-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into fix/CybereasonConnector
- Loading branch information
Showing
21 changed files
with
811 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # Changelog | ||
|
|
||
| All notable changes to this project will be documented in this file. | ||
|
|
||
| The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), | ||
| and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). | ||
|
|
||
| ## [Unreleased] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| sentinelone.identity.attackSurfaces: | ||
| description: '' | ||
| name: sentinelone.identity.attackSurfaces | ||
| type: keyword | ||
|
|
||
| sentinelone.identity.classification: | ||
| description: '' | ||
| name: sentinelone.identity.classification | ||
| type: keyword | ||
|
|
||
| sentinelone.identity.confidenceLevel: | ||
| description: '' | ||
| name: sentinelone.identity.confidenceLevel | ||
| type: keyword | ||
|
|
||
| sentinelone.identity.id: | ||
| description: '' | ||
| name: sentinelone.identity.id | ||
| type: keyword | ||
|
|
||
| sentinelone.identity.name: | ||
| description: '' | ||
| name: sentinelone.identity.name | ||
| type: keyword | ||
|
|
||
| sentinelone.identity.result: | ||
| description: '' | ||
| name: sentinelone.identity.result | ||
| type: keyword | ||
|
|
||
| sentinelone.identity.status: | ||
| description: '' | ||
| name: sentinelone.identity.status | ||
| type: keyword | ||
|
|
||
| sentinelone.identity.storyLineId: | ||
| description: '' | ||
| name: sentinelone.identity.storyLineId | ||
| type: keyword |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| uuid: b502e522-6996-4b12-9538-f69326b68243 | ||
| name: SentinelOne Singularity Identity [ALPHA] | ||
| slug: sentinelone-singularity-identity | ||
| automation_connector_uuid: 2d772558-821d-4663-87bd-af28bbb8415a | ||
| automation_module_uuid: ff675e74-e5c1-47c8-a571-d207fc297464 | ||
|
|
||
| description: >- | ||
| SentinelOne Singularity Identity is a cybersecurity solution that provides identity protection and zero-trust security by continuously monitoring and analyzing user behaviors to detect and prevent potential threats. | ||
| data_sources: | ||
| Application logs: activites performed on SentinelOne infrastructure are logged |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| [ | ||
| { | ||
| "value": "Alert defined {sentinelone.identity.name} with status {sentinelone.identity.status} on {process.command_line}", | ||
| "conditions": [ | ||
| { | ||
| "field": "sentinelone.identity.name" | ||
| }, | ||
| { | ||
| "field": "sentinelone.identity.status" | ||
| }, | ||
| { | ||
| "field": "process.command_line" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "value": "Alert defined {sentinelone.identity.name} with status {sentinelone.identity.status}", | ||
| "conditions": [ | ||
| { | ||
| "field": "sentinelone.identity.name" | ||
| }, | ||
| { | ||
| "field": "sentinelone.identity.status" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "value": "Alert defined {sentinelone.identity.name} on {process.command_line}", | ||
| "conditions": [ | ||
| { | ||
| "field": "sentinelone.identity.name" | ||
| }, | ||
| { | ||
| "field": "process.command_line" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "value": "Alert defined {sentinelone.identity.name}", | ||
| "conditions": [ | ||
| { | ||
| "field": "sentinelone.identity.name" | ||
| } | ||
| ] | ||
| } | ||
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| name: identity | ||
| pipeline: | ||
| - name: json_event | ||
| external: | ||
| name: json.parse-json | ||
| properties: | ||
| input_field: "{{original.message}}" | ||
|
|
||
| - name: detected_at | ||
| filter: "{{json_event.message.detectedAt != null}}" | ||
| external: | ||
| name: date.parse | ||
| properties: | ||
| input_field: "{{json_event.message.detectedAt}}" | ||
| output_field: timestamp | ||
|
|
||
| - name: started_at | ||
| filter: "{{json_event.message.firstSeenAt != null}}" | ||
| external: | ||
| name: date.parse | ||
| properties: | ||
| input_field: "{{json_event.message.firstSeenAt}}" | ||
| output_field: timestamp | ||
|
|
||
| - name: last_seen_at | ||
| filter: "{{json_event.message.lastSeenAt != null}}" | ||
| external: | ||
| name: date.parse | ||
| properties: | ||
| input_field: "{{json_event.message.lastSeenAt}}" | ||
| output_field: timestamp | ||
|
|
||
| - name: set_meta_fields | ||
| stages: | ||
| set_meta_fields: | ||
| actions: | ||
| - set: | ||
| event.kind: "alert" | ||
| event.category: "intrusion_detection" | ||
| event.type: "info" | ||
| observer.vendor: "SentinelOne" | ||
| observer.product: "Singularity Identity" | ||
|
|
||
| "@timestamp": "{{detected_at.timestamp}}" | ||
| event.start: "{{started_at.timestamp}}" | ||
| event.end: "{{last_seen_at.timestamp}}" | ||
|
|
||
| event.provider: "{{json_event.message.detectionSource.product}}" | ||
| event.reason: "{{json_event.message.description}}" | ||
|
|
||
| process.command_line: "{{json_event.message.process.cmdLine}}" | ||
| process.parent.name: "{{json_event.message.process.parentName}}" | ||
|
|
||
| process.executable: "{{json_event.message.process.file.path}}" | ||
| process.name: "{{json_event.message.process.file.path | basename}}" | ||
| process.hash.sha1: "{{json_event.message.process.file.sha1}}" | ||
| process.hash.sha256: "{{json_event.message.process.file.sha256}}" | ||
| process.hash.md5: "{{json_event.message.process.file.md5}}" | ||
|
|
||
| sentinelone.identity.id: "{{json_event.message.id}}" | ||
| sentinelone.identity.name: "{{json_event.message.name}}" | ||
| sentinelone.identity.attackSurfaces: "{{json_event.message.attackSurfaces}}" | ||
| sentinelone.identity.status: "{{json_event.message.status}}" | ||
| sentinelone.identity.classification: "{{json_event.message.classification}}" | ||
| sentinelone.identity.confidenceLevel: "{{json_event.message.confidenceLevel}}" | ||
| sentinelone.identity.result: "{{json_event.message.result}}" | ||
| sentinelone.identity.storyLineId: "{{json_event.message.storyLineId}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "input": { | ||
| "message": "{\n \"id\": \"ba485919-e4c1-4496-9e2f-feb320f6841a\",\n \"name\": \"Domain Controller Discovery Detected\",\n \"description\": \"This event is raised when there is a query from an endpoint to find the domain controllers or AD Servers in the Active Directory Domain.\",\n \"detectedAt\": \"2024-11-22T05:35:09.000Z\",\n \"attackSurfaces\": [\n \"IDENTITY\"\n ],\n \"detectionSource\": {\n \"product\": \"Identity\"\n },\n \"status\": \"NEW\",\n \"assignee\": null,\n \"classification\": \"ENUMERATION\",\n \"confidenceLevel\": \"MALICIOUS\",\n \"firstSeenAt\": \"2024-11-22T05:35:09.000Z\",\n \"lastSeenAt\": \"2024-11-22T05:35:09.000Z\",\n \"process\": {\n \"cmdLine\": \"C:\\\\Windows\\\\system32\\\\net1 group \\\"Domain Controllers\\\" /domain\",\n \"file\": {\n \"path\": \"c:\\\\windows\\\\system32\\\\net1.exe\",\n \"sha1\": null,\n \"sha256\": \"18F76BC1F02A161EBDEDF3142273C186D05A836ADDCAAEE599194089FD59F398\",\n \"md5\": null\n },\n \"parentName\": null\n },\n \"result\": null,\n \"storylineId\": null\n}" | ||
| }, | ||
| "expected": { | ||
| "message": "{\n \"id\": \"ba485919-e4c1-4496-9e2f-feb320f6841a\",\n \"name\": \"Domain Controller Discovery Detected\",\n \"description\": \"This event is raised when there is a query from an endpoint to find the domain controllers or AD Servers in the Active Directory Domain.\",\n \"detectedAt\": \"2024-11-22T05:35:09.000Z\",\n \"attackSurfaces\": [\n \"IDENTITY\"\n ],\n \"detectionSource\": {\n \"product\": \"Identity\"\n },\n \"status\": \"NEW\",\n \"assignee\": null,\n \"classification\": \"ENUMERATION\",\n \"confidenceLevel\": \"MALICIOUS\",\n \"firstSeenAt\": \"2024-11-22T05:35:09.000Z\",\n \"lastSeenAt\": \"2024-11-22T05:35:09.000Z\",\n \"process\": {\n \"cmdLine\": \"C:\\\\Windows\\\\system32\\\\net1 group \\\"Domain Controllers\\\" /domain\",\n \"file\": {\n \"path\": \"c:\\\\windows\\\\system32\\\\net1.exe\",\n \"sha1\": null,\n \"sha256\": \"18F76BC1F02A161EBDEDF3142273C186D05A836ADDCAAEE599194089FD59F398\",\n \"md5\": null\n },\n \"parentName\": null\n },\n \"result\": null,\n \"storylineId\": null\n}", | ||
| "event": { | ||
| "category": "intrusion_detection", | ||
| "end": "2024-11-22T05:35:09Z", | ||
| "kind": "alert", | ||
| "provider": "Identity", | ||
| "reason": "This event is raised when there is a query from an endpoint to find the domain controllers or AD Servers in the Active Directory Domain.", | ||
| "start": "2024-11-22T05:35:09Z", | ||
| "type": "info" | ||
| }, | ||
| "@timestamp": "2024-11-22T05:35:09Z", | ||
| "observer": { | ||
| "product": "Singularity Identity", | ||
| "vendor": "SentinelOne" | ||
| }, | ||
| "process": { | ||
| "command_line": "C:\\Windows\\system32\\net1 group \"Domain Controllers\" /domain", | ||
| "executable": "c:\\windows\\system32\\net1.exe", | ||
| "hash": { | ||
| "sha256": "18F76BC1F02A161EBDEDF3142273C186D05A836ADDCAAEE599194089FD59F398" | ||
| }, | ||
| "name": "net1.exe" | ||
| }, | ||
| "related": { | ||
| "hash": [ | ||
| "18F76BC1F02A161EBDEDF3142273C186D05A836ADDCAAEE599194089FD59F398" | ||
| ] | ||
| }, | ||
| "sentinelone": { | ||
| "identity": { | ||
| "attackSurfaces": [ | ||
| "IDENTITY" | ||
| ], | ||
| "classification": "ENUMERATION", | ||
| "confidenceLevel": "MALICIOUS", | ||
| "id": "ba485919-e4c1-4496-9e2f-feb320f6841a", | ||
| "name": "Domain Controller Discovery Detected", | ||
| "status": "NEW" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| { | ||
| "input": { | ||
| "message": "{\"id\": \"01935322-7b49-71f0-89e0-f52562c26e53\", \"name\": \"Brute force attack - Mass Account Lockout\", \"description\": \"This event is raised when ADAssessor detects lockout of multiple accounts, which could be due to brute-force attempts or a password spray.\", \"detectedAt\": \"2024-11-22T09:09:48.731Z\", \"attackSurfaces\": [\"IDENTITY\"], \"detectionSource\": {\"product\": \"Identity\"}, \"status\": \"NEW\", \"assignee\": null, \"classification\": \"UNKNOWN\", \"confidenceLevel\": \"MALICIOUS\", \"firstSeenAt\": \"2024-11-22T09:09:48.731Z\", \"lastSeenAt\": \"2024-11-22T09:09:48.731Z\", \"process\": null, \"result\": null, \"storylineId\": null}" | ||
| }, | ||
| "expected": { | ||
| "message": "{\"id\": \"01935322-7b49-71f0-89e0-f52562c26e53\", \"name\": \"Brute force attack - Mass Account Lockout\", \"description\": \"This event is raised when ADAssessor detects lockout of multiple accounts, which could be due to brute-force attempts or a password spray.\", \"detectedAt\": \"2024-11-22T09:09:48.731Z\", \"attackSurfaces\": [\"IDENTITY\"], \"detectionSource\": {\"product\": \"Identity\"}, \"status\": \"NEW\", \"assignee\": null, \"classification\": \"UNKNOWN\", \"confidenceLevel\": \"MALICIOUS\", \"firstSeenAt\": \"2024-11-22T09:09:48.731Z\", \"lastSeenAt\": \"2024-11-22T09:09:48.731Z\", \"process\": null, \"result\": null, \"storylineId\": null}", | ||
| "event": { | ||
| "category": "intrusion_detection", | ||
| "end": "2024-11-22T09:09:48.731000Z", | ||
| "kind": "alert", | ||
| "provider": "Identity", | ||
| "reason": "This event is raised when ADAssessor detects lockout of multiple accounts, which could be due to brute-force attempts or a password spray.", | ||
| "start": "2024-11-22T09:09:48.731000Z", | ||
| "type": "info" | ||
| }, | ||
| "@timestamp": "2024-11-22T09:09:48.731000Z", | ||
| "observer": { | ||
| "product": "Singularity Identity", | ||
| "vendor": "SentinelOne" | ||
| }, | ||
| "sentinelone": { | ||
| "identity": { | ||
| "attackSurfaces": [ | ||
| "IDENTITY" | ||
| ], | ||
| "classification": "UNKNOWN", | ||
| "confidenceLevel": "MALICIOUS", | ||
| "id": "01935322-7b49-71f0-89e0-f52562c26e53", | ||
| "name": "Brute force attack - Mass Account Lockout", | ||
| "status": "NEW" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "input": { | ||
| "message": "{\"id\": \"01935310-d00e-7616-81b9-fcb227ebb13d\", \"name\": \"Domain Controller Discovery Detected\", \"description\": \"This event is raised when there is a query from an endpoint to find the domain controllers or AD Servers in the Active Directory Domain.\", \"detectedAt\": \"2024-11-22T08:45:51.000Z\", \"attackSurfaces\": [\"IDENTITY\"], \"detectionSource\": {\"product\": \"Identity\"}, \"status\": \"NEW\", \"assignee\": null, \"classification\": \"ENUMERATION\", \"confidenceLevel\": \"MALICIOUS\", \"firstSeenAt\": \"2024-11-22T08:45:51.000Z\", \"lastSeenAt\": \"2024-11-22T08:45:51.000Z\", \"process\": {\"cmdLine\": \"Sharphound.exe\", \"file\": {\"path\": \"c:\\\\users\\\\administrator\\\\desktop\\\\ad_recon\\\\sharphound.exe\", \"sha1\": null, \"sha256\": \"61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863\", \"md5\": null}, \"parentName\": null}, \"result\": null, \"storylineId\": null}" | ||
| }, | ||
| "expected": { | ||
| "message": "{\"id\": \"01935310-d00e-7616-81b9-fcb227ebb13d\", \"name\": \"Domain Controller Discovery Detected\", \"description\": \"This event is raised when there is a query from an endpoint to find the domain controllers or AD Servers in the Active Directory Domain.\", \"detectedAt\": \"2024-11-22T08:45:51.000Z\", \"attackSurfaces\": [\"IDENTITY\"], \"detectionSource\": {\"product\": \"Identity\"}, \"status\": \"NEW\", \"assignee\": null, \"classification\": \"ENUMERATION\", \"confidenceLevel\": \"MALICIOUS\", \"firstSeenAt\": \"2024-11-22T08:45:51.000Z\", \"lastSeenAt\": \"2024-11-22T08:45:51.000Z\", \"process\": {\"cmdLine\": \"Sharphound.exe\", \"file\": {\"path\": \"c:\\\\users\\\\administrator\\\\desktop\\\\ad_recon\\\\sharphound.exe\", \"sha1\": null, \"sha256\": \"61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863\", \"md5\": null}, \"parentName\": null}, \"result\": null, \"storylineId\": null}", | ||
| "event": { | ||
| "category": "intrusion_detection", | ||
| "end": "2024-11-22T08:45:51Z", | ||
| "kind": "alert", | ||
| "provider": "Identity", | ||
| "reason": "This event is raised when there is a query from an endpoint to find the domain controllers or AD Servers in the Active Directory Domain.", | ||
| "start": "2024-11-22T08:45:51Z", | ||
| "type": "info" | ||
| }, | ||
| "@timestamp": "2024-11-22T08:45:51Z", | ||
| "observer": { | ||
| "product": "Singularity Identity", | ||
| "vendor": "SentinelOne" | ||
| }, | ||
| "process": { | ||
| "command_line": "Sharphound.exe", | ||
| "executable": "c:\\users\\administrator\\desktop\\ad_recon\\sharphound.exe", | ||
| "hash": { | ||
| "sha256": "61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863" | ||
| }, | ||
| "name": "sharphound.exe" | ||
| }, | ||
| "related": { | ||
| "hash": [ | ||
| "61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863" | ||
| ] | ||
| }, | ||
| "sentinelone": { | ||
| "identity": { | ||
| "attackSurfaces": [ | ||
| "IDENTITY" | ||
| ], | ||
| "classification": "ENUMERATION", | ||
| "confidenceLevel": "MALICIOUS", | ||
| "id": "01935310-d00e-7616-81b9-fcb227ebb13d", | ||
| "name": "Domain Controller Discovery Detected", | ||
| "status": "NEW" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "input": { | ||
| "message": "{\"id\": \"01935310-eb28-7a57-9c27-87843b2cec61\", \"name\": \"AD Service Account Enumeration Detected\", \"description\": \"This event is generated when LDAP queries for enumerating service accounts are detected from an endpoint.\", \"detectedAt\": \"2024-11-22T08:45:51.000Z\", \"attackSurfaces\": [\"IDENTITY\"], \"detectionSource\": {\"product\": \"Identity\"}, \"status\": \"NEW\", \"assignee\": null, \"classification\": \"ENUMERATION\", \"confidenceLevel\": \"MALICIOUS\", \"firstSeenAt\": \"2024-11-22T08:45:51.000Z\", \"lastSeenAt\": \"2024-11-22T08:45:51.000Z\", \"process\": {\"cmdLine\": \"Sharphound.exe\", \"file\": {\"path\": \"c:\\\\users\\\\administrator\\\\desktop\\\\ad_recon\\\\sharphound.exe\", \"sha1\": null, \"sha256\": \"61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863\", \"md5\": null}, \"parentName\": null}, \"result\": null, \"storylineId\": null}" | ||
| }, | ||
| "expected": { | ||
| "message": "{\"id\": \"01935310-eb28-7a57-9c27-87843b2cec61\", \"name\": \"AD Service Account Enumeration Detected\", \"description\": \"This event is generated when LDAP queries for enumerating service accounts are detected from an endpoint.\", \"detectedAt\": \"2024-11-22T08:45:51.000Z\", \"attackSurfaces\": [\"IDENTITY\"], \"detectionSource\": {\"product\": \"Identity\"}, \"status\": \"NEW\", \"assignee\": null, \"classification\": \"ENUMERATION\", \"confidenceLevel\": \"MALICIOUS\", \"firstSeenAt\": \"2024-11-22T08:45:51.000Z\", \"lastSeenAt\": \"2024-11-22T08:45:51.000Z\", \"process\": {\"cmdLine\": \"Sharphound.exe\", \"file\": {\"path\": \"c:\\\\users\\\\administrator\\\\desktop\\\\ad_recon\\\\sharphound.exe\", \"sha1\": null, \"sha256\": \"61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863\", \"md5\": null}, \"parentName\": null}, \"result\": null, \"storylineId\": null}", | ||
| "event": { | ||
| "category": "intrusion_detection", | ||
| "end": "2024-11-22T08:45:51Z", | ||
| "kind": "alert", | ||
| "provider": "Identity", | ||
| "reason": "This event is generated when LDAP queries for enumerating service accounts are detected from an endpoint.", | ||
| "start": "2024-11-22T08:45:51Z", | ||
| "type": "info" | ||
| }, | ||
| "@timestamp": "2024-11-22T08:45:51Z", | ||
| "observer": { | ||
| "product": "Singularity Identity", | ||
| "vendor": "SentinelOne" | ||
| }, | ||
| "process": { | ||
| "command_line": "Sharphound.exe", | ||
| "executable": "c:\\users\\administrator\\desktop\\ad_recon\\sharphound.exe", | ||
| "hash": { | ||
| "sha256": "61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863" | ||
| }, | ||
| "name": "sharphound.exe" | ||
| }, | ||
| "related": { | ||
| "hash": [ | ||
| "61F897ED69646E0509F6802FB2D7C5E88C3E3B93C4CA86942E24D203AA878863" | ||
| ] | ||
| }, | ||
| "sentinelone": { | ||
| "identity": { | ||
| "attackSurfaces": [ | ||
| "IDENTITY" | ||
| ], | ||
| "classification": "ENUMERATION", | ||
| "confidenceLevel": "MALICIOUS", | ||
| "id": "01935310-eb28-7a57-9c27-87843b2cec61", | ||
| "name": "AD Service Account Enumeration Detected", | ||
| "status": "NEW" | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.