05.000Z", "ts_epoch_ms": 1780236605000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:30:05.000Z", "ts_epoch_ms": 1780237805000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T14:50:05.000Z", "ts_epoch_ms": 1780239005000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:10:05.000Z", "ts_epoch_ms": 1780240205000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:30:05.000Z", "ts_epoch_ms": 1780241405000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T15:50:05.000Z", "ts_epoch_ms": 1780242605000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:10:05.000Z", "ts_epoch_ms": 1780243805000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:30:05.000Z", "ts_epoch_ms": 1780245005000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T16:50:05.000Z", "ts_epoch_ms": 1780246205000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "2 - Interactive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "WIN-WS01", "IpAddress": "10.0.0.20", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "-", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": false}
{"event_type": "SecurityEvent", "TimeGenerated": "2026-05-31T18:11:05.000Z", "ts_epoch_ms": 1780251065000, "EventID": 4624, "Activity": "An account was successfully logged on", "LogonTypeName": "10 - RemoteInteractive", "AccountType": "User", "TargetUserName": "CONTOSO\\alice", "TargetDomainName": "CONTOSO", "SubjectUserName": "alice", "Computer": "WIN-WS01", "WorkstationName": "ATTACKER-PC", "IpAddress": "198.51.100.7", "ProcessName": "C:\\Windows\\System32\\winlogon.exe", "PrivilegeList": "SeDebugPrivilege", "Status": "0x0", "SubStatus": "0x0", "is_off_hours": true}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T13:10:05.000Z", "ts_epoch_ms": 1780233005000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "OneDrive/22.0", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/report.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T14:40:05.000Z", "ts_epoch_ms": 1780238405000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "OneDrive/22.0", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/report.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T16:10:05.000Z", "ts_epoch_ms": 1780243805000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "OneDrive/22.0", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/report.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:05.000Z", "ts_epoch_ms": 1780251305000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-0.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:07.000Z", "ts_epoch_ms": 1780251307000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-1.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:09.000Z", "ts_epoch_ms": 1780251309000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-2.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:11.000Z", "ts_epoch_ms": 1780251311000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-3.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:13.000Z", "ts_epoch_ms": 1780251313000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-4.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:15.000Z", "ts_epoch_ms": 1780251315000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-5.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:17.000Z", "ts_epoch_ms": 1780251317000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-6.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:19.000Z", "ts_epoch_ms": 1780251319000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-7.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:21.000Z", "ts_epoch_ms": 1780251321000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-8.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:23.000Z", "ts_epoch_ms": 1780251323000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-9.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:25.000Z", "ts_epoch_ms": 1780251325000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-10.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:27.000Z", "ts_epoch_ms": 1780251327000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-11.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:29.000Z", "ts_epoch_ms": 1780251329000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-12.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:31.000Z", "ts_epoch_ms": 1780251331000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-13.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:33.000Z", "ts_epoch_ms": 1780251333000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-14.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:35.000Z", "ts_epoch_ms": 1780251335000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-15.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:37.000Z", "ts_epoch_ms": 1780251337000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-16.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:39.000Z", "ts_epoch_ms": 1780251339000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-17.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:41.000Z", "ts_epoch_ms": 1780251341000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-18.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:43.000Z", "ts_epoch_ms": 1780251343000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-19.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:45.000Z", "ts_epoch_ms": 1780251345000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-20.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:47.000Z", "ts_epoch_ms": 1780251347000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-21.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:49.000Z", "ts_epoch_ms": 1780251349000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-22.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:51.000Z", "ts_epoch_ms": 1780251351000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-23.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:53.000Z", "ts_epoch_ms": 1780251353000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-24.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:55.000Z", "ts_epoch_ms": 1780251355000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-25.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:57.000Z", "ts_epoch_ms": 1780251357000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-26.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:15:59.000Z", "ts_epoch_ms": 1780251359000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-27.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:01.000Z", "ts_epoch_ms": 1780251361000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-28.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:03.000Z", "ts_epoch_ms": 1780251363000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-29.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:05.000Z", "ts_epoch_ms": 1780251365000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-30.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:07.000Z", "ts_epoch_ms": 1780251367000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-31.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:09.000Z", "ts_epoch_ms": 1780251369000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-32.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:11.000Z", "ts_epoch_ms": 1780251371000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-33.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:13.000Z", "ts_epoch_ms": 1780251373000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-34.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:15.000Z", "ts_epoch_ms": 1780251375000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-35.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:17.000Z", "ts_epoch_ms": 1780251377000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-36.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:19.000Z", "ts_epoch_ms": 1780251379000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-37.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:21.000Z", "ts_epoch_ms": 1780251381000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-38.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:23.000Z", "ts_epoch_ms": 1780251383000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-39.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:25.000Z", "ts_epoch_ms": 1780251385000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-40.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:27.000Z", "ts_epoch_ms": 1780251387000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-41.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:29.000Z", "ts_epoch_ms": 1780251389000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-42.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:31.000Z", "ts_epoch_ms": 1780251391000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-43.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:33.000Z", "ts_epoch_ms": 1780251393000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-44.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:35.000Z", "ts_epoch_ms": 1780251395000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-45.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:37.000Z", "ts_epoch_ms": 1780251397000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-46.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:39.000Z", "ts_epoch_ms": 1780251399000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-47.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:41.000Z", "ts_epoch_ms": 1780251401000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-48.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:43.000Z", "ts_epoch_ms": 1780251403000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-49.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:45.000Z", "ts_epoch_ms": 1780251405000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-50.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:47.000Z", "ts_epoch_ms": 1780251407000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-51.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:49.000Z", "ts_epoch_ms": 1780251409000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-52.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:51.000Z", "ts_epoch_ms": 1780251411000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-53.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:53.000Z", "ts_epoch_ms": 1780251413000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-54.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:55.000Z", "ts_epoch_ms": 1780251415000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-55.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:57.000Z", "ts_epoch_ms": 1780251417000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-56.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:16:59.000Z", "ts_epoch_ms": 1780251419000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-57.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:01.000Z", "ts_epoch_ms": 1780251421000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-58.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:03.000Z", "ts_epoch_ms": 1780251423000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-59.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:05.000Z", "ts_epoch_ms": 1780251425000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-60.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:07.000Z", "ts_epoch_ms": 1780251427000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-61.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:09.000Z", "ts_epoch_ms": 1780251429000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-62.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:11.000Z", "ts_epoch_ms": 1780251431000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-63.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:13.000Z", "ts_epoch_ms": 1780251433000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-64.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:15.000Z", "ts_epoch_ms": 1780251435000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-65.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:17.000Z", "ts_epoch_ms": 1780251437000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-66.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:19.000Z", "ts_epoch_ms": 1780251439000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-67.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:21.000Z", "ts_epoch_ms": 1780251441000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-68.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:23.000Z", "ts_epoch_ms": 1780251443000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-69.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:25.000Z", "ts_epoch_ms": 1780251445000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-70.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:27.000Z", "ts_epoch_ms": 1780251447000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-71.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:29.000Z", "ts_epoch_ms": 1780251449000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-72.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:31.000Z", "ts_epoch_ms": 1780251451000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-73.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:33.000Z", "ts_epoch_ms": 1780251453000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-74.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:35.000Z", "ts_epoch_ms": 1780251455000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-75.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:37.000Z", "ts_epoch_ms": 1780251457000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-76.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:39.000Z", "ts_epoch_ms": 1780251459000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-77.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:41.000Z", "ts_epoch_ms": 1780251461000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-78.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:43.000Z", "ts_epoch_ms": 1780251463000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-79.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:45.000Z", "ts_epoch_ms": 1780251465000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-80.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:47.000Z", "ts_epoch_ms": 1780251467000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-81.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:49.000Z", "ts_epoch_ms": 1780251469000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-82.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:51.000Z", "ts_epoch_ms": 1780251471000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-83.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:53.000Z", "ts_epoch_ms": 1780251473000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-84.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:55.000Z", "ts_epoch_ms": 1780251475000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-85.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:57.000Z", "ts_epoch_ms": 1780251477000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-86.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:17:59.000Z", "ts_epoch_ms": 1780251479000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-87.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:01.000Z", "ts_epoch_ms": 1780251481000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-88.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:03.000Z", "ts_epoch_ms": 1780251483000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-89.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:05.000Z", "ts_epoch_ms": 1780251485000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-90.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:07.000Z", "ts_epoch_ms": 1780251487000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-91.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:09.000Z", "ts_epoch_ms": 1780251489000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-92.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:11.000Z", "ts_epoch_ms": 1780251491000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-93.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:13.000Z", "ts_epoch_ms": 1780251493000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-94.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:15.000Z", "ts_epoch_ms": 1780251495000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-95.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:17.000Z", "ts_epoch_ms": 1780251497000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-96.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:19.000Z", "ts_epoch_ms": 1780251499000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-97.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:21.000Z", "ts_epoch_ms": 1780251501000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-98.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:23.000Z", "ts_epoch_ms": 1780251503000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-99.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:25.000Z", "ts_epoch_ms": 1780251505000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-100.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:27.000Z", "ts_epoch_ms": 1780251507000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-101.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:29.000Z", "ts_epoch_ms": 1780251509000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-102.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:31.000Z", "ts_epoch_ms": 1780251511000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-103.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:33.000Z", "ts_epoch_ms": 1780251513000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-104.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:35.000Z", "ts_epoch_ms": 1780251515000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-105.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:37.000Z", "ts_epoch_ms": 1780251517000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-106.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:39.000Z", "ts_epoch_ms": 1780251519000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-107.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:41.000Z", "ts_epoch_ms": 1780251521000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-108.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:43.000Z", "ts_epoch_ms": 1780251523000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-109.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:45.000Z", "ts_epoch_ms": 1780251525000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-110.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:47.000Z", "ts_epoch_ms": 1780251527000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-111.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:49.000Z", "ts_epoch_ms": 1780251529000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-112.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:51.000Z", "ts_epoch_ms": 1780251531000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-113.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:53.000Z", "ts_epoch_ms": 1780251533000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-114.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:55.000Z", "ts_epoch_ms": 1780251535000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-115.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:57.000Z", "ts_epoch_ms": 1780251537000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-116.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:18:59.000Z", "ts_epoch_ms": 1780251539000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-117.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:01.000Z", "ts_epoch_ms": 1780251541000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-118.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:03.000Z", "ts_epoch_ms": 1780251543000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-119.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:05.000Z", "ts_epoch_ms": 1780251545000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-120.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:07.000Z", "ts_epoch_ms": 1780251547000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-121.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:09.000Z", "ts_epoch_ms": 1780251549000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-122.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:11.000Z", "ts_epoch_ms": 1780251551000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-123.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:13.000Z", "ts_epoch_ms": 1780251553000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-124.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:15.000Z", "ts_epoch_ms": 1780251555000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-125.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:17.000Z", "ts_epoch_ms": 1780251557000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-126.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:19.000Z", "ts_epoch_ms": 1780251559000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-127.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:21.000Z", "ts_epoch_ms": 1780251561000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-128.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:23.000Z", "ts_epoch_ms": 1780251563000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-129.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:25.000Z", "ts_epoch_ms": 1780251565000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-130.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:27.000Z", "ts_epoch_ms": 1780251567000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-131.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:29.000Z", "ts_epoch_ms": 1780251569000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-132.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:31.000Z", "ts_epoch_ms": 1780251571000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-133.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:33.000Z", "ts_epoch_ms": 1780251573000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-134.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:35.000Z", "ts_epoch_ms": 1780251575000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-135.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:37.000Z", "ts_epoch_ms": 1780251577000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-136.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:39.000Z", "ts_epoch_ms": 1780251579000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-137.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:41.000Z", "ts_epoch_ms": 1780251581000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-138.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:43.000Z", "ts_epoch_ms": 1780251583000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-139.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:45.000Z", "ts_epoch_ms": 1780251585000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-140.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:47.000Z", "ts_epoch_ms": 1780251587000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-141.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:49.000Z", "ts_epoch_ms": 1780251589000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-142.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:51.000Z", "ts_epoch_ms": 1780251591000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-143.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:53.000Z", "ts_epoch_ms": 1780251593000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-144.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:55.000Z", "ts_epoch_ms": 1780251595000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-145.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:57.000Z", "ts_epoch_ms": 1780251597000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-146.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:19:59.000Z", "ts_epoch_ms": 1780251599000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-147.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:01.000Z", "ts_epoch_ms": 1780251601000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-148.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:03.000Z", "ts_epoch_ms": 1780251603000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-149.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:05.000Z", "ts_epoch_ms": 1780251605000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-150.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:07.000Z", "ts_epoch_ms": 1780251607000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-151.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:09.000Z", "ts_epoch_ms": 1780251609000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-152.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:11.000Z", "ts_epoch_ms": 1780251611000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-153.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:13.000Z", "ts_epoch_ms": 1780251613000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-154.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:15.000Z", "ts_epoch_ms": 1780251615000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-155.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:17.000Z", "ts_epoch_ms": 1780251617000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-156.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:19.000Z", "ts_epoch_ms": 1780251619000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-157.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:21.000Z", "ts_epoch_ms": 1780251621000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-158.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:23.000Z", "ts_epoch_ms": 1780251623000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-159.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:25.000Z", "ts_epoch_ms": 1780251625000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-160.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:27.000Z", "ts_epoch_ms": 1780251627000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-161.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:29.000Z", "ts_epoch_ms": 1780251629000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-162.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:31.000Z", "ts_epoch_ms": 1780251631000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-163.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:33.000Z", "ts_epoch_ms": 1780251633000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-164.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:35.000Z", "ts_epoch_ms": 1780251635000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-165.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:37.000Z", "ts_epoch_ms": 1780251637000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-166.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:39.000Z", "ts_epoch_ms": 1780251639000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-167.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:41.000Z", "ts_epoch_ms": 1780251641000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-168.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:43.000Z", "ts_epoch_ms": 1780251643000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-169.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:45.000Z", "ts_epoch_ms": 1780251645000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-170.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:47.000Z", "ts_epoch_ms": 1780251647000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-171.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:49.000Z", "ts_epoch_ms": 1780251649000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-172.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:51.000Z", "ts_epoch_ms": 1780251651000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-173.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:53.000Z", "ts_epoch_ms": 1780251653000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-174.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:55.000Z", "ts_epoch_ms": 1780251655000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-175.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:57.000Z", "ts_epoch_ms": 1780251657000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-176.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:20:59.000Z", "ts_epoch_ms": 1780251659000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-177.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:01.000Z", "ts_epoch_ms": 1780251661000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-178.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:03.000Z", "ts_epoch_ms": 1780251663000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-179.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:05.000Z", "ts_epoch_ms": 1780251665000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-180.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:07.000Z", "ts_epoch_ms": 1780251667000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-181.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:09.000Z", "ts_epoch_ms": 1780251669000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-182.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:11.000Z", "ts_epoch_ms": 1780251671000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-183.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:13.000Z", "ts_epoch_ms": 1780251673000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-184.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:15.000Z", "ts_epoch_ms": 1780251675000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-185.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:17.000Z", "ts_epoch_ms": 1780251677000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-186.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:19.000Z", "ts_epoch_ms": 1780251679000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-187.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:21.000Z", "ts_epoch_ms": 1780251681000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-188.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:23.000Z", "ts_epoch_ms": 1780251683000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-189.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:25.000Z", "ts_epoch_ms": 1780251685000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-190.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:27.000Z", "ts_epoch_ms": 1780251687000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-191.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:29.000Z", "ts_epoch_ms": 1780251689000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-192.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:31.000Z", "ts_epoch_ms": 1780251691000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-193.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:33.000Z", "ts_epoch_ms": 1780251693000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-194.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:35.000Z", "ts_epoch_ms": 1780251695000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-195.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:37.000Z", "ts_epoch_ms": 1780251697000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-196.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:39.000Z", "ts_epoch_ms": 1780251699000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-197.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:41.000Z", "ts_epoch_ms": 1780251701000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-198.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "OfficeActivity", "TimeGenerated": "2026-05-31T18:21:43.000Z", "ts_epoch_ms": 1780251703000, "RecordType": "SharePointFileOperation", "Operation": "FileDownloaded", "UserId": "dave@contoso.com", "UserType": "Regular", "Site_Url": "https://contoso.sharepoint.com/sites/finance", "ClientIP": "10.0.0.30", "UserAgent": "python-requests/2.31", "OfficeObjectId": "https://contoso.sharepoint.com/sites/finance/secret-199.xlsx", "OfficeWorkload": "SharePoint"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "Q4-Confidential.docx", "FolderPath": "C:\\Confidential\\Q4-Confidential.docx", "ActionType": "FileAccessed", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "Q4-Confidential.docx", "FolderPath": "C:\\Confidential\\Q4-Confidential.docx", "ActionType": "FileCopied", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "Q4-Confidential.docx", "FolderPath": "C:\\Confidential\\Q4-Confidential.docx", "ActionType": "FileMoved", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "MergerPlan.pdf", "FolderPath": "C:\\Confidential\\MergerPlan.pdf", "ActionType": "FileAccessed", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "MergerPlan.pdf", "FolderPath": "C:\\Confidential\\MergerPlan.pdf", "ActionType": "FileCopied", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "MergerPlan.pdf", "FolderPath": "C:\\Confidential\\MergerPlan.pdf", "ActionType": "FileMoved", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "RestrictedSalary.xlsx", "FolderPath": "C:\\Confidential\\RestrictedSalary.xlsx", "ActionType": "FileAccessed", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "RestrictedSalary.xlsx", "FolderPath": "C:\\Confidential\\RestrictedSalary.xlsx", "ActionType": "FileCopied", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
{"event_type": "DeviceFileEvents", "TimeGenerated": "2026-05-31T18:23:25.000Z", "ts_epoch_ms": 1780251805000, "FileName": "RestrictedSalary.xlsx", "FolderPath": "C:\\Confidential\\RestrictedSalary.xlsx", "ActionType": "FileMoved", "InitiatingProcessAccountName": "CONTOSO\\dave", "DeviceName": "WIN-WS02"}
Reference in New Issue View Git Blame Copy Permalink