Netskope Alerts & Events Pack

Edge Delta Pipeline Pack for Netskope Alerts & Events

Overview

The Edge Delta Netskope Alerts & Events Pack processes logs by parsing and categorizing them into various alert and event types for efficient routing and analysis.

Pack Description

1. Data Ingestion

The data flow starts with the Pack Source as the entry point into the pack where all logs begin their processing journey.

- name: Pack Source
  type: compound_input

2. Parse JSON Attributes

Logs are processed by the Parse JSON Attributes node.

- name: Parse JSON Attributes
  type: parse_json_attributes

This node transforms data by extracting JSON attributes, enabling finer analysis and routing based on those attributes. By parsing JSON attributes, you gain a structured view of logs.

3. Route

The logs are then routed using the Route node.

- name: Route
  type: route
  expression_type: ottl
  paths:
    - path: uba_alert
      condition: attributes["alert_type"] == "uba"
      exit_if_matched: true
    - path: compromised_credentials_alert
      condition: attributes["alert_type"] == "compromisedcredential"
      exit_if_matched: true
 ... <details omitted for brevity>
    - path: incidents_events
      condition: attributes["latest_incident_id"] == 0
      exit_if_matched: true

It directs log entries to different paths depending on the specified conditions using OTTL (Observability Telemetry Transformation Language) statements:

• Logs that have the attributes["alert_type"] field set to uba are routed on the uba_alert path.
• Logs that have the attributes["alert_type"] field set to compromisedcredential are routed on the compromised_credentials_alert path.
• Logs that have the attributes["alert_type"] field set to DLP are routed on the dlp_alert path.
• Logs that have the attributes["alert_type"] field set to policy are routed on the policy_alert path.
• Logs that have the attributes["alert_type"] field set to quarantine are routed on the quarantine_alerts path.
• Logs that have the attributes["alert_type"] field set to remediation are routed on the remediation_alerts path.
• Logs that have the attributes["alert_type"] field set to malware are routed on the malware_alerts path.
• Logs that have the attributes["alert_type"] field set to malsite are routed on the malsite_alerts path.
• Logs that have the attributes["alert_type"] field set to ctep are routed on the ctep_alerts path.
• Logs that have the attributes["alert_type"] field set to watchlist are routed on the watchlist_alerts path.
• Logs that have the attributes["alert_type"] field set to Security Assessment are routed on the security_assessment_alerts path.
• Logs that have the attributes["type"] field set to nspolicy are routed on the application_events path.
• Logs that have the attributes["type"] field set to network are routed on the network_events path.
• Logs that have the attributes["type"] field set to audit are routed on the audit_events path.
• Logs that have the attributes["type"] field set to connection are routed on the connection_events path.
• Logs that have the attributes["type"] field set to endpoint are routed on the endpoint_events path.
• Logs that have the attributes["type"] field set to page are routed on the page_events path.
• Logs that have the attributes["latest_incident_id"] field set to 0 are routed on the incidents_events path.

When a log meets a condition, it is routed and downstream conditions are not considered (exit_if_matched: true).

This modular approach allows for specialized processing based on specific alert or event types, facilitating better incident management and targeted response.

4. Output Nodes

Each path from the Route node corresponds to an output node that routes logs out of the pack for further processing. These output nodes collect logs based on their categorized type, enabling separate processing streams for each alert or event type. Finally, unmatched logs are routed to the Unknown - Passthrough node, capturing logs that don’t fit any predefined path conditions for analysis at a later time.

Sample Input

{"_id":"1657c5566973139b27357a8e23cf3a8703c4bca68ce210595e62a5dbdce7631c","access_method":"Client","acting_user":"leeroy.jenkins@test.com","activity":"Download","app":"Microsoft OneDrive","app_session_id": 3483912176895852000,"assignee":"None","connection_id": 2762431970988418600,"dlp_incident_id": 837324741664663800,"dlp_match_info": [{"dlp_action":"allow","dlp_forensic_id": 837324741664663800,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules": [ {"dlp_data_identifiers": {"numbers/payment_card_number_terms/eng": 14375,"numbers/payment_card_numbers/major": 14375,"persons/proper_names/int/full": 14375},"dlp_incident_rule_count": 14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score": 44563,"dlp_rule_severity":"Critical","is_unique_count": false,"weighted": false }]},{"dlp_action":"allow","dlp_forensic_id": 837324741664663800,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules": [ {"dlp_data_identifiers": {"numbers/payment_card_number_terms/eng": 179687,"numbers/payment_card_numbers/major": 179687,"persons/proper_names/us/last": 179687},"dlp_incident_rule_count": 179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score": 556311,"dlp_rule_severity":"Critical","is_unique_count": false,"weighted": false }]}],"dlp_parent_id": 837324741664663800,"dst_location":"Redmond","file_lang":"ENGLISH","file_size": 10256549,"file_type":"text/plain","md5":"2f6df9969215d9eb4d266dd636337da7","object_id":"hash_leeroy.jenkins@test.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d","object_type":"File","severity":"Critical","site":"Microsoft OneDrive","src_location":"San Diego","status":"new","timestamp": 1703111543,"title":"hash_leeroy.jenkins@test.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d","true_obj_category":"Text","true_obj_type":"Plain Text file","url":"ahokbw.sn.files.1drv.com/y4pc8aBlHkeYewYjiXtXi8MYtOs86JJQqo7vg06SX0nKC7Vs3fzqIm5HZ1tF9qKUEmxwCvk-giW-jamW9OmRBUBUbc6nKoArJT-sTdqHY0MSqbenjH6MMv-Vq9TuwHYk34oEgAp3KBd_iy9PlNlQnH5Q5s8Kyirfb4J_uHfMJb74q5dVjeiVOiTvm6Bg1in49q-2xYBGMcsgjhJDHfTFC8-FayiqnePYKvvK2UOvOAZI0c","user":"leeroy.jenkins@test.com","classification":"","latest_incident_id": 0,"inline_dlp_match_info": [],"from_user":"","destination_site":"","bcc":"","object":"","instance":"","exposure":"","original_file_snapshot_id":"","channel":"","cc":"","instance_id":"","zip_file_id":"","destination_app":"","file_path":"","owner":"","owner_pdl":"","to_user":"","destination_instance_id":"","user_id":"","referer":"","dlp_file":""}

{"_id":"07c703cd9b3e2185d00aa66c59e7b600ba0f4b8980307edaac2b9a4a322939eb","access_method":"Client","acting_user":"leeroy.jenkins@test.com","activity":"Download","app":"Microsoft OneDrive","app_session_id": 3483912176895852000,"assignee":"None","connection_id": 2762431970988418600,"dlp_incident_id": 4233141258481958000,"dlp_match_info": [{"dlp_action":"alert","dlp_forensic_id": 837324741664663800,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules": [ {"dlp_data_identifiers": {"numbers/payment_card_number_terms/eng": 14375,"numbers/payment_card_numbers/major": 14375,"persons/proper_names/int/full": 14375},"dlp_incident_rule_count": 14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score": 44563,"dlp_rule_severity":"Critical","is_unique_count": false,"weighted": false }]},{"dlp_action":"alert","dlp_forensic_id": 837324741664663800,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules": [ {"dlp_data_identifiers": {"numbers/payment_card_number_terms/eng": 179687,"numbers/payment_card_numbers/major": 179687,"persons/proper_names/us/last": 179687},"dlp_incident_rule_count": 179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score": 556311,"dlp_rule_severity":"Critical","is_unique_count": false,"weighted": false }]}],"dlp_parent_id": 4233141258481958000,"dst_location":"Redmond","file_lang":"ENGLISH","file_size": 10256549,"file_type":"text/plain","md5":"2f6df9969215d9eb4d266dd636337da7","object":"credit_cards.12.db","object_id":"hash_leeroy.jenkins@test.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d","object_type":"File","severity":"Critical","site":"Microsoft OneDrive","src_location":"San Diego","status":"new","timestamp": 1703111613,"title":"credit_cards.12.db","true_obj_category":"Text","true_obj_type":"Plain Text file","url":"ahokbw.sn.files.1drv.com/y4pjpgKTqpQltjYaPUVp8c4C7k1RPR1Ijs-eXlAB_BFH3Q8q0wANMEsWuGk5OB2MrAexKOYas2VLGzl-DRmyayHFQXeVXJlS1ggc-PMzlmVRMWdTSzFI5SjNfTU2xMf-MvDOgrJ9W5H5RMnE1tpvWID3sI6OG_6pjRVspm4ugkYPDFSx9H4R-FrsalyUD29u698OVdP929_uQdf9zgpu5Xm5UYQXny6kTuf0MlRGSCnZ9k","user":"leeroy.jenkins@test.com","classification":"","latest_incident_id": 0,"inline_dlp_match_info": [],"from_user":"","destination_site":"","bcc":"","instance":"","exposure":"","original_file_snapshot_id":"","channel":"","cc":"","instance_id":"","zip_file_id":"","destination_app":"","file_path":"","owner":"","owner_pdl":"","to_user":"","destination_instance_id":"","user_id":"","referer":"","dlp_file":""}

{"_id":"49eabf2c73de8f1038c4764c","access_method":"API Connector","acked":"false","activity":"Download","alert":"yes","alert_name":"watchlist fired","alert_type":"watchlist","app":"c4.ai","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci":"","ccl":"","count": 1,"device":"ZTE - P726CU","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.8","exposure":"organisation_wide_link","file_lang":"ENGLISH","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118543,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","local_sha256":"9c451d0fe025ab678a8e90b4d6fc175f03b68489dfaa1602085943cb9b1889fd","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"DdVdRrRQPHiDerbd","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Android 11.0","owner":"dte3831-sjc1-8619-0087t@test.netskope.com","policy":"policy_ga12","request_id":"2459149802892628500","scan_type":"Ongoing","site":"c4.ai","src_country":"NL","src_geoip_src": 2,"src_latitude": 52.3759,"src_location":"Amsterdam","src_longitude": 4.8975,"src_region":"North Holland","src_zipcode":"1012","srcip":"31.186.239.204","suppression_key":"Tenant Migration across MPs","timestamp": 1704344175,"title":"DdVdRrRQPHiDerbd","traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0607t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0607t@test.netskope.com","userkey":"dte3831-sjc1-8619-0607t@test.netskope.com","browser_version":"","tss_mode":"","from_storage":"","total_collaborator_count": 0,"to_object":"","TSS-scan":"","parent_id":"","numbytes": 0,"manager":"","severity_id": 0,"incident_id": 0,"to_user":"","managed_app":"","web_universal_connector":"","to_storage":"","connection_id": 0,"audit_category":"","tss_scan_failed":"","from_object":"","conn_duration": 0,"org":"","req_cnt": 0,"from_user":"","internal_collaborator_count": 0,"malware_profile":"","suppression_end_time": 0,"app_session_id": 0,"useragent":"","sanctioned_instance":"","client_bytes": 0,"external_collaborator_count": 0,"true_obj_type":"","severity":"","dlp_profile":"","protocol":"","suppression_start_time": 0,"enterprise_id":"","app_activity":"","malware_type":"","dlp_rule_severity":"","workspace":"","data_type":"","dst_timezone":"","shared_with":"","page_site":"","server_bytes": 0,"file_name":"","log_file_name":"","nsdeviceuid":"","aggregated_user":"","scanner_result":"","notify_template":"","malware_name":"","telemetry_app":"","dlp_is_unique_count":"","justification_type":"","tss_fail_reason":"","justification_reason":"","os_version":"","web_url":"","malware_id":"","user_category":"","appsuite":"","audit_type":"","file_id":"","page":"","dlp_incident_id": 0,"fromlogs":"","dlp_parent_id": 0,"hostname":"","workspace_id":"","referer":"","dlp_rule_count": 0,"act_user":"","sAMAccountName":"","resp_cnt": 0,"serial":"","dlp_fail_reason":"","universal_connector":"","ml_detection":"","file_category":"","to_user_category":"","device_classification":"","managementID":"","browser_session_id": 0,"local_md5":"","userPrincipalName":"","transaction_id": 0,"userip":"","dlp_file":"","dsthost":"","detection_engine":"","network":"","true_type_id": 0,"enterprise":"","all_policy_matches": [],"user_id":"","dlp_rule":"","app_name":"","true_obj_category":"","from_user_category":"","object_count": 0,"two_factor_auth":"","sfwder":"","src_time":"","policy_id":"","src_timezone":"","dlp_scan_failed":"","shared_domains":"","dstport": 0,"netskope_activity":"","malware_severity":""}

{"_id":"53e477e8f0d3cf9a6b5f8870","access_method":"API Connector","acked":"true","activity":"Login Successful","alert":"yes","alert_name":"watchlist fired","alert_type":"watchlist","app":"Experian Data Enrichment","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 66,"ccl":"medium","count": 1,"device":"iPhone X","dst_country":"US","dst_geoip_src": 2,"dst_latitude": 45.8234,"dst_location":"Boardman","dst_longitude": -119.7257,"dst_region":"Oregon","dst_zipcode":"97818","dstip":"52.218.153.131","exposure":"organisation_wide_link","file_lang":"ENGLISH","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 119045,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","local_sha256":"1aac65572f954c69134a35f1380d0dea9b315fb824c35054c46f1aab4f37fc40","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"arRJOZQpWZofoZmn","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS10.1","owner":"dte3831-sjc1-8619-0652t@test.netskope.com","policy":"policy_ga16","request_id":"2459149802892628500","scan_type":"Ongoing","site":"Experian Data Enrichment","src_country":"NL","src_geoip_src": 2,"src_latitude": 52.3759,"src_location":"Amsterdam","src_longitude": 4.8975,"src_region":"North Holland","src_zipcode":"1012","srcip":"31.186.239.204","suppression_key":"Tenant Migration across MPs","timestamp": 1704344241,"title":"arRJOZQpWZofoZmn","traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0391t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0391t@test.netskope.com","userkey":"dte3831-sjc1-8619-0391t@test.netskope.com","browser_version":"","tss_mode":"","from_storage":"","total_collaborator_count": 0,"to_object":"","TSS-scan":"","parent_id":"","numbytes": 0,"manager":"","severity_id": 0,"incident_id": 0,"to_user":"","managed_app":"","web_universal_connector":"","to_storage":"","connection_id": 0,"audit_category":"","tss_scan_failed":"","from_object":"","conn_duration": 0,"org":"","req_cnt": 0,"from_user":"","internal_collaborator_count": 0,"malware_profile":"","suppression_end_time": 0,"app_session_id": 0,"useragent":"","sanctioned_instance":"","client_bytes": 0,"external_collaborator_count": 0,"true_obj_type":"","severity":"","dlp_profile":"","protocol":"","suppression_start_time": 0,"enterprise_id":"","app_activity":"","malware_type":"","dlp_rule_severity":"","workspace":"","data_type":"","dst_timezone":"","shared_with":"","page_site":"","server_bytes": 0,"file_name":"","log_file_name":"","nsdeviceuid":"","aggregated_user":"","scanner_result":"","notify_template":"","malware_name":"","telemetry_app":"","dlp_is_unique_count":"","justification_type":"","tss_fail_reason":"","justification_reason":"","os_version":"","web_url":"","malware_id":"","user_category":"","appsuite":"","audit_type":"","file_id":"","page":"","dlp_incident_id": 0,"fromlogs":"","dlp_parent_id": 0,"hostname":"","workspace_id":"","referer":"","dlp_rule_count": 0,"act_user":"","sAMAccountName":"","resp_cnt": 0,"serial":"","dlp_fail_reason":"","universal_connector":"","ml_detection":"","file_category":"","to_user_category":"","device_classification":"","managementID":"","browser_session_id": 0,"local_md5":"","userPrincipalName":"","transaction_id": 0,"userip":"","dlp_file":"","dsthost":"","detection_engine":"","network":"","true_type_id": 0,"enterprise":"","all_policy_matches": [],"user_id":"","dlp_rule":"","app_name":"","true_obj_category":"","from_user_category":"","object_count": 0,"two_factor_auth":"","sfwder":"","src_time":"","policy_id":"","src_timezone":"","dlp_scan_failed":"","shared_domains":"","dstport": 0,"netskope_activity":"","malware_severity":""}

{"_id":"001c25ac3cc6e2df50df9010","access_method":"Endpoint","activity_type":"Unmount","alert":"no","alert_name":"tDfFZVxOzDKFuPdZ","alert_type":"endpoint","computer_name":"DvmPFWHKjkkjRepS","destination_file_directory":"/User/Lib/ABC","destination_file_name":"BctEagRVoStJcJWE","destination_file_path":"/User/Local/Content/","device":"wpkMMArHKBRbDRMP","device_id":"ZJXFupIEcTLFttAQ","device_sn":"epeVdHNgXplDnxEB","device_type":"SanDisk","dlp_profile_name":"MaKMJfhbsDZreUNl","dlp_rule":"KstPTusMMQbZTSRP","executable_hash":"kqOyOWAPYGDCJEac","executable_signed": false,"file_origin":"","file_size": 265,"file_type":"doc","md5":"jOZvieelUaPDwoep","os":"windows","os_details":"windows 10","os_user_name":"OicEfNSgVyJmzBuF","pid":"24765","policy_action":"block","policy_action_enforced":"Yes","policy_name":"gHlhPTRNeiQMzZfB","policy_name_enforced":"Yes","policy_version":"v2","process_cert_subject":"GXKXBKxMhZRGQzbr","process_name":"wNQGguDLhtMxrNbJ","process_path":"/Application/TestApp/Content/","product_id":"DlzknIOMNSEuWyFX","sub_type":"SUBTYPE_DEVICE_CONTROL","timestamp": 1703627017,"type":"endpoint","user":"liDWLQXJlFckLQwz","vendor_id":"sGzXtoLIwhpJZkLM","sha256":"","justification":"","source_file_name":"","event_recovered": false,"unc_path":"","action":"","app":"","dlp_incident_id": 0,"driver":"","incident_id": 0,"connection_type":"","device_name":"","source_file_directory":"","alert_generated": false,"location":"","activity":"","printer_identifier":"","port":"","dlp_profile":""}

{"_id":"002d61fb5b637151c933d8f0","access_method":"Endpoint","activity_type":"Share","alert":"no","alert_name":"lpKSYoURuNZNBbqC","alert_type":"endpoint","computer_name":"JvNAcbzuNeVyCuoy","destination_file_directory":"/User/Lib/ABC","destination_file_name":"kcqrKMhiZcbKqQzo","destination_file_path":"/User/Local/Content/","device":"jhAKNeKwKpfVIiBf","device_id":"yOyLZvDrVZKhHaBJ","device_sn":"ZXPPrpUaLoGfagob","device_type":"SanDisk","dlp_profile_name":"JxqezFLPUwwhLQtu","dlp_rule":"CuybVvNZdwBVrOMI","executable_hash":"FKvtrRnIjcYnFWET","executable_signed": false,"file_origin":"","file_size": 265,"file_type":"doc","md5":"RQKIAXeSoKylhDym","os":"windows","os_details":"windows 10","os_user_name":"RrkGlzaKLMtiCqDg","pid":"24765","policy_action":"block","policy_action_enforced":"Yes","policy_name":"XmtTvjjKPwADXYJz","policy_name_enforced":"No","policy_version":"v2","process_cert_subject":"kkWOTNmifsJUhMJL","process_name":"TpExnxSeTOzFHcxr","process_path":"/Application/TestApp/Content/","product_id":"xhimmgYrIlLUZTdx","sub_type":"SUBTYPE_DEVICE_CONTROL","timestamp": 1703628826,"type":"endpoint","user":"zsIVdxNpZloafaIU","vendor_id":"cweeZNmZeGgEQwsL","sha256":"","justification":"","source_file_name":"","event_recovered": false,"unc_path":"","action":"","app":"","dlp_incident_id": 0,"driver":"","incident_id": 0,"connection_type":"","device_name":"","source_file_directory":"","alert_generated": false,"location":"","activity":"","printer_identifier":"","port":"","dlp_profile":""}

{"_id":"a8a87ee1064da0f5408a747a","access_method":"IPSec","app":"Youtube","appcategory":"Streaming & Downloadable Video","bypass_reason":"Web Categories","bypass_traffic":"yes","category":"Streaming & Downloadable Video","cci": 59,"ccl":"low","connection_id": 0,"count": 1,"domain":"www.youtube.com","dst_country":"JP","dst_latitude": 35.68949890136719,"dst_location":"Tokyo","dst_longitude": 139.69232177734375,"dst_region":"Tokyo","dst_timezone":"Asia/Tokyo","dst_zipcode":"N/A","dstip":"142.250.200.14","dstport": 443,"netskope_pop":"UK-LON1","organization_unit":"","other_categories": ["Streaming & Downloadable Video"],"page":"www.youtube.com","request_id": 2584115262341059841,"site":"Youtube","src_country":"GB","src_latitude": 51.5095,"src_location":"London","src_longitude": -0.0955,"src_region":"England","src_time":"Fri May 26 02:01:00 2023","src_timezone":"Europe/London","src_zipcode":"EC4N","srcip":"18.170.239.0","ssl_decrypt_policy":"no","timestamp": 1685062890,"traffic_type":"CloudApp","transaction_id": 0,"type":"connection","ur_normalized":"10.0.1.38","url":"www.youtube.com","user":"10.0.1.38","user_generated":"yes","userip":"10.0.1.38","userkey":"10.0.1.38","resp_cnt": 0,"app_session_id": 0,"numbytes": 0,"browser_session_id": 0,"src_geoip_src": 0,"device":"","conn_endtime": 0,"hostname":"","http_transaction_count": 0,"severity":"","forward_to_proxy_profile":"","conn_duration": 0,"server_bytes": 0,"suppression_end_time": 0,"sAMAccountName":"","browser":"","fromlogs":"","resp_content_type":"","network":"","dynamic_classification":"","dst_geoip_src": 0,"dsthost":"","req_cnt": 0,"suppression_start_time": 0,"CononicalName":"","serial":"","sessionid":"","log_file_name":"","policy":"","resp_content_len": 0,"client_bytes": 0,"protocol":"","conn_starttime": 0,"os_version":"","org":"","useragent":"","browser_version":"","os":"","userPrincipalName":""}

{"_id":"54be05b07c9b43a3344abbc5","access_method":"IPSec","app":"Youtube","appcategory":"Streaming & Downloadable Video","bypass_reason":"Web Categories","bypass_traffic":"yes","category":"Streaming & Downloadable Video","cci": 59,"ccl":"low","connection_id": 0,"count": 1,"domain":"www.youtube.com","dst_country":"JP","dst_latitude": 35.68949890136719,"dst_location":"Tokyo","dst_longitude": 139.69232177734375,"dst_region":"Tokyo","dst_timezone":"Asia/Tokyo","dst_zipcode":"N/A","dstip":"142.250.200.14","dstport": 443,"netskope_pop":"UK-LON1","organization_unit":"","other_categories": ["Streaming & Downloadable Video"],"page":"www.youtube.com","request_id": 2584115827892622593,"site":"Youtube","src_country":"GB","src_latitude": 51.5095,"src_location":"London","src_longitude": -0.0955,"src_region":"England","src_time":"Fri May 26 02:02:00 2023","src_timezone":"Europe/London","src_zipcode":"EC4N","srcip":"18.170.239.0","ssl_decrypt_policy":"no","timestamp": 1685062957,"traffic_type":"CloudApp","transaction_id": 0,"type":"connection","ur_normalized":"10.0.1.38","url":"www.youtube.com","user":"10.0.1.38","user_generated":"yes","userip":"10.0.1.38","userkey":"10.0.1.38","resp_cnt": 0,"app_session_id": 0,"numbytes": 0,"browser_session_id": 0,"src_geoip_src": 0,"device":"","conn_endtime": 0,"hostname":"","http_transaction_count": 0,"severity":"","forward_to_proxy_profile":"","conn_duration": 0,"server_bytes": 0,"suppression_end_time": 0,"sAMAccountName":"","browser":"","fromlogs":"","resp_content_type":"","network":"","dynamic_classification":"","dst_geoip_src": 0,"dsthost":"","req_cnt": 0,"suppression_start_time": 0,"CononicalName":"","serial":"","sessionid":"","log_file_name":"","policy":"","resp_content_len": 0,"client_bytes": 0,"protocol":"","conn_starttime": 0,"os_version":"","org":"","useragent":"","browser_version":"","os":"","userPrincipalName":""}

{"_id":"f3c16af373007007aa7cf4bf","access_method":"IPSec","app":"Youtube","appcategory":"Streaming & Downloadable Video","bypass_reason":"Web Categories","bypass_traffic":"yes","category":"Streaming & Downloadable Video","cci": 59,"ccl":"low","connection_id": 0,"count": 1,"domain":"socialimpact.youtube.com","dst_country":"US","dst_latitude": 37.40599060058594,"dst_location":"Mountain View","dst_longitude": -122.0785140991211,"dst_region":"California","dst_timezone":"America/Los_Angeles","dst_zipcode":"N/A","dstip":"142.250.178.14","dstport": 443,"netskope_pop":"UK-LON1","organization_unit":"","other_categories": ["Streaming & Downloadable Video"],"page":"socialimpact.youtube.com","request_id": 2584116399500760321,"site":"Youtube","src_country":"GB","src_latitude": 51.5095,"src_location":"London","src_longitude": -0.0955,"src_region":"England","src_time":"Fri May 26 02:03:00 2023","src_timezone":"Europe/London","src_zipcode":"EC4N","srcip":"18.170.239.0","ssl_decrypt_policy":"no","timestamp": 1685063025,"traffic_type":"CloudApp","transaction_id": 0,"type":"connection","ur_normalized":"10.0.1.38","url":"socialimpact.youtube.com","user":"10.0.1.38","user_generated":"yes","userip":"10.0.1.38","userkey":"10.0.1.38","resp_cnt": 0,"app_session_id": 0,"numbytes": 0,"browser_session_id": 0,"src_geoip_src": 0,"device":"","conn_endtime": 0,"hostname":"","http_transaction_count": 0,"severity":"","forward_to_proxy_profile":"","conn_duration": 0,"server_bytes": 0,"suppression_end_time": 0,"sAMAccountName":"","browser":"","fromlogs":"","resp_content_type":"","network":"","dynamic_classification":"","dst_geoip_src": 0,"dsthost":"","req_cnt": 0,"suppression_start_time": 0,"CononicalName":"","serial":"","sessionid":"","log_file_name":"","policy":"","resp_content_len": 0,"client_bytes": 0,"protocol":"","conn_starttime": 0,"os_version":"","org":"","useragent":"","browser_version":"","os":"","userPrincipalName":""}

{"_id":"a5056f94f9c315a8e26253c5","access_method":"IPSec","app":"Youtube","appcategory":"Streaming & Downloadable Video","bypass_reason":"Web Categories","bypass_traffic":"yes","category":"Streaming & Downloadable Video","cci": 59,"ccl":"low","connection_id": 0,"count": 1,"domain":"socialimpact.youtube.com","dst_country":"US","dst_latitude": 37.40599060058594,"dst_location":"Mountain View","dst_longitude": -122.0785140991211,"dst_region":"California","dst_timezone":"America/Los_Angeles","dst_zipcode":"N/A","dstip":"142.250.187.238","dstport": 443,"netskope_pop":"UK-LON1","organization_unit":"","other_categories": ["Streaming & Downloadable Video"],"page":"socialimpact.youtube.com","request_id": 2584116945934685441,"site":"Youtube","src_country":"GB","src_latitude": 51.5095,"src_location":"London","src_longitude": -0.0955,"src_region":"England","src_time":"Fri May 26 02:04:00 2023","src_timezone":"Europe/London","src_zipcode":"EC4N","srcip":"18.170.239.0","ssl_decrypt_policy":"no","timestamp": 1685063090,"traffic_type":"CloudApp","transaction_id": 0,"type":"connection","ur_normalized":"10.0.1.38","url":"socialimpact.youtube.com","user":"10.0.1.38","user_generated":"yes","userip":"10.0.1.38","userkey":"10.0.1.38","resp_cnt": 0,"app_session_id": 0,"numbytes": 0,"browser_session_id": 0,"src_geoip_src": 0,"device":"","conn_endtime": 0,"hostname":"","http_transaction_count": 0,"severity":"","forward_to_proxy_profile":"","conn_duration": 0,"server_bytes": 0,"suppression_end_time": 0,"sAMAccountName":"","browser":"","fromlogs":"","resp_content_type":"","network":"","dynamic_classification":"","dst_geoip_src": 0,"dsthost":"","req_cnt": 0,"suppression_start_time": 0,"CononicalName":"","serial":"","sessionid":"","log_file_name":"","policy":"","resp_content_len": 0,"client_bytes": 0,"protocol":"","conn_starttime": 0,"os_version":"","org":"","useragent":"","browser_version":"","os":"","userPrincipalName":""}

{"_id":"02b7d3bad4ecd316c3f10c41","access_method":"API Connector","acked":"true","action":"","activity":"Download","alert":"yes","alert_name":"Remediation alert","alert_type":"Remediation","app":"Jadu","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 45,"ccl":"poor","count": 1,"device":"Other","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.204","file_size": 119299,"file_type":"application/vnd.google-apps.document","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","object":"AWVoOazBoRWFSzJC","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Windows 10.0","policy":"policy_ga46","request_id":"2459149802892628500","site":"Jadu Continuum","src_country":"NL","src_geoip_src": 2,"src_latitude": 52.3759,"src_location":"Amsterdam","src_longitude": 4.8975,"src_region":"North Holland","src_zipcode":"1012","srcip":"31.186.239.8","timestamp": 1703749229,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0059t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0059t@test.netskope.com","page":"","actions_taken":"","remediation_profile":"","all_policy_matches": [],"app_session_id": 0,"malware_type":"","device_classification":"","dst_timezone":"","connection_id": 0,"tss_mode":"","managed_app":"","dlp_profile":"","userip":"","policy_id":"","os_version":"","edr_app":"","endpoint_count": 0,"nsdeviceuid":"","profile_hits": [],"protocol":"","transaction_id": 0,"malware_severity":"","sanctioned_instance":"","managementID":"","src_timezone":"","malware_name":"","appsuite":"","notify_template":"","browser_session_id": 0,"page_site":"","from_user":"","incident_id": 0,"endpoints":"","src_time":"","hostname":"","malware_id":"","severity":""}

{"_id":"04123e36f24edd2db0b75245","access_method":"API Connector","acked":"false","action":"block","activity":"Create","alert":"yes","alert_name":"Remediation alert","alert_type":"Remediation","app":"Green Building Canada","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 6,"ccl":"poor","count": 1,"device":"iPhone X","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.204","file_size": 118587,"file_type":"application/vnd.google-apps.document","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","object":"HFkDzhhcyqQkVzRn","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS9.0","policy":"policy_ga1","request_id":"2459149802892628500","site":"Green Building Canada","src_country":"US","src_geoip_src": 2,"src_latitude": 32.7936,"src_location":"San Diego","src_longitude": -117.0689,"src_region":"California","src_zipcode":"92120","srcip":"98.176.143.16","timestamp": 1703749190,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0605t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0605t@test.netskope.com","page":"","actions_taken":"","remediation_profile":"","all_policy_matches": [],"app_session_id": 0,"malware_type":"","device_classification":"","dst_timezone":"","connection_id": 0,"tss_mode":"","managed_app":"","dlp_profile":"","userip":"","policy_id":"","os_version":"","edr_app":"","endpoint_count": 0,"nsdeviceuid":"","profile_hits": [],"protocol":"","transaction_id": 0,"malware_severity":"","sanctioned_instance":"","managementID":"","src_timezone":"","malware_name":"","appsuite":"","notify_template":"","browser_session_id": 0,"page_site":"","from_user":"","incident_id": 0,"endpoints":"","src_time":"","hostname":"","malware_id":"","severity":""}

{"_id":"0448a62ecf1248a44cbc0798","access_method":"API Connector","acked":"true","action":"block","activity":"Login Successful","alert":"yes","alert_name":"Remediation alert","alert_type":"Remediation","app":"Intelligent Plant Gestalt","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 47,"ccl":"poor","count": 1,"device":"iPhone 7 Plus","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.8","file_size": 118849,"file_type":"application/vnd.google-apps.document","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","object":"iUGeMOfkkaLAVqIA","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS10.1","policy":"policy_ga50","request_id":"2459149802892628500","site":"Intelligent Plant Gestalt","src_country":"NL","src_geoip_src": 2,"src_latitude": 52.3759,"src_location":"Amsterdam","src_longitude": 4.8975,"src_region":"North Holland","src_zipcode":"1012","srcip":"31.186.239.204","timestamp": 1703749825,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0229t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0229t@test.netskope.com","page":"","actions_taken":"","remediation_profile":"","all_policy_matches": [],"app_session_id": 0,"malware_type":"","device_classification":"","dst_timezone":"","connection_id": 0,"tss_mode":"","managed_app":"","dlp_profile":"","userip":"","policy_id":"","os_version":"","edr_app":"","endpoint_count": 0,"nsdeviceuid":"","profile_hits": [],"protocol":"","transaction_id": 0,"malware_severity":"","sanctioned_instance":"","managementID":"","src_timezone":"","malware_name":"","appsuite":"","notify_template":"","browser_session_id": 0,"page_site":"","from_user":"","incident_id": 0,"endpoints":"","src_time":"","hostname":"","malware_id":"","severity":""}

{"_id":"0563ba7a1c5a9073eb4b4431","access_method":"API Connector","acked":"false","action":"","activity":"Login Successful","alert":"yes","alert_name":"Remediation alert","alert_type":"Remediation","app":"Microsoft Accounts","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 85,"ccl":"high","count": 1,"device":"Other","dst_country":"FR","dst_geoip_src": 1,"dst_latitude": 47.89616,"dst_location":"Ballots","dst_longitude": -1.04759,"dst_region":"Pays-de-la-Loire","dstip":"193.248.155.211","file_size": 118690,"file_type":"application/vnd.google-apps.document","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","object":"TdZjyxvuviCVSjhy","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Windows 11.0","policy":"policy_ga2","request_id":"2459149802892628500","site":"Microsoft Office 365 Suite","src_country":"IN","src_geoip_src": 2,"src_latitude": 12.9634,"src_location":"Bengaluru","src_longitude": 77.5855,"src_region":"Karnataka","src_zipcode":"560058","srcip":"182.75.130.70","timestamp": 1703749789,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0216t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0216t@test.netskope.com","page":"","actions_taken":"","remediation_profile":"","all_policy_matches": [],"app_session_id": 0,"malware_type":"","device_classification":"","dst_timezone":"","connection_id": 0,"tss_mode":"","managed_app":"","dlp_profile":"","userip":"","policy_id":"","os_version":"","edr_app":"","dst_zipcode":"","endpoint_count": 0,"nsdeviceuid":"","profile_hits": [],"protocol":"","transaction_id": 0,"malware_severity":"","sanctioned_instance":"","managementID":"","src_timezone":"","malware_name":"","appsuite":"","notify_template":"","browser_session_id": 0,"page_site":"","from_user":"","incident_id": 0,"endpoints":"","src_time":"","hostname":"","malware_id":"","severity":""}

{"_id":"c1de6086d59ee655e3499058","access_method":"API Connector","acked":"true","action":"alert","alert":"yes","alert_name":"malsite visit","alert_type":"malsite","app":"N.nu Online HTML Editor","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci":"","ccl":"unknown","count": 1,"device":"Other","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.8","object":"OvoqYleowwwIyKIY","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Windows 7.0","other_categories": [],"policy":"policy_ga14","request_id":"2459149802892628500","site":"N.nu Online HTML Editor","src_country":"IN","src_geoip_src": 2,"src_latitude": 12.9634,"src_location":"Bengaluru","src_longitude": 77.5855,"src_region":"Karnataka","src_zipcode":"560058","srcip":"182.75.130.70","timestamp": 1703985702,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0317t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0317t@test.netskope.com","useragent":"","app_session_id": 0,"co":"","malsite_ip_host":"","malsite_last_seen": 0,"page_site":"","universal_connector":"","policy_id":"","hostname":"","managed_app":"","malicious":"","malsite_latitude": 0.0,"malsite_reputation":"","aggregated_user":"","malsite_first_seen": 0,"malsite_consecutive":"","severity_level_id": 0,"threat_match_value":"","device_classification":"","log_file_name":"","browser_session_id": 0,"malsite_category": [],"req_cnt": 0,"referer":"","connection_id": 0,"telemetry_app":"","malsite_country":"","dst_timezone":"","gateway":"","client_bytes": 0,"department":"","org":"","suppression_start_time": 0,"severity":"","malsite_confidence": 0,"incident_id": 0,"browser_version":"","src_time":"","malsite_active":"","malsite_longitude": 0.0,"malsite_id":"","conn_duration": 0,"dstport": 0,"resp_cnt": 0,"threat_source_id": 0,"sAMAccountName":"","malsite_hostility":"","page":"","dsthost":"","suppression_end_time": 0,"server_bytes": 0,"division":"","protocol":"","src_timezone":"","transaction_id": 0,"os_version":"","threat_match_field":"","userip":"","fromlogs":"","numbytes": 0,"severity_level":"","serial":"","notify_template":"","ja3s":"","from_user":"","malsite_region":"","appsuite":"","sfwder":"","ja3":""}

{"_id":"a19c9ee231236d2aa6049c5d","access_method":"Client","acked":"false","action":"anomaly_detection","activity":"Browse","alert":"yes","alert_id":"26cde2a1095809def1669de5d16c1b36","alert_name":"Rare Event","alert_type":"uba","app":"[Adi TEST]","app_session_id": 272704109046826005,"appcategory":"Social","browser":"Chrome","browser_session_id": 851594215731707319,"browser_version":"56.0.2924.87","category":"Social","cci": 0,"ccl":"unknown","connection_id": 934147760283550847,"count": 1,"device":"Linux Device","device_classification":"not configured","dst_country":"US","dst_location":"San Francisco","dst_region":"California","dst_timezone":"America/Los_Angeles","dst_zipcode":"N/A","dstip":"104.244.42.1","event_type":"sequence","evt_src_chnl":"application","hostname":"ip-10-0-4-91","incident_id": 633784229324024281,"managed_app":"yes","managementID":"","organization_unit":"","os":"Linux","os_version":"Linux","page":"twitter.com","page_site":"[Adi TEST]","policy":"Rare Event","policy_actions": ["Browse"],"profile_id":"Rare Event","protocol":"HTTPS/1.1","request_id": 2591917854517479936,"score":"101","severity":"medium","site":"[Adi TEST]","src_country":"GB","src_location":"London","src_region":"England","src_time":"Mon Jun5 20:23:00 2023","src_timezone":"Europe/London","src_zipcode":"EC4N","srcip":"13.42.202.59","telemetry_app":"","threshold": 5184000,"timestamp": 1685993031,"traffic_type":"CloudApp","transaction_id": 633784229324024281,"type":"nspolicy","ur_normalized":"leeroy.jenkins@test.com","url":"twitter.com/icacanada","user":"leeroy.jenkins@test.com","useragent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36","userip":"10.0.4.91","userkey":"leeroy.jenkins@test.com","createdTime":"","user_role":"","all_policy_matches": [],"tss_mode":"","group":"","TSS-scan":"","windowId": 0,"dst_latitude": 0.0,"last_device":"","last_location":"","user_id":"","AccountType":"","suppression_end_time": 0,"object_count": 0,"dst_geoip_src": 0,"sAMAccountName":"","anomalyData": {},"uba_inst1":"","last_app":"","to_user_category":"","User_SPACE_Name":"","app_category":"","employeeType":"","from_user_category":"","threshold_time": 0,"loginurl":"","netskope_activity":"","from_user":"","risk_level":"","file_size": 0,"request_type":"","logintype":"","user_category":"","md5":"","policy_name":"","mail":"","audit_category":"","activity_status":"","uba_ap2":"","dst_longitude": 0.0,"user_name":"","referer":"","suppression_start_time": 0,"src_geoip_src": 0,"uba_inst2":"","to_object":"","last_country":"","last_region":"","src_latitude": 0.0,"tss_scan_failed":"","tss_fail_reason":"","appsuite":"","audit_type":"","User_SPACE_Id":"","object_type":"","sanctioned_instance":"","shared_credential_user":"","object":"","displayName":"","policy_id":"","distinguishedName":"","surhn":"","src_longitude": 0.0,"instance_id":"","web_universal_connector":"","file_type":"","risk_level_id": 0,"app_activity":"","division":"","scopes": [],"object_id":"","uba_ap1":"","download_app":"","two_factor_auth":"","userPrincipalName":"","manager":"","last_timestamp": 0,"to_user":"","anomaly_type":"","act_user":"","parent_id":"","bin_timestamp": 0,"file_category":""}

{"_id":"e98894e3d800c7d08c928eb0","access_method":"API Connector","acked":"true","action":"alert","activity":"Introspection Scan","alert":"yes","alert_name":"File shared publicly using cloud drive","alert_type":"DLP","app":"Verizon Media","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","ccl":"low","device":"iPhone 6S Plus","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.8","exposure":"organisation_wide_link","file_lang":"ENGLISH","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 119043,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","local_sha256":"94c84572f899db9c51fd214c94b719f0e76cdf4588531388576d477fd1d5d15d","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"GSLrKcOqwVUjNwmK","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS9.6","owner":"dte3831-am2-7379-0576t@test.netskope.com","policy":"policy_ga32","request_id":"2459149802892628500","scan_type":"Ongoing","site":"Verizon Media","src_country":"IN","src_geoip_src": 2,"src_latitude": 12.9634,"src_location":"Bengaluru","src_longitude": 77.5855,"src_region":"Karnataka","src_zipcode":"560058","srcip":"182.75.130.70","suppression_key":"Tenant Migration across MPs","timestamp": 1703776340,"title":"GSLrKcOqwVUjNwmK","traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0787t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0787t@test.netskope.com","userkey":"dte3831-am2-7379-0787t@test.netskope.com","tss_mode":"","external_collaborator_count": 0,"parent_id":"","owner_pdl":"","protocol":"","dlp_parent_id": 0,"managementID":"","from_storage":"","file_cls_encrypted": false,"src_timezone":"","message_id":"","file_password_protected":"","user_id":"","page_site":"","userip":"","web_universal_connector":"","dlp_fingerprint_match":"","dst_timezone":"","outer_doc_type": 0,"dlp_rule":"","group":"","channel":"","referer":"","dynamic_classification":"","act_user":"","orignal_file_path":"","classification_name":"","smtp_to": [],"dlp_incident_id": 0,"dlp_unique_count": 0,"universal_connector":"","src_time":"","userPrincipalName":"","dlp_is_unique_count":"","manager":"","dlp_rule_severity":"","dlp_mail_parent_id":"","transaction_id": 0,"dlp_rule_count": 0,"message_size": 0,"retro_scan_name":"","hostname":"","severity":"","bcc":"","page":"","to_storage":"","true_type_id": 0,"violating_user_type":"","app_activity":"","violating_user":"","sha256":"","true_filetype":"","userCountry":"","dlp_fingerprint_classification":"","sanctioned_instance":"","sAMAccountName":"","collaborated":"","true_obj_type":"","connection_id": 0,"managed_app":"","dlp_fingerprint_score": 0,"shared_domains":"","dlp_file":"","dlp_profile":"","file_category":"","total_collaborator_count": 0,"displayName":"","data_type":"","browser_session_id": 0,"os_version":"","appsuite":"","app_session_id": 0,"from_user":"","device_classification":"","mail":"","incident_id": 0,"dlp_rule_score": 0,"true_obj_category":"","browser_version":"","policy_id":"","shared_with":"","to_user":"","sub_type":""}

{"_id":"eb57eed0c3c40cdb39022a2c","access_method":"API Connector","acked":"false","action":"","activity":"Introspection Scan","alert":"yes","alert_name":"File shared publicly using cloud drive","alert_type":"DLP","app":"FoodStorm","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","ccl":"poor","device":"ZTE - P188T10","dst_country":"FR","dst_geoip_src": 1,"dst_latitude": 47.89616,"dst_location":"Ballots","dst_longitude": -1.04759,"dst_region":"Pays-de-la-Loire","dstip":"193.248.155.211","exposure":"organisation_wide_link","file_lang":"ENGLISH","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118810,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","local_sha256":"27bfcdea1d7f5c70c74fde64d4c34125436eadf1bee8b5bfd02bc563183e259d","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"QUqCdTSsjmeUaSTs","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Android 11.0","owner":"dte3831-am2-7379-0644t@test.netskope.com","policy":"policy_ga4","request_id":"2459149802892628500","scan_type":"Ongoing","site":"FoodStorm for Distribution","src_country":"FR","src_geoip_src": 1,"src_latitude": 47.89616,"src_location":"Ballots","src_longitude": -1.04759,"src_region":"Pays-de-la-Loire","srcip":"193.248.155.211","suppression_key":"Tenant Migration across MPs","timestamp": 1703777191,"title":"QUqCdTSsjmeUaSTs","traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0755t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0755t@test.netskope.com","userkey":"dte3831-am2-7379-0755t@test.netskope.com","src_zipcode":"","tss_mode":"","dst_zipcode":"","external_collaborator_count": 0,"parent_id":"","owner_pdl":"","protocol":"","dlp_parent_id": 0,"managementID":"","from_storage":"","file_cls_encrypted": false,"src_timezone":"","message_id":"","file_password_protected":"","user_id":"","page_site":"","userip":"","web_universal_connector":"","dlp_fingerprint_match":"","dst_timezone":"","outer_doc_type": 0,"dlp_rule":"","group":"","channel":"","referer":"","dynamic_classification":"","act_user":"","orignal_file_path":"","classification_name":"","smtp_to": [],"dlp_incident_id": 0,"dlp_unique_count": 0,"universal_connector":"","src_time":"","userPrincipalName":"","dlp_is_unique_count":"","manager":"","dlp_rule_severity":"","dlp_mail_parent_id":"","transaction_id": 0,"dlp_rule_count": 0,"message_size": 0,"retro_scan_name":"","hostname":"","severity":"","bcc":"","page":"","to_storage":"","true_type_id": 0,"violating_user_type":"","app_activity":"","violating_user":"","sha256":"","true_filetype":"","userCountry":"","dlp_fingerprint_classification":"","sanctioned_instance":"","sAMAccountName":"","collaborated":"","true_obj_type":"","connection_id": 0,"managed_app":"","dlp_fingerprint_score": 0,"shared_domains":"","dlp_file":"","dlp_profile":"","file_category":"","total_collaborator_count": 0,"displayName":"","data_type":"","browser_session_id": 0,"os_version":"","appsuite":"","app_session_id": 0,"from_user":"","device_classification":"","mail":"","incident_id": 0,"dlp_rule_score": 0,"true_obj_category":"","browser_version":"","policy_id":"","shared_with":"","to_user":"","sub_type":""}

{"type":"admin_audit_logs","supporting_data": { "data_values": [400,"POST","/api/v2/steering/ipsec/tunnels","trid=ceeoed298edji6dbe9qg"], "data_type":"steering"},"timestamp": 1711378583,"severity_level": 2,"user":"Alliance-EU Token","audit_log_event":"Rest API V2 Call","organization_unit":"","ur_normalized":"alliance-eu token","count": 1,"_id":"395c302cc6ff02d2538fbe3d","details": [],"sAMAccountName":"","ccl":"","userPrincipalName":""}

{"type":"admin_audit_logs","supporting_data": { "data_values": [201,"POST","/api/v2/steering/ipsec/tunnels","trid=ceeoeh9ghfjeae51euu0"], "data_type":"steering"},"timestamp": 1711378601,"severity_level": 2,"user":"Alliance-EU Token","audit_log_event":"Rest API V2 Call","organization_unit":"","ur_normalized":"alliance-eu token","count": 1,"_id":"f963839068fb07adbd63d836","details": [],"sAMAccountName":"","ccl":"","userPrincipalName":""}

{"timestamp": 1711381120,"type":"admin_audit_logs","user":"xtesta@networks.com","severity_level": 2,"audit_log_event":"Logout Successful","supporting_data": { "data_type":"reason", "data_values": ["Logged out due to inactivity"]},"organization_unit":"","ur_normalized":"xtesta@networks.com","count": 1,"_id":"0ccd09d7aeb88475054cbd34","details": [],"sAMAccountName":"","ccl":"","userPrincipalName":""}

{"timestamp": 1711387341,"type":"admin_audit_logs","user":"leeroy.jenkins@test.com","severity_level": 2,"audit_log_event":"SSO Login Successful","supporting_data": { "data_type":"user", "data_values": ["leeroy.jenkins@test.com"]},"organization_unit":"","ur_normalized":"leeroy.jenkins@test.com","count": 1,"_id":"1efbb18b7fd5e2534e5300ce","details": [],"sAMAccountName":"","ccl":"","userPrincipalName":""}

{"_id":"290f7590b625be28ad98e42a","access_method":"Client","action":"allow","app":"[SampleApp]","appcategory":"n/a","category":"n/a","cci": 0,"ccl":"unknown","client_bytes": 986,"client_packets": 10,"count": 1,"device":"Windows","dsthost":"10.0.3.126","dstip":"","dstport": 80,"end_time":"2023-08-24T14:14:20+00:00","hostname":"DESKTOP-COIL7KC","ip_protocol":"TCP","network_session_id":"12413888754532789422","num_sessions": 1,"numbytes": 1740,"organization_unit":"","os":"Windows","os_version":"10.0.19045","policy":"Allow to access SampleApp","protocol":"Http","protocol_port":"TCP:80","publisher_cn":"27cda51af2393b93","publisher_name":"JustasPublisher","server_bytes": 754,"server_packets": 6,"session_duration": 65869,"site":"10.0.3.126","srcip":"","srcport": 0,"start_time":"2023-08-24T14:13:47+00:00","timestamp": 1692886580,"total_packets": 16,"traffic_type":"PrivateApp","tunnel_id":"2976","tunnel_type":"NPA","tunnel_up_time": 65869,"type":"network","ur_normalized":"Lerroy.Jenkins@test.com","user":"Lerroy.Jenkins@test.com","userip":"","userkey":"Lerroy.Jenkins@test.com","src_country":"","src_location":"","src_longitude": 0,"domain":"","src_latitude": 0,"dst_country":"","src_region":"","src_zipcode":"","sAMAccountName":"","src_geoip_src": 0,"dst_geoip_src": 0,"flow_status":"","dst_longitude": 0,"dst_zipcode":"","userPrincipalName":"","dst_region":"","dst_location":"","dst_latitude": 0}

{"_id":"db01ea9d15d00a0c6b20d097","access_method":"Client","activity":"Browse","alert":"no","app":"[Adi TEST]","app_session_id": 72377384619935664,"appcategory":"Social","browser":"Chrome","browser_session_id": 4216408099882732284,"browser_version":"56.0.2924.87","category":"Social","cci": 0,"ccl":"unknown","connection_id": 569382391757509338,"count": 1,"device":"Linux Device","device_classification":"not configured","dst_country":"US","dst_latitude": 37.77396774291992,"dst_location":"San Francisco","dst_longitude": -122.41044616699219,"dst_region":"California","dst_timezone":"America/Los_Angeles","dst_zipcode":"N/A","dstip":"104.244.42.193","hostname":"ip-10-0-4-91","ja3":"f0a8f03cd88db5395e12077d3e4aa1fc","ja3s":"NotAvailable","managed_app":"yes","managementID":"","netskope_pop":"UK-LON2","nsdeviceuid":"5D2512E9-9F62-A874-3F38-155FAE899060","organization_unit":"","os":"Linux","os_version":"Linux","other_categories": ["Social"],"page":"twitter.com","page_site":"[Adi TEST]","policy_id":"8A06665A02D2D69D25185227A7B4BF1B 2023-05-24 12:43:33.485005","protocol":"HTTPS/1.1","request_id": 2584129699538129408,"severity":"unknown","site":"[Adi TEST]","src_country":"GB","src_latitude": 51.5095,"src_location":"London","src_longitude": -0.0955,"src_region":"England","src_time":"Fri May 26 02:30:08 2023","src_timezone":"Europe/London","src_zipcode":"EC4N","srcip":"13.42.202.59","telemetry_app":"","timestamp": 1685064611,"traffic_type":"CloudApp","transaction_id": 3472098625911941441,"type":"nspolicy","ur_normalized":"leeroy.jenkins@test.com","url":"twitter.com/eBayPartnerNet","user":"leeroy.jenkins@test.com","useragent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36","userip":"10.0.4.91","userkey":"leeroy.jenkins@test.com","data_center":"","app_activity":"","server_bytes": 0,"mime_type":"","scan_type":"","policy":"","appsuite":"","object_type":"","sAMAccountName":"","notify_template":"","dst_geoip_src": 0,"dsthost":"","to_user":"","dlp_file":"","fromlogs":"","owner":"","serial":"","data_type":"","true_obj_type":"","modified": 0,"internal_collaborator_count": 0,"dlp_rule":"","dlp_mail_parent_id":"","logintype":"","md5":"","numbytes": 0,"web_universal_connector":"","suppression_key":"","total_collaborator_count": 0,"dlp_unique_count": 0,"custom_connector":"","title":"","file_path":"","log_file_name":"","orignal_file_path":"","file_type":"","dlp_profile":"","audit_type":"","alert_type":"","object_id":"","from_user_category":"","sha256":"","referer":"","netskope_activity":"","org":"","exposure":"","tss_mode":"","true_obj_category":"","dlp_parent_id": 0,"channel_id":"","universal_connector":"","action":"","req_cnt": 0,"dlp_rule_severity":"","dlp_is_unique_count":"","from_user":"","user_category":"","user_id":"","src_geoip_src": 0,"suppression_end_time": 0,"object":"","dstport": 0,"sessionid":"","workspace_id":"","dlp_rule_count": 0,"loginurl":"","suppression_start_time": 0,"conn_duration": 0,"instance":"","workspace":"","shared_with":"","instance_id":"","file_size": 0,"file_lang":"","sanctioned_instance":"","client_bytes": 0,"dlp_incident_id": 0,"CononicalName":"","smtp_to": [],"parent_id":"","userPrincipalName":"","audit_category":"","resp_cnt": 0}

{"_id":"1a5862af93e3c7cdc3162eb7","access_method":"API Connector","acked":"true","action":"","activity":"Download","alert":"yes","alert_name":"Malware alert","alert_type":"Malware","app":"Frederick County MD","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci":"","ccl":"unknown","count": 1,"device":"Other","dst_country":"US","dst_geoip_src": 2,"dst_latitude": 45.8234,"dst_location":"Boardman","dst_longitude": -119.7257,"dst_region":"Oregon","dst_zipcode":"97818","dstip":"52.218.153.131","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118868,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","local_sha256":"20edb43b2e870b8d0b61926cb64b0302c2d00aee84d4b3940ed729a987bb62e0","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","object":"gvkVzQOCHAARXDQK","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Windows 7.0","policy":"policy_ga7","request_id":"2459149802892628500","scan_type":"Ongoing","site":"Frederick County MD","src_country":"NL","src_geoip_src": 2,"src_latitude": 52.3759,"src_location":"Amsterdam","src_longitude": 4.8975,"src_region":"North Holland","src_zipcode":"1012","srcip":"31.186.239.8","timestamp": 1703867447,"title":"gvkVzQOCHAARXDQK","traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0335t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0335t@test.netskope.com","file_category":"","sha1":"","managed_app":"","usr_title":"","usr_status":"","app_name":"","scanner_result":"","malware_id":"","page":"","usr_udf_businesssegmentlevel3":"","file_name":"","shared_with": [],"device_classification":"","userCountry":"","appsuite":"","app_session_id": 0,"tss_fail_reason":"","usr_udf_primarydomain":"","protocol":"","department":"","connection_id": 0,"dst_timezone":"","created_date": 0,"detection_type":"","usr_udf_supervisorid":"","usr_udf_employeeid":"","parent_id":"","filename":"","src_time":"","nsdeviceuid":"","browser_session_id": 0,"file_id":"","user_id":"","managementID":"","referer":"","manager":"","severity_id": 0,"malware_profile":"","usr_udf_businesssegmentlevel4":"","sanctioned_instance":"","usr_udf_companyname":"","tss_mode":"","transaction_id": 0,"fastscan_results":"","userip":"","incident_id": 0,"userPrincipalName":"","ml_detection":"","scan_time": 0,"severity":"","policy_id":"","usr_display_name":"","detection_engine":"","usr_udf_businesssegmentlevel2":"","malware_severity":"","malware_name":"","modified_date": 0,"browser_version":"","TSS-scan":"","usr_udf_businesssegmentlevel1":"","from_user":"","company":"","true_filetype":"","tss_license":"","malware_type":"","page_site":"","src_timezone":"","hostname":"","tss_scan_failed":"","usr_udf_supervisorname":"","shared_type":"","local_md5":"","os_version":""}

{"_id":"1b8dc3632f12c683387d7da7","access_method":"API Connector","acked":"true","action":"alert","activity":"Create","alert":"yes","alert_name":"Malware alert","alert_type":"Malware","app":"Willis Towers Watson HR Software","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 31,"ccl":"poor","count": 1,"device":"Other","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.204","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118886,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","local_sha256":"581be0a93868db224e28d09898ff1bed334a8b138dbcb7bc6291dcd180da41b8","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","object":"AMQPdmeKBFHjanpp","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Windows 11.0","policy":"policy_ga33","request_id":"2459149802892628500","scan_type":"Ongoing","site":"Towers Watsons HR Software","src_country":"NL","src_geoip_src": 2,"src_latitude": 52.3759,"src_location":"Amsterdam","src_longitude": 4.8975,"src_region":"North Holland","src_zipcode":"1012","srcip":"31.186.239.204","timestamp": 1703867765,"title":"AMQPdmeKBFHjanpp","traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0826t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0826t@test.netskope.com","file_category":"","sha1":"","managed_app":"","usr_title":"","usr_status":"","app_name":"","scanner_result":"","malware_id":"","page":"","usr_udf_businesssegmentlevel3":"","file_name":"","shared_with": [],"device_classification":"","userCountry":"","appsuite":"","app_session_id": 0,"tss_fail_reason":"","usr_udf_primarydomain":"","protocol":"","department":"","connection_id": 0,"dst_timezone":"","created_date": 0,"detection_type":"","usr_udf_supervisorid":"","usr_udf_employeeid":"","parent_id":"","filename":"","src_time":"","nsdeviceuid":"","browser_session_id": 0,"file_id":"","user_id":"","managementID":"","referer":"","manager":"","severity_id": 0,"malware_profile":"","usr_udf_businesssegmentlevel4":"","sanctioned_instance":"","usr_udf_companyname":"","tss_mode":"","transaction_id": 0,"fastscan_results":"","userip":"","incident_id": 0,"userPrincipalName":"","ml_detection":"","scan_time": 0,"severity":"","policy_id":"","usr_display_name":"","detection_engine":"","usr_udf_businesssegmentlevel2":"","malware_severity":"","malware_name":"","modified_date": 0,"browser_version":"","TSS-scan":"","usr_udf_businesssegmentlevel1":"","from_user":"","company":"","true_filetype":"","tss_license":"","malware_type":"","page_site":"","src_timezone":"","hostname":"","tss_scan_failed":"","usr_udf_supervisorname":"","shared_type":"","local_md5":"","os_version":""}

{"_id":"00cc9e2121e45879b0586cd2","access_method":"API Connector","acked":"true","action":"alert","activity":"Edit","alert":"yes","alert_name":"Security Audit","alert_type":"Security Assessment","app":"Cobra Trading","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 9,"ccl":"poor","count": 1,"device":"ZTE - N8010_CT","instance_id":"netskope.com","object":"uqRuvnduzqaQSGeK","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Android 10.0","policy":"policy_ga8","site":"Cobra Trading","timestamp": 1703658132,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0531t@test.netskope.com","user":"dte3831-am2-7379-0531t@test.netskope.com","userkey":"dte3831-am2-7379-0531t@test.netskope.com","asset_object_id":"","resource_category":"","iaas_remediated":"","sa_rule_severity":"","compliance_standards": [],"sa_profile_name":"","sa_profile_id": 0,"account_id":"","resource_group":"","region_id":"","asset_id":"","policy_id": 0,"sAMAccountName":"","iaas_asset_tags": [],"sa_rule_name":"","region_name":"","account_name":"","sa_rule_id":""}

{"_id":"25d43b9e9c380f0b01d968f3","acked":"false","action":"block","alert":"yes","alert_name":"ctep","alert_type":"ctep","app":"unblockmyweb.com","category":"Cloud Storage","cci":"","ccl":"unknown","count": 2,"device":"ZTE - P726G","dst_country":"NL","dst_geoip_src": 2,"dst_latitude": 52.3759,"dst_location":"Amsterdam","dst_longitude": 4.8975,"dst_region":"North Holland","dst_zipcode":"1012","dstip":"31.186.239.204","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Android 11.0","other_categories": [],"site":"unblockmyweb.com","src_country":"DE","src_geoip_src": 2,"src_latitude": 50.1188,"src_location":"Frankfurt am Main","src_longitude": 8.6843,"src_region":"Hesse","src_zipcode":"60313","srcip":"8.39.144.84","timestamp": 1704108988,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0850t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0850t@test.netskope.com","userkey":"dte3831-sjc1-8619-0850t@test.netskope.com","referer":"","srcport": 0,"profile_id":"","http_port": 0,"manager":"","http_method":"","ip_protocol":"","department":"","hostname":"","gid": 0,"signature_id": 0,"company":"","transaction_id": 0,"netskope_pop":"","dstport": 0,"metadata": {},"home_pop":"","tunnel_id":"","userPrincipalName":"","signature":"","userip":"","deviceClassification": []}

{"_id":"27f5171a5c4fe8c961ef9624","acked":"false","action":"alert","alert":"yes","alert_name":"ctep","alert_type":"ctep","app":"Resource Anesthesia","category":"Cloud Storage","cci": 7,"ccl":"poor","count": 1,"device":"ZTE - P188T10","dst_country":"FR","dst_geoip_src": 1,"dst_latitude": 47.89616,"dst_location":"Ballots","dst_longitude": -1.04759,"dst_region":"Pays-de-la-Loire","dstip":"193.248.155.211","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Android 10.0","other_categories": [],"site":"Resource Anesthesia","src_country":"FR","src_geoip_src": 1,"src_latitude": 47.89616,"src_location":"Ballots","src_longitude": -1.04759,"src_region":"Pays-de-la-Loire","srcip":"193.248.155.211","timestamp": 1704106417,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0743t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0743t@test.netskope.com","userkey":"dte3831-sjc1-8619-0743t@test.netskope.com","referer":"","srcport": 0,"profile_id":"","http_port": 0,"manager":"","http_method":"","ip_protocol":"","department":"","hostname":"","gid": 0,"signature_id": 0,"company":"","transaction_id": 0,"src_zipcode":"","netskope_pop":"","dstport": 0,"metadata": {},"home_pop":"","tunnel_id":"","userPrincipalName":"","dst_zipcode":"","signature":"","userip":"","deviceClassification": []}

{"_id":"295a93468e40be9d75394551","acked":"false","action":"alert","alert":"yes","alert_name":"ctep","alert_type":"ctep","app":"Society for Human Resource Management","category":"Cloud Storage","cci": 16,"ccl":"poor","count": 1,"device":"Other","dst_country":"US","dst_geoip_src": 2,"dst_latitude": 45.8234,"dst_location":"Boardman","dst_longitude": -119.7257,"dst_region":"Oregon","dst_zipcode":"97818","dstip":"52.218.153.131","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Windows 10.0","other_categories": [],"site":"Society for Human Resource Management","src_country":"IN","src_geoip_src": 2,"src_latitude": 12.9634,"src_location":"Bengaluru","src_longitude": 77.5855,"src_region":"Karnataka","src_zipcode":"560058","srcip":"182.75.130.70","timestamp": 1704106266,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0169t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-sjc1-8619-0169t@test.netskope.com","userkey":"dte3831-sjc1-8619-0169t@test.netskope.com","referer":"","srcport": 0,"profile_id":"","http_port": 0,"manager":"","http_method":"","ip_protocol":"","department":"","hostname":"","gid": 0,"signature_id": 0,"company":"","transaction_id": 0,"netskope_pop":"","dstport": 0,"metadata": {},"home_pop":"","tunnel_id":"","userPrincipalName":"","signature":"","userip":"","deviceClassification": []}

{"_id":"4ec61988f060fab4eaece27d","access_method":"IPSec","app":"","appcategory":"Technology","bypass_reason":"Steering Exception - Default tenant config","bypass_traffic":"yes","category":"Technology","cci": 0,"ccl":"unknown","connection_id": 0,"count": 1,"domain":"v10.events.data.microsoft.com","dst_country":"JP","dst_latitude": 35.6893,"dst_location":"Tokyo","dst_longitude": 139.6899,"dst_region":"Tokyo","dst_timezone":"Asia/Tokyo","dst_zipcode":"102-0082","dstip":"40.79.197.34","dstport": 443,"netskope_pop":"US-LAX1","organization_unit":"","other_categories": [ "Technology", "All Categories", "Business"],"page":"v10.events.data.microsoft.com","request_id": 2723799058962647000,"site":"microsoft","src_country":"US","src_latitude": 40.33253860473633,"src_location":"Doylestown","src_longitude": -75.11663818359375,"src_region":"Pennsylvania","src_time":"Mon Dec4 13:28:00 2023","src_timezone":"America/New_York","src_zipcode":"N/A","srcip":"166.173.187.29","ssl_decrypt_policy":"no","timestamp": 1701714497,"traffic_type":"Web","transaction_id": 0,"type":"connection","ur_normalized":"10.220.80.43","url":"v10.events.data.microsoft.com","user":"10.220.80.43","user_generated":"yes","userip":"10.220.80.43","userkey":"10.220.80.43","server_bytes": 0,"dsthost":"","src_geoip_src": 0,"protocol":"","sessionid":"","resp_content_len": 0,"numbytes": 0,"resp_cnt": 0,"conn_starttime": 0,"CononicalName":"","http_transaction_count": 0,"useragent":"","suppression_end_time": 0,"os_version":"","org":"","browser_version":"","forward_to_proxy_profile":"","device":"","sAMAccountName":"","dynamic_classification":"","resp_content_type":"","log_file_name":"","serial":"","policy":"","conn_endtime": 0,"req_cnt": 0,"browser":"","fromlogs":"","conn_duration": 0,"hostname":"","client_bytes": 0,"suppression_start_time": 0,"network":"","app_session_id": 0,"os":"","dst_geoip_src": 0,"severity":"","browser_session_id": 0,"userPrincipalName":""}

{"_id":"6c74dbf7c1167da0361714df","access_method":"IPSec","app":"","appcategory":"Technology","bypass_reason":"Steering Exception - Default tenant config","bypass_traffic":"yes","category":"Technology","cci": 0,"ccl":"unknown","connection_id": 0,"count": 1,"domain":"settings-win.data.microsoft.com","dst_country":"IN","dst_latitude": 18.6161,"dst_location":"Pune","dst_longitude": 73.7286,"dst_region":"Maharashtra","dst_timezone":"Asia/Kolkata","dst_zipcode":"411005","dstip":"52.140.118.28","dstport": 443,"netskope_pop":"US-LAX1","organization_unit":"","other_categories": [ "Technology", "All Categories", "Business"],"page":"settings-win.data.microsoft.com","request_id": 2723803994643433500,"site":"microsoft","src_country":"US","src_latitude": 40.33253860473633,"src_location":"Doylestown","src_longitude": -75.11663818359375,"src_region":"Pennsylvania","src_time":"Mon Dec4 13:37:08 2023","src_timezone":"America/New_York","src_zipcode":"N/A","srcip":"166.173.187.29","ssl_decrypt_policy":"no","timestamp": 1701715086,"traffic_type":"Web","transaction_id": 0,"type":"connection","ur_normalized":"10.220.80.43","url":"settings-win.data.microsoft.com","user":"10.220.80.43","user_generated":"yes","userip":"10.220.80.43","userkey":"10.220.80.43","server_bytes": 0,"dsthost":"","src_geoip_src": 0,"protocol":"","sessionid":"","resp_content_len": 0,"numbytes": 0,"resp_cnt": 0,"conn_starttime": 0,"CononicalName":"","http_transaction_count": 0,"useragent":"","suppression_end_time": 0,"os_version":"","org":"","browser_version":"","forward_to_proxy_profile":"","device":"","sAMAccountName":"","dynamic_classification":"","resp_content_type":"","log_file_name":"","serial":"","policy":"","conn_endtime": 0,"req_cnt": 0,"browser":"","fromlogs":"","conn_duration": 0,"hostname":"","client_bytes": 0,"suppression_start_time": 0,"network":"","app_session_id": 0,"os":"","dst_geoip_src": 0,"severity":"","browser_session_id": 0,"userPrincipalName":""}

{"_id":"c9313f57c168752dac102c0c","access_method":"IPSec","app":"","appcategory":"Technology","bypass_reason":"Steering Exception - Default tenant config","bypass_traffic":"yes","category":"Technology","cci": 0,"ccl":"unknown","connection_id": 0,"count": 1,"domain":"ctldl.windowsupdate.com","dst_country":"US","dst_latitude": 41.8486,"dst_location":"Chicago","dst_longitude": -87.6288,"dst_region":"Illinois","dst_timezone":"America/Chicago","dst_zipcode":"60616","dstip":"72.21.81.240","dstport": 80,"netskope_pop":"US-LAX1","organization_unit":"","other_categories": [ "Technology", "All Categories"],"page":"ctldl.windowsupdate.com","request_id": 2723804510442161000,"site":"windowsupdate","src_country":"US","src_latitude": 40.33253860473633,"src_location":"Doylestown","src_longitude": -75.11663818359375,"src_region":"Pennsylvania","src_time":"Mon Dec4 13:40:08 2023","src_timezone":"America/New_York","src_zipcode":"N/A","srcip":"166.173.187.29","ssl_decrypt_policy":"no","timestamp": 1701715206,"traffic_type":"Web","transaction_id": 6175170875803598000,"type":"connection","ur_normalized":"10.220.80.43","url":"ctldl.windowsupdate.com","user":"10.220.80.43","user_generated":"yes","userip":"10.220.80.43","userkey":"10.220.80.43","server_bytes": 0,"dsthost":"","src_geoip_src": 0,"protocol":"","sessionid":"","resp_content_len": 0,"numbytes": 0,"resp_cnt": 0,"conn_starttime": 0,"CononicalName":"","http_transaction_count": 0,"useragent":"","suppression_end_time": 0,"os_version":"","org":"","browser_version":"","forward_to_proxy_profile":"","device":"","sAMAccountName":"","dynamic_classification":"","resp_content_type":"","log_file_name":"","serial":"","policy":"","conn_endtime": 0,"req_cnt": 0,"browser":"","fromlogs":"","conn_duration": 0,"hostname":"","client_bytes": 0,"suppression_start_time": 0,"network":"","app_session_id": 0,"os":"","dst_geoip_src": 0,"severity":"","browser_session_id": 0,"userPrincipalName":""}

{"_id":"8d715ef0b6880548ba4c7bbd","acked":"true","alert":"yes","alert_name":"Secret share","alert_type":"Compromised Credential","app":"Free Logo Services","category":"Cloud Storage","cci": 20,"ccl":"poor","count": 1,"organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","timestamp": 1703745479,"type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0960t@test.netskope.com","user":"dte3831-sjc1-8619-0960t@test.netskope.com","userkey":"dte3831-sjc1-8619-0960t@test.netskope.com","division":"","breach_target_references":"","password_type":"","distinguishedName":"","mail":"","external_email": 0,"breach_score":"","sAMAccountName":"","employeeType":"","userPrincipalName":"","matched_username":"","breach_media_references":"","email_source":"","department":"","breach_id":"","breach_description":"","sAMAccountType":"","breach_date": 0}

{"_id":"8f2e0d7f05ebd5d5bebdd003","acked":"true","alert":"yes","alert_name":"Secret share","alert_type":"Compromised Credential","app":"Miller Heiman Group","category":"Cloud Storage","cci": 8,"ccl":"poor","count": 1,"organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","timestamp": 1703745850,"type":"nspolicy","ur_normalized":"dte3831-sjc1-8619-0347t@test.netskope.com","user":"dte3831-sjc1-8619-0347t@test.netskope.com","userkey":"dte3831-sjc1-8619-0347t@test.netskope.com","division":"","breach_target_references":"","password_type":"","distinguishedName":"","mail":"","external_email": 0,"breach_score":"","sAMAccountName":"","employeeType":"","userPrincipalName":"","matched_username":"","breach_media_references":"","email_source":"","department":"","breach_id":"","breach_description":"","sAMAccountType":"","breach_date": 0}

{"_id":"934ed8d34702013c8386de23","access_method":"API Connector","acked":"false","action":"block","activity":"Login Failed","alert":"yes","alert_name":"Policy violation","alert_type":"policy","app":"Access FMS","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 25,"ccl":"poor","count": 2,"device":"iPhone 7","dst_country":"US","dst_geoip_src": 2,"dst_latitude": 32.7936,"dst_location":"San Diego","dst_longitude": -117.0689,"dst_region":"California","dst_zipcode":"92120","dstip":"98.176.143.16","exposure":"organisation_wide_link","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118467,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"WtSEMFZVjENdlacn","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS10.1","other_categories": [],"owner":"dte3831-am2-7379-0765t@test.netskope.com","policy":"policy_ga28","request_id":"2459149802892628500","scan_type":"Ongoing","site":"Access FocalPoint","src_country":"DE","src_geoip_src": 2,"src_latitude": 50.1188,"src_location":"Frankfurt am Main","src_longitude": 8.6843,"src_region":"Hesse","src_zipcode":"60313","srcip":"8.39.144.84","suppression_key":"Tenant Migration across MPs","timestamp": 1703894378,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0619t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0619t@test.netskope.com","nsdeviceuid":"","malware_severity":"","parent_id":"","displayName":"","distinguishedName":"","last_name":"","srcport": 0,"manager":"","dstport": 0,"dsthost":"","app_activity":"","client_packets": 0,"network":"","num_sessions": 0,"all_policy_matches": [],"q_app":"","src_timezone":"","org":"","userip":"","access_key_id":"","browser_session_id": 0,"orignal_file_path":"","network_session_id":"","conn_duration": 0,"protocol_port":"","tss_mode":"","severity":"","useragent":"","resp_cnt": 0,"suppression_end_time": 0,"managementID":"","numbytes": 0,"smtp_to": [],"os_version":"","gateway":"","end_time":"","src_time":"","universal_connector":"","connection_id": 0,"cc":"","internal_collaborator_count": 0,"session_duration": 0,"quarantine_file_name":"","tunnel_up_time": 0,"q_original_shared":"","ip_protocol":"","quarantine_file_id":"","q_admin":"","activity_status":"","division":"","publisher_name":"","q_instance":"","sanctioned_instance":"","Title":"","dlp_scan_failed":"","notify_template":"","suppression_start_time": 0,"trust_computer_checked":"","tss_fail_reason":"","server_packets": 0,"dynamic_classification":"","file_id":"","file_category":"","user_tmp":"","log_file_name":"","telemetry_app":"","bcc":"","mail":"","hostname":"","remediation_profile":"","data_type":"","profile_emails": [],"total_collaborator_count": 0,"memberOf":"","app_session_id": 0,"publisher_cn":"","policy_id":"","quarantine_profile":"","threat_match_field":"","dlp_profile":"","malsite_category": [],"sAMAccountType":"","forward_to_proxy_xau":"","redirect_url":"","managed_app":"","quarantine_profile_id":"","tunnel_type":"","shared_with":"","malicious":"","appsuite":"","tss-mode":"","aggregated_user":"","page":"","event_type":"","http_status":"","sfwder":"","two_factor_auth":"","incident_id": 0,"to_storage":"","activity_type":"","malware_name":"","encrypt_failure":"","browser_version":"","tunnel_id":"","client_bytes": 0,"threat_match_value":"","malware_type":"","act_user":"","message_id":"","justification_type":"","justification_reason":"","group":"","sessionid":"","from_object":"","smtp_status":"","req_cnt": 0,"app_scopes":"","from_storage":"","referer":"","q_original_filename":"","malware_id":"","external_collaborator_count": 0,"message_size": 0,"transaction_id": 0,"device_classification":"","total_packets": 0,"serial":"","user_id":"","from_user":"","sender":"","to_object":"","q_original_version":"","dlp_fail_reason":"","custom_connector":"","object_count": 0,"threat_source_id": 0,"tss_scan_failed":"","start_time":"","dst_timezone":"","TSS-scan":"","q_original_filepath":"","to_user":"","protocol":"","risk_level":"","shared_domains":"","userCountry":"","sAMAccountName":"","server_bytes": 0,"page_site":""}

{"_id":"939da880f2b22b1350bfe326","access_method":"API Connector","acked":"true","action":"","activity":"Upload","alert":"yes","alert_name":"Policy violation","alert_type":"policy","app":"Ademero Content Central","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 33,"ccl":"poor","count": 1,"device":"iPhone 7 Plus","dst_country":"US","dst_geoip_src": 2,"dst_latitude": 45.8234,"dst_location":"Boardman","dst_longitude": -119.7257,"dst_region":"Oregon","dst_zipcode":"97818","dstip":"52.218.153.131","exposure":"organisation_wide_link","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118756,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"EqJnoXsTiEftwzzw","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS10.1","other_categories": [],"owner":"dte3831-am2-7379-0097t@test.netskope.com","policy":"policy_ga26","request_id":"2459149802892628500","scan_type":"Ongoing","site":"Ademero Content Central","src_country":"NL","src_geoip_src": 2,"src_latitude": 52.3759,"src_location":"Amsterdam","src_longitude": 4.8975,"src_region":"North Holland","src_zipcode":"1012","srcip":"31.186.239.204","suppression_key":"Tenant Migration across MPs","timestamp": 1703894673,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0408t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0408t@test.netskope.com","nsdeviceuid":"","malware_severity":"","parent_id":"","displayName":"","distinguishedName":"","last_name":"","srcport": 0,"manager":"","dstport": 0,"dsthost":"","app_activity":"","client_packets": 0,"network":"","num_sessions": 0,"all_policy_matches": [],"q_app":"","src_timezone":"","org":"","userip":"","access_key_id":"","browser_session_id": 0,"orignal_file_path":"","network_session_id":"","conn_duration": 0,"protocol_port":"","tss_mode":"","severity":"","useragent":"","resp_cnt": 0,"suppression_end_time": 0,"managementID":"","numbytes": 0,"smtp_to": [],"os_version":"","gateway":"","end_time":"","src_time":"","universal_connector":"","connection_id": 0,"cc":"","internal_collaborator_count": 0,"session_duration": 0,"quarantine_file_name":"","tunnel_up_time": 0,"q_original_shared":"","ip_protocol":"","quarantine_file_id":"","q_admin":"","activity_status":"","division":"","publisher_name":"","q_instance":"","sanctioned_instance":"","Title":"","dlp_scan_failed":"","notify_template":"","suppression_start_time": 0,"trust_computer_checked":"","tss_fail_reason":"","server_packets": 0,"dynamic_classification":"","file_id":"","file_category":"","user_tmp":"","log_file_name":"","telemetry_app":"","bcc":"","mail":"","hostname":"","remediation_profile":"","data_type":"","profile_emails": [],"total_collaborator_count": 0,"memberOf":"","app_session_id": 0,"publisher_cn":"","policy_id":"","quarantine_profile":"","threat_match_field":"","dlp_profile":"","malsite_category": [],"sAMAccountType":"","forward_to_proxy_xau":"","redirect_url":"","managed_app":"","quarantine_profile_id":"","tunnel_type":"","shared_with":"","malicious":"","appsuite":"","tss-mode":"","aggregated_user":"","page":"","event_type":"","http_status":"","sfwder":"","two_factor_auth":"","incident_id": 0,"to_storage":"","activity_type":"","malware_name":"","encrypt_failure":"","browser_version":"","tunnel_id":"","client_bytes": 0,"threat_match_value":"","malware_type":"","act_user":"","message_id":"","justification_type":"","justification_reason":"","group":"","sessionid":"","from_object":"","smtp_status":"","req_cnt": 0,"app_scopes":"","from_storage":"","referer":"","q_original_filename":"","malware_id":"","external_collaborator_count": 0,"message_size": 0,"transaction_id": 0,"device_classification":"","total_packets": 0,"serial":"","user_id":"","from_user":"","sender":"","to_object":"","q_original_version":"","dlp_fail_reason":"","custom_connector":"","object_count": 0,"threat_source_id": 0,"tss_scan_failed":"","start_time":"","dst_timezone":"","TSS-scan":"","q_original_filepath":"","to_user":"","protocol":"","risk_level":"","shared_domains":"","userCountry":"","sAMAccountName":"","server_bytes": 0,"page_site":""}

{"_id":"9c76516d7648d674cbb0e806","access_method":"API Connector","acked":"true","action":"","activity":"Upload","alert":"yes","alert_name":"Policy violation","alert_type":"policy","app":"icanmakeitbetter","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 8,"ccl":"poor","count": 1,"device":"Other","dst_country":"US","dst_geoip_src": 2,"dst_latitude": 45.8234,"dst_location":"Boardman","dst_longitude": -119.7257,"dst_region":"Oregon","dst_zipcode":"97818","dstip":"52.218.153.131","exposure":"organisation_wide_link","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118795,"file_type":"application/vnd.google-apps.document","instance":"netskope.com","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"VjMawJfSUEHWYsrU","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Windows 10.0","other_categories": [],"owner":"dte3831-am2-7379-0811t@test.netskope.com","policy":"policy_ga43","request_id":"2459149802892628500","scan_type":"Ongoing","site":"icanmakeitbetter","src_country":"FR","src_geoip_src": 1,"src_latitude": 47.89616,"src_location":"Ballots","src_longitude": -1.04759,"src_region":"Pays-de-la-Loire","srcip":"193.248.155.211","suppression_key":"Tenant Migration across MPs","timestamp": 1703894023,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0931t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0931t@test.netskope.com","nsdeviceuid":"","malware_severity":"","parent_id":"","displayName":"","distinguishedName":"","last_name":"","srcport": 0,"manager":"","dstport": 0,"dsthost":"","app_activity":"","client_packets": 0,"network":"","num_sessions": 0,"all_policy_matches": [],"q_app":"","src_timezone":"","org":"","userip":"","access_key_id":"","browser_session_id": 0,"orignal_file_path":"","network_session_id":"","conn_duration": 0,"protocol_port":"","tss_mode":"","severity":"","useragent":"","resp_cnt": 0,"suppression_end_time": 0,"managementID":"","numbytes": 0,"smtp_to": [],"os_version":"","gateway":"","end_time":"","src_time":"","universal_connector":"","connection_id": 0,"cc":"","internal_collaborator_count": 0,"session_duration": 0,"quarantine_file_name":"","tunnel_up_time": 0,"q_original_shared":"","ip_protocol":"","quarantine_file_id":"","q_admin":"","activity_status":"","division":"","publisher_name":"","q_instance":"","sanctioned_instance":"","Title":"","dlp_scan_failed":"","notify_template":"","suppression_start_time": 0,"trust_computer_checked":"","tss_fail_reason":"","server_packets": 0,"dynamic_classification":"","file_id":"","file_category":"","user_tmp":"","log_file_name":"","telemetry_app":"","bcc":"","mail":"","hostname":"","remediation_profile":"","data_type":"","profile_emails": [],"total_collaborator_count": 0,"memberOf":"","app_session_id": 0,"publisher_cn":"","policy_id":"","quarantine_profile":"","threat_match_field":"","dlp_profile":"","malsite_category": [],"sAMAccountType":"","forward_to_proxy_xau":"","redirect_url":"","managed_app":"","quarantine_profile_id":"","tunnel_type":"","shared_with":"","malicious":"","appsuite":"","tss-mode":"","aggregated_user":"","page":"","event_type":"","http_status":"","sfwder":"","two_factor_auth":"","incident_id": 0,"to_storage":"","activity_type":"","malware_name":"","encrypt_failure":"","browser_version":"","tunnel_id":"","client_bytes": 0,"threat_match_value":"","malware_type":"","act_user":"","message_id":"","justification_type":"","justification_reason":"","group":"","sessionid":"","from_object":"","smtp_status":"","req_cnt": 0,"app_scopes":"","from_storage":"","referer":"","q_original_filename":"","malware_id":"","external_collaborator_count": 0,"message_size": 0,"transaction_id": 0,"device_classification":"","total_packets": 0,"serial":"","user_id":"","from_user":"","sender":"","to_object":"","q_original_version":"","dlp_fail_reason":"","custom_connector":"","object_count": 0,"threat_source_id": 0,"tss_scan_failed":"","start_time":"","src_zipcode":"","dst_timezone":"","TSS-scan":"","q_original_filepath":"","to_user":"","protocol":"","risk_level":"","shared_domains":"","userCountry":"","sAMAccountName":"","server_bytes": 0,"page_site":""}

{"_id":"1c82e5a5f4eb4e2f20d3d1b8","access_method":"API Connector","acked":"true","action":"","alert":"yes","alert_name":"Quarantine held","alert_type":"quarantine","app":"Hilton Head Island","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci":"","ccl":"unknown","count": 1,"device":"iPhone 7","exposure":"organisation_wide_link","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 119314,"file_type":"application/vnd.google-apps.document","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"AsaakPLmfJjYxnZk","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS11.1","other_categories": [],"owner":"dte3831-am2-7379-0267t@test.netskope.com","policy":"policy_ga10","scan_type":"Ongoing","site":"Hilton Head Island","suppression_key":"Tenant Migration across MPs","timestamp": 1704015600,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0888t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0888t@test.netskope.com","userkey":"dte3831-am2-7379-0888t@test.netskope.com","q_original_version":"","q_original_filename":"","user_id":"","quarantine_profile_id":"","q_app":"","department":"","quarantine_file_name":"","shared_with":"","profile_emails": [],"q_admin":"","from_user":"","manager":"","quarantine_file_id":"","quarantine_profile":"","q_original_shared":"","file_id":"","departmentNumber":"","orignal_file_path":"","q_original_filepath":"","q_instance":"","dlp_profile":""}

{"_id":"1d66e80e1e3ab5ea0cf11752","access_method":"API Connector","acked":"false","action":"alert","alert":"yes","alert_name":"Quarantine held","alert_type":"quarantine","app":"TIBCO Spotfire Cloud","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 60,"ccl":"medium","count": 1,"device":"iPhone 8 Plus","exposure":"organisation_wide_link","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118466,"file_type":"application/vnd.google-apps.document","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"xRGSBpbZaSJWNAMl","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS9.6","other_categories": [],"owner":"dte3831-am2-7379-0971t@test.netskope.com","policy":"policy_ga14","scan_type":"Ongoing","site":"TIBCO Spotfire Cloud","suppression_key":"Tenant Migration across MPs","timestamp": 1704015640,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0400t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0400t@test.netskope.com","userkey":"dte3831-am2-7379-0400t@test.netskope.com","q_original_version":"","q_original_filename":"","user_id":"","quarantine_profile_id":"","q_app":"","department":"","quarantine_file_name":"","shared_with":"","profile_emails": [],"q_admin":"","from_user":"","manager":"","quarantine_file_id":"","quarantine_profile":"","q_original_shared":"","file_id":"","departmentNumber":"","orignal_file_path":"","q_original_filepath":"","q_instance":"","dlp_profile":""}

{"_id":"20a6070d04abf45a7c36fad5","access_method":"API Connector","acked":"true","action":"alert","alert":"yes","alert_name":"Quarantine held","alert_type":"quarantine","app":"Veeva Vault eTMF","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 41,"ccl":"poor","count": 1,"device":"iPhone 6S","exposure":"organisation_wide_link","file_path":"/My Drive/Clickhouse/Tenant Migration across MPs","file_size": 118702,"file_type":"application/vnd.google-apps.document","instance_id":"netskope.com","md5":"4bf7680195ecaed55e3edabb5d95ca01","mime_type":"application/vnd.google-apps.document","modified": 1613760236,"object":"ysVbxzjKJPncJDsj","object_id":"14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS9.6","other_categories": [],"owner":"dte3831-am2-7379-0753t@test.netskope.com","policy":"policy_ga27","scan_type":"Ongoing","site":"Veeva Vault eTMF","suppression_key":"Tenant Migration across MPs","timestamp": 1704014997,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0547t@test.netskope.com","url":"https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg","user":"dte3831-am2-7379-0547t@test.netskope.com","userkey":"dte3831-am2-7379-0547t@test.netskope.com","q_original_version":"","q_original_filename":"","user_id":"","quarantine_profile_id":"","q_app":"","department":"","quarantine_file_name":"","shared_with":"","profile_emails": [],"q_admin":"","from_user":"","manager":"","quarantine_file_id":"","quarantine_profile":"","q_original_shared":"","file_id":"","departmentNumber":"","orignal_file_path":"","q_original_filepath":"","q_instance":"","dlp_profile":""}

{"_id":"00cc9e2121e45879b0586cd2","access_method":"API Connector","acked":"true","action":"alert","activity":"Edit","alert":"yes","alert_name":"Security Audit","alert_type":"Security Assessment","app":"Cobra Trading","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 9,"ccl":"poor","count": 1,"device":"ZTE - N8010_CT","instance_id":"netskope.com","object":"uqRuvnduzqaQSGeK","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Android 10.0","policy":"policy_ga8","site":"Cobra Trading","timestamp": 1703658132,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0531t@test.netskope.com","user":"dte3831-am2-7379-0531t@test.netskope.com","userkey":"dte3831-am2-7379-0531t@test.netskope.com","region_name":"","compliance_standards": [],"sa_rule_name":"","sa_profile_name":"","policy_id": 0,"account_name":"","sa_rule_severity":"","sa_rule_id":"","iaas_asset_tags": [],"sAMAccountName":"","sa_profile_id": 0,"iaas_remediated":"","resource_category":"","asset_object_id":"","account_id":"","resource_group":"","asset_id":"","region_id":""}

{"_id":"02fc61fbf654a3d4212a42c5","access_method":"API Connector","acked":"true","action":"block","activity":"Delete","alert":"yes","alert_name":"Security Audit","alert_type":"Security Assessment","app":"Pro-Football-Reference.com","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci":"","ccl":"unknown","count": 1,"device":"ZTE - P726G","instance_id":"netskope.com","object":"xvOEMrRQWxoMxWMP","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"Android 11.0","policy":"default","site":"Pro-Football-Reference.com","timestamp": 1703658122,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0931t@test.netskope.com","user":"dte3831-am2-7379-0931t@test.netskope.com","userkey":"dte3831-am2-7379-0931t@test.netskope.com","region_name":"","compliance_standards": [],"sa_rule_name":"","sa_profile_name":"","policy_id": 0,"account_name":"","sa_rule_severity":"","sa_rule_id":"","iaas_asset_tags": [],"sAMAccountName":"","sa_profile_id": 0,"iaas_remediated":"","resource_category":"","asset_object_id":"","account_id":"","resource_group":"","asset_id":"","region_id":""}

{"_id":"03c78c8f27cfe3dfa4a9e1d5","access_method":"API Connector","acked":"true","action":"","activity":"Delete","alert":"yes","alert_name":"Security Audit","alert_type":"Security Assessment","app":"VoiceCloud Upload Any Audio File","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 14,"ccl":"poor","count": 1,"device":"12.9-inch iPad Pro","instance_id":"netskope.com","object":"DxcxbTBqCzSrcobL","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS9.6","policy":"policy_ga24","site":"Voicecloud-Upload Any Audio File","timestamp": 1703658263,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0272t@test.netskope.com","user":"dte3831-am2-7379-0272t@test.netskope.com","userkey":"dte3831-am2-7379-0272t@test.netskope.com","region_name":"","compliance_standards": [],"sa_rule_name":"","sa_profile_name":"","policy_id": 0,"account_name":"","sa_rule_severity":"","sa_rule_id":"","iaas_asset_tags": [],"sAMAccountName":"","sa_profile_id": 0,"iaas_remediated":"","resource_category":"","asset_object_id":"","account_id":"","resource_group":"","asset_id":"","region_id":""}

{"_id":"0cddf2b97486894cbc183857","access_method":"API Connector","acked":"false","action":"alert","activity":"Create","alert":"yes","alert_name":"Security Audit","alert_type":"Security Assessment","app":"Socia Mokuhyo Kanri Kouka System","appcategory":"Cloud Storage","browser":"unknown","category":"Cloud Storage","cci": 32,"ccl":"poor","count": 1,"device":"iPhone 11","instance_id":"netskope.com","object":"SumVWpQKxOCREnzM","object_type":"File","organization_unit":"netskope.local/Netskope/Active Users/US & International/Full Time","os":"iOS11.1","policy":"policy_ga50","site":"Socia Mokuhyo Kanri Kouka System","timestamp": 1703658958,"traffic_type":"CloudApp","type":"nspolicy","ur_normalized":"dte3831-am2-7379-0007t@test.netskope.com","user":"dte3831-am2-7379-0007t@test.netskope.com","userkey":"dte3831-am2-7379-0007t@test.netskope.com","region_name":"","compliance_standards": [],"sa_rule_name":"","sa_profile_name":"","policy_id": 0,"account_name":"","sa_rule_severity":"","sa_rule_id":"","iaas_asset_tags": [],"sAMAccountName":"","sa_profile_id": 0,"iaas_remediated":"","resource_category":"","asset_object_id":"","account_id":"","resource_group":"","asset_id":"","region_id":""}