{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "# Entity Explorer - Account\n",
    " <details>\n",
    "     <summary>&nbsp;<u>Details...</u></summary>\n",
    "\n",
    " **Notebook Version:** 1.0<br>\n",
    " **Python Version:** Python 3.6 (including Python 3.6 - AzureML)<br>\n",
    " **Required Packages**: kqlmagic, msticpy, pandas, numpy, matplotlib, networkx, ipywidgets, ipython, dnspython, ipwhois, folium, maxminddb_geolite2<br>\n",
    " **Platforms Supported**:\n",
    " - Azure Notebooks Free Compute\n",
    " - Azure Notebooks DSVM\n",
    " - OS Independent\n",
    "\n",
    " **Data Sources Required**:\n",
    " - Log Analytics - SecurityAlert, SecurityEvent, HuntingBookmark, Syslog, AAD SigninLogs, AzureActivity, OfficeActivity, ThreatIndicator\n",
    " - (Optional) - VirusTotal, AlienVault OTX, IBM XForce, Open Page Rank, (all require accounts and API keys)\n",
    " </details>\n",
    "\n",
    " Brings together a series of queries and visualizations to help you determine the security state of an Account. The account can be a Windows or Linux account or an Azure Active Directory/Office 365 account."
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {
    "toc": true
   },
   "source": [
    "<h1>Contents<span class=\"tocSkip\"></span></h1>\n",
    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#Hunting-Hypothesis\" data-toc-modified-id=\"Hunting-Hypothesis-1\"><span class=\"toc-item-num\">1&nbsp;&nbsp;</span>Hunting Hypothesis</a></span></li><li><span><a href=\"#Notebook-Initialization\" data-toc-modified-id=\"Notebook-Initialization-2\"><span class=\"toc-item-num\">2&nbsp;&nbsp;</span>Notebook Initialization</a></span><ul class=\"toc-item\"><li><span><a href=\"#Get-Workspace-and-Authenticate\" data-toc-modified-id=\"Get-Workspace-and-Authenticate-2.1\"><span class=\"toc-item-num\">2.1&nbsp;&nbsp;</span>Get Workspace and Authenticate</a></span><ul class=\"toc-item\"><li><span><a href=\"#Authentication-and-Configuration-Problems\" data-toc-modified-id=\"Authentication-and-Configuration-Problems-2.1.1\"><span class=\"toc-item-num\">2.1.1&nbsp;&nbsp;</span>Authentication and Configuration Problems</a></span></li></ul></li></ul></li><li><span><a href=\"#Enter-account-name-and-query-time-window\" data-toc-modified-id=\"Enter-account-name-and-query-time-window-3\"><span class=\"toc-item-num\">3&nbsp;&nbsp;</span>Enter account name and query time window</a></span></li><li><span><a href=\"#Data-Sources-available-to-query\" data-toc-modified-id=\"Data-Sources-available-to-query-4\"><span class=\"toc-item-num\">4&nbsp;&nbsp;</span>Data Sources available to query</a></span></li><li><span><a href=\"#Search-for-Account-Name-in-Host,-Azure-Active-Directory-(AAD),-Azure-and-Office-365-Data.\" data-toc-modified-id=\"Search-for-Account-Name-in-Host,-Azure-Active-Directory-(AAD),-Azure-and-Office-365-Data.-5\"><span class=\"toc-item-num\">5&nbsp;&nbsp;</span>Search for Account Name in Host, Azure Active Directory (AAD), Azure and Office 365 Data.</a></span><ul class=\"toc-item\"><li><span><a href=\"#Query-Data-Sources\" data-toc-modified-id=\"Query-Data-Sources-5.1\"><span class=\"toc-item-num\">5.1&nbsp;&nbsp;</span>Query Data Sources</a></span></li></ul></li><li><span><a href=\"#Display-logons-from-account-sources\" data-toc-modified-id=\"Display-logons-from-account-sources-6\"><span class=\"toc-item-num\">6&nbsp;&nbsp;</span>Display logons from account sources</a></span></li><li><span><a href=\"#Related-Alerts-and-Hunting-Bookmarks\" data-toc-modified-id=\"Related-Alerts-and-Hunting-Bookmarks-7\"><span class=\"toc-item-num\">7&nbsp;&nbsp;</span>Related Alerts and Hunting Bookmarks</a></span><ul class=\"toc-item\"><li><span><a href=\"#Alerts\" data-toc-modified-id=\"Alerts-7.1\"><span class=\"toc-item-num\">7.1&nbsp;&nbsp;</span>Alerts</a></span></li><li><span><a href=\"#Hunting/Investigation-Bookmarks\" data-toc-modified-id=\"Hunting/Investigation-Bookmarks-7.2\"><span class=\"toc-item-num\">7.2&nbsp;&nbsp;</span>Hunting/Investigation Bookmarks</a></span></li></ul></li><li><span><a href=\"#Further-Investigation\" data-toc-modified-id=\"Further-Investigation-8\"><span class=\"toc-item-num\">8&nbsp;&nbsp;</span>Further Investigation</a></span></li><li><span><a href=\"#Windows-Host\" data-toc-modified-id=\"Windows-Host-9\"><span class=\"toc-item-num\">9&nbsp;&nbsp;</span>Windows Host</a></span><ul class=\"toc-item\"><li><span><a href=\"#Host-Logon-Summary\" data-toc-modified-id=\"Host-Logon-Summary-9.1\"><span class=\"toc-item-num\">9.1&nbsp;&nbsp;</span>Host Logon Summary</a></span></li><li><span><a href=\"#Threat-Intelligence-for-logon-IP-Addresses\" data-toc-modified-id=\"Threat-Intelligence-for-logon-IP-Addresses-9.2\"><span class=\"toc-item-num\">9.2&nbsp;&nbsp;</span>Threat Intelligence for logon IP Addresses</a></span></li><li><span><a href=\"#Geolocation-and-ownership-for-source-logon-IP-addresses\" data-toc-modified-id=\"Geolocation-and-ownership-for-source-logon-IP-addresses-9.3\"><span class=\"toc-item-num\">9.3&nbsp;&nbsp;</span>Geolocation and ownership for source logon IP addresses</a></span></li><li><span><a href=\"#Additional-Alerts-for-logged-on-hosts\" data-toc-modified-id=\"Additional-Alerts-for-logged-on-hosts-9.4\"><span class=\"toc-item-num\">9.4&nbsp;&nbsp;</span>Additional Alerts for logged-on hosts</a></span><ul class=\"toc-item\"><li><span><a href=\"#Additional-alerts-for-source-IP-addresses\" data-toc-modified-id=\"Additional-alerts-for-source-IP-addresses-9.4.1\"><span class=\"toc-item-num\">9.4.1&nbsp;&nbsp;</span>Additional alerts for source IP addresses</a></span></li></ul></li><li><span><a href=\"#Additional-Investigation-Bookmarks-for-logged-on-hosts\" data-toc-modified-id=\"Additional-Investigation-Bookmarks-for-logged-on-hosts-9.5\"><span class=\"toc-item-num\">9.5&nbsp;&nbsp;</span>Additional Investigation Bookmarks for logged-on hosts</a></span></li></ul></li><li><span><a href=\"#Linux-Host\" data-toc-modified-id=\"Linux-Host-10\"><span class=\"toc-item-num\">10&nbsp;&nbsp;</span>Linux Host</a></span><ul class=\"toc-item\"><li><span><a href=\"#Host-Logon-Summary\" data-toc-modified-id=\"Host-Logon-Summary-10.1\"><span class=\"toc-item-num\">10.1&nbsp;&nbsp;</span>Host Logon Summary</a></span></li><li><span><a href=\"#Threat-Intelligence-for-logon-IP-Addresses\" data-toc-modified-id=\"Threat-Intelligence-for-logon-IP-Addresses-10.2\"><span class=\"toc-item-num\">10.2&nbsp;&nbsp;</span>Threat Intelligence for logon IP Addresses</a></span></li><li><span><a href=\"#Geolocation-and-ownership-for-source-logon-IP-addresses\" data-toc-modified-id=\"Geolocation-and-ownership-for-source-logon-IP-addresses-10.3\"><span class=\"toc-item-num\">10.3&nbsp;&nbsp;</span>Geolocation and ownership for source logon IP addresses</a></span></li><li><span><a href=\"#Additional-Alerts-for-logged-on-hosts\" data-toc-modified-id=\"Additional-Alerts-for-logged-on-hosts-10.4\"><span class=\"toc-item-num\">10.4&nbsp;&nbsp;</span>Additional Alerts for logged-on hosts</a></span><ul class=\"toc-item\"><li><span><a href=\"#Additional-alerts-for-source-IP-addresses\" data-toc-modified-id=\"Additional-alerts-for-source-IP-addresses-10.4.1\"><span class=\"toc-item-num\">10.4.1&nbsp;&nbsp;</span>Additional alerts for source IP addresses</a></span></li></ul></li><li><span><a href=\"#Additional-Investigation-Bookmarks-for-logged-on-hosts\" data-toc-modified-id=\"Additional-Investigation-Bookmarks-for-logged-on-hosts-10.5\"><span class=\"toc-item-num\">10.5&nbsp;&nbsp;</span>Additional Investigation Bookmarks for logged-on hosts</a></span></li></ul></li><li><span><a href=\"#AAD/Office-Account\" data-toc-modified-id=\"AAD/Office-Account-11\"><span class=\"toc-item-num\">11&nbsp;&nbsp;</span>AAD/Office Account</a></span><ul class=\"toc-item\"><li><span><a href=\"#Azure/Office-Summary\" data-toc-modified-id=\"Azure/Office-Summary-11.1\"><span class=\"toc-item-num\">11.1&nbsp;&nbsp;</span>Azure/Office Summary</a></span></li><li><span><a href=\"#Threat-Intelligence-for-IP-Addresses\" data-toc-modified-id=\"Threat-Intelligence-for-IP-Addresses-11.2\"><span class=\"toc-item-num\">11.2&nbsp;&nbsp;</span>Threat Intelligence for IP Addresses</a></span></li><li><span><a href=\"#Geolocation-and-ownership-for-source-IP-addresses\" data-toc-modified-id=\"Geolocation-and-ownership-for-source-IP-addresses-11.3\"><span class=\"toc-item-num\">11.3&nbsp;&nbsp;</span>Geolocation and ownership for source IP addresses</a></span></li><li><span><a href=\"#Additional-alerts-for-source-IP-addresses\" data-toc-modified-id=\"Additional-alerts-for-source-IP-addresses-11.4\"><span class=\"toc-item-num\">11.4&nbsp;&nbsp;</span>Additional alerts for source IP addresses</a></span></li></ul></li><li><span><a href=\"#Appendices\" data-toc-modified-id=\"Appendices-12\"><span class=\"toc-item-num\">12&nbsp;&nbsp;</span>Appendices</a></span><ul class=\"toc-item\"><li><span><a href=\"#Available-DataFrames\" data-toc-modified-id=\"Available-DataFrames-12.1\"><span class=\"toc-item-num\">12.1&nbsp;&nbsp;</span>Available DataFrames</a></span></li><li><span><a href=\"#Saving-data-to-Excel\" data-toc-modified-id=\"Saving-data-to-Excel-12.2\"><span class=\"toc-item-num\">12.2&nbsp;&nbsp;</span>Saving data to Excel</a></span></li></ul></li><li><span><a href=\"#Setup\" data-toc-modified-id=\"Setup-13\"><span class=\"toc-item-num\">13&nbsp;&nbsp;</span>Setup</a></span><ul class=\"toc-item\"><li><span><a href=\"#msticpyconfig.yaml-configuration-File\" data-toc-modified-id=\"msticpyconfig.yaml-configuration-File-13.1\"><span class=\"toc-item-num\">13.1&nbsp;&nbsp;</span><code>msticpyconfig.yaml</code> configuration File</a></span></li></ul></li></ul></div>"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Hunting Hypothesis\n",
    "Our broad initial hunting hypothesis is that a we have received account name entity which is suspected to be compromised and is being used malicious manner in internal networks, we will need to hunt from a range of different positions to validate or disprove this hypothesis.\n",
    "\n",
    "Before you start hunting please run the cells in [Setup](#Setup) at the bottom of this Notebook."
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Notebook Initialization\n",
    "<details>\n",
    "    <summary>&nbsp;<u>More details...</u></summary>\n",
    "        If this is your first time running this Notebook please run the cells in in the <a href=\"#Setup\">Setup</a> section before proceeding to ensure you have the required packages installed correctly. Similarly, if you see any import failures (ImportError) in the notebook, please make sure that you have read and run the cells <a href=\"#Setup\">Setup</a> section first. This section is at the end of the notebook.\n",
    "    </details>"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 1,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T01:17:43.514750Z",
     "start_time": "2019-10-31T01:17:36.092313Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/html": [
       "\n",
       "This product includes GeoLite2 data created by MaxMind, available from\n",
       "<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n"
      ],
      "text/plain": [
       "<IPython.core.display.HTML object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "This library uses services provided by ipstack.\n",
       "<a href=\"https://ipstack.com\">https://ipstack.com</a>"
      ],
      "text/plain": [
       "<IPython.core.display.HTML object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
     ]
    }
   ],
   "source": [
    "# Imports\n",
    "import sys\n",
    "import warnings\n",
    "\n",
    "from msticpy.nbtools.utility import check_py_version\n",
    "\n",
    "MIN_REQ_PYTHON = (3, 6)\n",
    "check_py_version(MIN_REQ_PYTHON)\n",
    "\n",
    "from IPython import get_ipython\n",
    "from IPython.display import display, HTML, Markdown\n",
    "import ipywidgets as widgets\n",
    "\n",
    "import matplotlib.pyplot as plt\n",
    "import seaborn as sns\n",
    "sns.set()\n",
    "import pandas as pd\n",
    "\n",
    "pd.set_option(\"display.max_rows\", 100)\n",
    "pd.set_option(\"display.max_columns\", 50)\n",
    "pd.set_option(\"display.max_colwidth\", 100)\n",
    "\n",
    "from msticpy.data import QueryProvider\n",
    "from msticpy.nbtools import *\n",
    "from msticpy.sectools import *\n",
    "from msticpy.nbtools.utility import md, md_warn\n",
    "from msticpy.nbtools.wsconfig import WorkspaceConfig\n",
    "\n",
    "WIDGET_DEFAULTS = {\n",
    "    \"layout\": widgets.Layout(width=\"95%\"),\n",
    "    \"style\": {\"description_width\": \"initial\"},\n",
    "}\n",
    "\n",
    "# Some of our dependencies (networkx) still use deprecated Matplotlib\n",
    "# APIs - we can't do anything about it so suppress them from view\n",
    "from matplotlib import MatplotlibDeprecationWarning\n",
    "warnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\n",
    "\n",
    "ws_config = WorkspaceConfig()"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Get Workspace and Authenticate\n",
    "<details>\n",
    "    <summary>&nbsp;<u>Details...</u></summary>\n",
    "If you are using user/device authentication, run the following cell. \n",
    "- Click the 'Copy code to clipboard and authenticate' button.\n",
    "- This will pop up an Azure Active Directory authentication dialog (in a new tab or browser window). The device code will have been copied to the clipboard. \n",
    "- Select the text box and paste (Ctrl-V/Cmd-V) the copied value. \n",
    "- You should then be redirected to a user authentication page where you should authenticate with a user account that has permission to query your Log Analytics workspace.\n",
    "\n",
    "Use the following syntax if you are authenticating using an Azure Active Directory AppId and Secret:\n",
    "```\n",
    "%kql loganalytics://tenant(aad_tenant).workspace(WORKSPACE_ID).clientid(client_id).clientsecret(client_secret)\n",
    "```\n",
    "instead of\n",
    "```\n",
    "%kql loganalytics://code().workspace(WORKSPACE_ID)\n",
    "```\n",
    "\n",
    "Note: you may occasionally see a JavaScript warning displayed at the end of the authentication - you can safely ignore this.<br>\n",
    "On successful authentication you should see a ```popup schema``` button.\n",
    "To find your Workspace Id go to [Log Analytics](https://ms.portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.OperationalInsights%2Fworkspaces). Look at the workspace properties to find the ID.\n",
    "</details>"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T01:18:42.202644Z",
     "start_time": "2019-10-31T01:18:22.914029Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/html": [
       "<!DOCTYPE html>\n",
       "                    <html><body><script>\n",
       "\n",
       "                        // close authentication window\n",
       "                        if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n",
       "                            kql_MagicUserCodeAuthWindow.close()\n",
       "                        }\n",
       "                        // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n",
       "\n",
       "                        // clear output cell\n",
       "                        Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n",
       "\n",
       "                        // TODO: if in run all mode, move to last cell, otherwise move to next cell\n",
       "                        // move to next cell\n",
       "\n",
       "                    </script></body></html>"
      ],
      "text/plain": [
       "<IPython.core.display.HTML object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "<!DOCTYPE html>\n",
       "            <html><body>\n",
       "            <div style=''>\n",
       "            \n",
       "\n",
       "            <button onclick=\"this.style.visibility='visible';kql_MagicLaunchWindowFunction('Kqlmagic_temp_files/_52b1ab41-869e-4138-9e40-2a4457f09bf0_at_loganalytics_schema.html','fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,','_52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema','')\">popup schema 52b1ab41-869e-4138-9e40-2a4457f09bf0@loganalytics</button>\n",
       "            \n",
       "            </div>\n",
       "\n",
       "            <script>\n",
       "\n",
       "            function kql_MagicLaunchWindowFunction(file_path, window_params, window_name, notebooks_host) {\n",
       "                var url;\n",
       "                if (notebooks_host == 'text') {\n",
       "                    url = ''\n",
       "                } else if (file_path.startsWith('http')) {\n",
       "                    url = file_path;\n",
       "                } else {\n",
       "                    var base_url = '';\n",
       "\n",
       "                    // check if azure notebook\n",
       "                    var azure_host = (notebooks_host == null || notebooks_host.length == 0) ? 'https://notebooks.azure.com' : notebooks_host;\n",
       "                    var start = azure_host.search('//');\n",
       "                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n",
       "\n",
       "                    var loc = String(window.location);\n",
       "                    var end = loc.search(azure_host_suffix);\n",
       "                    start = loc.search('//');\n",
       "                    if (start > 0 && end > 0) {\n",
       "                        var parts = loc.substring(start+2, end).split('-');\n",
       "                        if (parts.length == 2) {\n",
       "                            var library = parts[0];\n",
       "                            var user = parts[1];\n",
       "                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n",
       "                        }\n",
       "                    }\n",
       "\n",
       "                    // check if local jupyter lab\n",
       "                    if (base_url.length == 0) {\n",
       "                        var configDataScipt  = document.getElementById('jupyter-config-data');\n",
       "                        if (configDataScipt != null) {\n",
       "                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n",
       "                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n",
       "                                var basePath = 'E:/src/Azure-Sentinel-Notebooks' + '/';\n",
       "                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n",
       "                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n",
       "                                }\n",
       "                            } \n",
       "                        }\n",
       "                    }\n",
       "\n",
       "                    // assume local jupyter notebook\n",
       "                    if (base_url.length == 0) {\n",
       "\n",
       "                        var parts = loc.split('/');\n",
       "                        parts.pop();\n",
       "                        base_url = parts.join('/') + '/';\n",
       "                    }\n",
       "                    url = base_url + file_path;\n",
       "                }\n",
       "\n",
       "                window.focus();\n",
       "                var w = screen.width / 2;\n",
       "                var h = screen.height / 2;\n",
       "                params = 'width='+w+',height='+h;\n",
       "                kql_Magic__52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema = window.open(url, window_name, window_params + params);\n",
       "                if (url == '') {\n",
       "                    var el = kql_Magic__52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema.document.createElement('p');\n",
       "                    kql_Magic__52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema.document.body.overflow = 'auto';\n",
       "                    el.style.top = 0;\n",
       "                    el.style.left = 0;\n",
       "                    el.innerHTML = file_path;\n",
       "                    kql_Magic__52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema.document.body.appendChild(el);\n",
       "                }\n",
       "            }\n",
       "            </script>\n",
       "\n",
       "            </body></html>"
      ],
      "text/plain": [
       "<IPython.core.display.HTML object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "# Authentication\n",
    "qry_prov = QueryProvider(data_environment=\"LogAnalytics\")\n",
    "qry_prov.connect(connection_str=ws_config.code_connect_str)\n",
    "table_index = qry_prov.schema_tables"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "#### Authentication and Configuration Problems\n",
    "\n",
    "<br>\n",
    "<details>\n",
    "    <summary>Click for details about configuring your authentication parameters</summary>\n",
    "    \n",
    "    \n",
    "The notebook is expecting your Azure Sentinel Tenant ID and Workspace ID to be configured in one of the following places:\n",
    "- `config.json` in the current folder\n",
    "- `msticpyconfig.yaml` in the current folder or location specified by `MSTICPYCONFIG` environment variable.\n",
    "    \n",
    "For help with setting up your `config.json` file (if this hasn't been done automatically) see the [`ConfiguringNotebookEnvironment`](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb) notebook in the root folder of your Azure-Sentinel-Notebooks project. This shows you how to obtain your Workspace and Subscription IDs from the Azure Sentinel Portal. You can use the SubscriptionID to find your Tenant ID). To view the current `config.json` run the following in a code cell.\n",
    "\n",
    "```%pfile config.json```\n",
    "\n",
    "For help with setting up your `msticpyconfig.yaml` see the [Setup](#Setup) section at the end of this notebook and the [ConfigureNotebookEnvironment notebook](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb)\n",
    "</details>"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Enter account name and query time window\n",
    "Type the account name that you want to search for and the time bounds over which you want to search. \n",
    "\n",
    "You can specify the account as:\n",
    "\n",
    "- a simple user name (e.g. `alice`)\n",
    "- a user principal name (`alice@contoso.com`)\n",
    "- a qualified windows user name `mydomain\\alice`\n",
    "\n",
    "In the second two cases the domain qualifier will be stripped off before the search. The search is not case sensitive and will match full substrings. E.g. `bob` will match `domain\\bob` and `bob@contoso.com` but not `bobg` or `bo`."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 3,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T01:18:45.985748Z",
     "start_time": "2019-10-31T01:18:45.976754Z"
    }
   },
   "outputs": [
    {
     "data": {
      "application/vnd.jupyter.widget-view+json": {
       "model_id": "d2b5804515b445f1a2c74560dc2912c8",
       "version_major": 2,
       "version_minor": 0
      },
      "text/plain": [
       "Text(value='', description='Enter the Account name to search for:', layout=Layout(width='95%'), style=Descript…"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "accountname_text = widgets.Text(description='Enter the Account name to search for:', **WIDGET_DEFAULTS)\n",
    "display(accountname_text)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 4,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T01:18:51.576852Z",
     "start_time": "2019-10-31T01:18:51.535876Z"
    }
   },
   "outputs": [
    {
     "data": {
      "application/vnd.jupyter.widget-view+json": {
       "model_id": "20aa4f78c25e4e1caf9d8dea2d06b9b3",
       "version_major": 2,
       "version_minor": 0
      },
      "text/plain": [
       "HTML(value='<h4>Set query time boundaries</h4>')"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/vnd.jupyter.widget-view+json": {
       "model_id": "fbdc6e3bf80c44f284a724771003cede",
       "version_major": 2,
       "version_minor": 0
      },
      "text/plain": [
       "HBox(children=(DatePicker(value=datetime.date(2019, 10, 31), description='Origin Date'), Text(value='01:18:51.…"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/vnd.jupyter.widget-view+json": {
       "model_id": "2f5237042d4249cd9fc19e5eef55bd5f",
       "version_major": 2,
       "version_minor": 0
      },
      "text/plain": [
       "VBox(children=(IntRangeSlider(value=(-5, 7), description='Time Range (day):', layout=Layout(width='80%'), max=…"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "query_times = nbwidgets.QueryTime(units='day', max_before=200, before=5, max_after=7)\n",
    "query_times.display()"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 5,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T01:18:58.352490Z",
     "start_time": "2019-10-31T01:18:58.349492Z"
    }
   },
   "outputs": [],
   "source": [
    "# Set up function to allow easy reference to common parameters for queries\n",
    "def acct_query_params():\n",
    "    return {\n",
    "        \"start\": query_times.start,\n",
    "        \"end\": query_times.end,\n",
    "        \"account_name\": accountname_text.value,\n",
    "    }"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Data Sources available to query\n",
    "This shows all of the tables in the workspace with a string matching the account name entered."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T01:19:05.405676Z",
     "start_time": "2019-10-31T01:19:00.603257Z"
    }
   },
   "outputs": [],
   "source": [
    "# KQL query for full text search of IP address and display all datatypes \n",
    "datasource_status = '''\n",
    "search \\'{account_name}\\'\n",
    "| where TimeGenerated >= datetime({start}) and TimeGenerated <= datetime({end})\n",
    "| summarize RowCount=count() by Table=$table\n",
    "'''.format(**acct_query_params())\n",
    "%kql -query datasource_status\n",
    "datasource_status_df = _kql_raw_result_.to_dataframe()\n",
    "\n",
    "#Display result as transposed matrix of datatypes availabel to query for the query period \n",
    "if len(datasource_status_df) > 0:\n",
    "    display(Markdown(\"###  <span style='color:blue'> \"\n",
    "                     + \"Datasources available to query for Account \"\n",
    "                     + f\"*{acct_query_params()['account_name']}* </span>\"))\n",
    "    display(datasource_status_df)\n",
    "else:\n",
    "    display(Markdown(f'### <span style=\"color:orange\"> No datasources available to query for the query period </span>'))"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Search for Account Name in Host, Azure Active Directory (AAD), Azure and Office 365 Data.\n",
    "### Query Data Sources"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 41,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:11:19.294116Z",
     "start_time": "2019-10-30T19:11:12.193588Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style=''>Searching for AAD activity...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style=''>Searching for Azure activity...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style=''>Searching for Office365 activity...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style=''>Searching for Windows logon activity...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style=''>Searching for Linux logon activity...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style=''>Found 76 records...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "# AAD\n",
    "md(\"Searching for AAD activity...\")\n",
    "summarize_clause = \"\"\"\n",
    "| summarize arg_max(TimeGenerated, *) by UserPrincipalName, OperationName, \n",
    "  Identity, IPAddress, tostring(LocationDetails)\n",
    "| project TimeGenerated, UserPrincipalName, Identity, IPAddress, LocationDetails\"\"\"\n",
    "\n",
    "aad_signin_df = (qry_prov.Azure\n",
    "                 .list_aad_signins_for_account(**acct_query_params(),\n",
    "                                               add_query_items=summarize_clause)\n",
    "                )\n",
    "\n",
    "md(\"Searching for Azure activity...\")\n",
    "# Azure Activity\n",
    "summarize_clause = \"\"\"\n",
    "| summarize arg_max(TimeGenerated, *) by Caller, OperationName, \n",
    "  CallerIpAddress, ResourceId\n",
    "| project TimeGenerated, UserPrincipalName=Caller, IPAddress=CallerIpAddress\"\"\"\n",
    "\n",
    "azure_activity_df = (qry_prov.Azure\n",
    "                     .list_azure_activity_for_account(**acct_query_params(),\n",
    "                                                      add_query_items=summarize_clause)\n",
    "                    )\n",
    "\n",
    "md(\"Searching for Office365 activity...\")\n",
    "# Office Activity\n",
    "summarize_clause = \"\"\"\n",
    "| project TimeGenerated, UserId = tolower(UserId), OfficeWorkload, Operation, ClientIP, UserType\n",
    "| summarize arg_max(TimeGenerated, *) by UserId, OfficeWorkload, ClientIP\n",
    "| order by TimeGenerated desc\"\"\"\n",
    "\n",
    "o365_activity_df = (qry_prov.Office365\n",
    "                    .list_activity_for_account(**acct_query_params(),\n",
    "                                               add_query_items=summarize_clause)\n",
    "                    )\n",
    "\n",
    "md(\"Searching for Windows logon activity...\")\n",
    "# Windows Host\n",
    "summarize_clause = \"\"\"\n",
    "| extend LogonStatus = iff(EventID == 4624, \"success\", \"failed\")\n",
    "| project TimeGenerated, TargetUserName, TargetDomainName, Computer, LogonType, SubjectUserName, \n",
    "  SubjectDomainName, TargetUserSid, EventID, IpAddress, LogonStatus \n",
    "| summarize arg_max(TimeGenerated, *) by TargetUserName, TargetDomainName, LogonType, Computer, LogonStatus\"\"\"\n",
    "\n",
    "win_logon_df = (qry_prov.WindowsSecurity\n",
    "                .list_logon_attempts_by_account(**acct_query_params(),\n",
    "                                                add_query_items=summarize_clause)\n",
    "               )\n",
    "\n",
    "md(\"Searching for Linux logon activity...\")\n",
    "# Linux host\n",
    "summarize_clause = \"\"\"\n",
    "| summarize arg_max(TimeGenerated, *) by LogonType, SourceIP, Computer, LogonResult\"\"\"\n",
    "\n",
    "linux_logon_df = (qry_prov.LinuxSyslog\n",
    "                  .list_logons_for_account(**acct_query_params(),\n",
    "                                           add_query_items=summarize_clause)\n",
    "                 )\n",
    "\n",
    "rec_count = (\n",
    "    len(aad_signin_df) + len(azure_activity_df) \n",
    "    + len(o365_activity_df) + len(win_logon_df) \n",
    "    + len(linux_logon_df)\n",
    ")\n",
    "md(f\"Found {rec_count} records...\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Display logons from account sources\n",
    "**Choose Account to Explore**"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 42,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:11:21.287196Z",
     "start_time": "2019-10-30T19:11:21.215257Z"
    },
    "scrolled": false
   },
   "outputs": [
    {
     "data": {
      "application/vnd.jupyter.widget-view+json": {
       "model_id": "9e3b7b2617fa4ba1851cfec7352ef7a1",
       "version_major": 2,
       "version_minor": 0
      },
      "text/plain": [
       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "from collections import namedtuple\n",
    "AccountDFs = namedtuple(\"AccountDFs\", [\"linux\", \"windows\", \"aad\", \"azure\", \"o365\"])\n",
    "account_dfs = AccountDFs(\n",
    "    linux=linux_logon_df,\n",
    "    windows=win_logon_df,\n",
    "    aad=aad_signin_df,\n",
    "    azure=azure_activity_df,\n",
    "    o365=o365_activity_df,\n",
    ")\n",
    "\n",
    "# Combine into single data frame\n",
    "\n",
    "lx_df = (linux_logon_df[[\"AccountName\", \"TimeGenerated\"]]\n",
    "        .groupby(\"AccountName\")\n",
    "        .max()\n",
    "        .reset_index()\n",
    "        .assign(Source=\"LinuxHostLogon\"))\n",
    "\n",
    "win_df = (win_logon_df[[\"TargetUserName\", \"TimeGenerated\"]]\n",
    "          .groupby(\"TargetUserName\")\n",
    "          .max()\n",
    "          .reset_index()\n",
    "          .rename(columns={\"TargetUserName\": \"AccountName\"})\n",
    "          .assign(Source=\"WindowsHostLogon\"))\n",
    "\n",
    "o365_df = (o365_activity_df[[\"UserId\", \"TimeGenerated\"]]\n",
    "           .groupby(\"UserId\")\n",
    "           .max()\n",
    "           .reset_index()\n",
    "           .rename(columns={\"UserId\": \"AccountName\"})\n",
    "           .assign(Source=\"O365Activity\"))\n",
    "\n",
    "aad_df = (aad_signin_df[[\"UserPrincipalName\", \"TimeGenerated\"]]\n",
    "          .groupby(\"UserPrincipalName\")\n",
    "          .max()\n",
    "          .reset_index()\n",
    "          .rename(columns={\"UserPrincipalName\": \"AccountName\"})\n",
    "          .assign(Source=\"AADLogon\"))\n",
    "\n",
    "azure_df = (azure_activity_df[[\"UserPrincipalName\", \"TimeGenerated\"]]\n",
    "            .groupby(\"UserPrincipalName\")\n",
    "            .max()\n",
    "            .reset_index()\n",
    "            .rename(columns={\"UserPrincipalName\": \"AccountName\"})\n",
    "            .assign(Source=\"AzureActivity\"))\n",
    "\n",
    "\n",
    "all_sources_df = pd.concat([lx_df, win_df, o365_df, aad_df, azure_df])\n",
    "\n",
    "\n",
    "# Display the results that we've found\n",
    "format_tuple = (lambda x: \n",
    "                (x.AccountName + \"   \" + x.Source\n",
    "                 + \" (Last activity: \" + str(x.TimeGenerated) + \")\",\n",
    "                 x.AccountName + \" \" + x.Source))\n",
    "accts_dict = {item[0]: item[1] for item in all_sources_df.apply(format_tuple, axis=1)}\n",
    "\n",
    "\n",
    "def display_activity(selected_item):\n",
    "    acct, source = selected_account(selected_item)\n",
    "    utils.md(f\"{acct} (source: {source})\", \"bold\")\n",
    "    if source == \"LinuxHostLogon\":\n",
    "        display(linux_logon_df[linux_logon_df[\"AccountName\"] == acct]\n",
    "               .sort_values(\"TimeGenerated\", ascending=True))\n",
    "    if source == \"WindowsHostLogon\":\n",
    "        display(win_logon_df[win_logon_df[\"TargetUserName\"] == acct]\n",
    "               .sort_values(\"TimeGenerated\", ascending=True))\n",
    "    if source == \"AADLogon\":\n",
    "        display(aad_signin_df[aad_signin_df[\"UserPrincipalName\"] == acct]\n",
    "               .sort_values(\"TimeGenerated\", ascending=True))\n",
    "    if source == \"AzureActivity\":\n",
    "        display(azure_activity_df[azure_activity_df[\"UserPrincipalName\"] == acct]\n",
    "               .sort_values(\"TimeGenerated\", ascending=True))\n",
    "    if source == \"O365Activity\":\n",
    "        display(o365_activity_df[o365_activity_df[\"UserId\"] == acct]\n",
    "               .sort_values(\"TimeGenerated\", ascending=True))\n",
    "\n",
    "def selected_account(selected_acct):\n",
    "    if not selected_acct:\n",
    "        return \"\", \"\"\n",
    "    acct, source = selected_acct.split(\" \")\n",
    "    return acct, source\n",
    "\n",
    "select_acct = nbwidgets.SelectString(\n",
    "    item_dict=accts_dict,\n",
    "    auto_display=True,\n",
    "    description=\"Select an account to explore\",\n",
    "    action=display_activity,\n",
    "    height=\"200px\",\n",
    "    width=\"100%\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-09-22T22:43:08.721257Z",
     "start_time": "2019-09-22T22:43:08.686275Z"
    }
   },
   "source": [
    "## Related Alerts and Hunting Bookmarks\n",
    "### Alerts\n",
    "Any alerts with a matching account name are shown here. Select an alert to view the contents."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 43,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:11:44.761072Z",
     "start_time": "2019-10-30T19:11:40.710662Z"
    },
    "scrolled": false
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style='font-size: 130%;font-weight: bold'>Found 33 different alert types related to this account (`alexw@m365x648731.onmicrosoft.com`)</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "- A malicious PowerShell Cmdlet was invoked on the machine, # Alerts: 3\n",
      "- A script with suspicious content was observed, # Alerts: 1\n",
      "- A user was added to an administrative group, # Alerts: 2\n",
      "- Activity from a Tor IP address, # Alerts: 29\n",
      "- Activity from infrequent country, # Alerts: 2\n",
      "- An active 'Mikatz' high-severity malware was detected, # Alerts: 4\n",
      "- Anonymous IP address, # Alerts: 20\n",
      "- Encoded Powershell Run - Custom Alert, # Alerts: 11\n",
      "- MDATP Detections, # Alerts: 3\n",
      "- MDATP Suspicious Powershell Command Line, # Alerts: 2\n",
      "- Malicious credential theft tool execution detected, # Alerts: 1\n",
      "- Masquerading as System Files (custom), # Alerts: 8\n",
      "- Mass delete, # Alerts: 1\n",
      "- Mass download, # Alerts: 2\n",
      "- Mass download by a single user, # Alerts: 1\n",
      "- Network connection to a risky host, # Alerts: 4\n",
      "- New group added suspiciously, # Alerts: 2\n",
      "- PowerShell Downloads, # Alerts: 12\n",
      "- PowerShell downloads - From Hunting Queries, # Alerts: 12\n",
      "- Powershell Empire cmdlets seen in command line, # Alerts: 5\n",
      "- Powershell Empire cmdlets seen in command line data, # Alerts: 3\n",
      "- Publicly shared confidential files, # Alerts: 4\n",
      "- Sensitive credential memory read, # Alerts: 6\n",
      "- Sticky Keys binary hijack detected, # Alerts: 2\n",
      "- Suspicious Powershell Command Line in MDATP, # Alerts: 59\n",
      "- Suspicious Powershell commandline, # Alerts: 24\n",
      "- Suspicious access to LSASS service, # Alerts: 18\n",
      "- Suspicious behavior by a svchost.exe was observed, # Alerts: 15\n",
      "- Suspicious behavior by cmd.exe was observed, # Alerts: 15\n",
      "- Suspicious inbox forwarding, # Alerts: 1\n",
      "- Suspicious registration of an accessibility debugger under the IFEO registry key, # Alerts: 3\n",
      "- Suspicious sequence of exploration activities, # Alerts: 10\n",
      "- UnfamiliarLocation, # Alerts: 2\n"
     ]
    },
    {
     "data": {
      "text/html": [
       "\n",
       "    <div class=\"bk-root\">\n",
       "        <a href=\"https://bokeh.pydata.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
       "        <span id=\"4120\">Loading BokehJS ...</span>\n",
       "    </div>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "\n",
       "(function(root) {\n",
       "  function now() {\n",
       "    return new Date();\n",
       "  }\n",
       "\n",
       "  var force = true;\n",
       "\n",
       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
       "    root._bokeh_onload_callbacks = [];\n",
       "    root._bokeh_is_loading = undefined;\n",
       "  }\n",
       "\n",
       "  var JS_MIME_TYPE = 'application/javascript';\n",
       "  var HTML_MIME_TYPE = 'text/html';\n",
       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
       "\n",
       "  /**\n",
       "   * Render data to the DOM node\n",
       "   */\n",
       "  function render(props, node) {\n",
       "    var script = document.createElement(\"script\");\n",
       "    node.appendChild(script);\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when an output is cleared or removed\n",
       "   */\n",
       "  function handleClearOutput(event, handle) {\n",
       "    var cell = handle.cell;\n",
       "\n",
       "    var id = cell.output_area._bokeh_element_id;\n",
       "    var server_id = cell.output_area._bokeh_server_id;\n",
       "    // Clean up Bokeh references\n",
       "    if (id != null && id in Bokeh.index) {\n",
       "      Bokeh.index[id].model.document.clear();\n",
       "      delete Bokeh.index[id];\n",
       "    }\n",
       "\n",
       "    if (server_id !== undefined) {\n",
       "      // Clean up Bokeh references\n",
       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
       "      cell.notebook.kernel.execute(cmd, {\n",
       "        iopub: {\n",
       "          output: function(msg) {\n",
       "            var id = msg.content.text.trim();\n",
       "            if (id in Bokeh.index) {\n",
       "              Bokeh.index[id].model.document.clear();\n",
       "              delete Bokeh.index[id];\n",
       "            }\n",
       "          }\n",
       "        }\n",
       "      });\n",
       "      // Destroy server and session\n",
       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
       "      cell.notebook.kernel.execute(cmd);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when a new output is added\n",
       "   */\n",
       "  function handleAddOutput(event, handle) {\n",
       "    var output_area = handle.output_area;\n",
       "    var output = handle.output;\n",
       "\n",
       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
       "      return\n",
       "    }\n",
       "\n",
       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
       "\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
       "      // store reference to embed id on output_area\n",
       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
       "    }\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
       "      var bk_div = document.createElement(\"div\");\n",
       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
       "      var script_attrs = bk_div.children[0].attributes;\n",
       "      for (var i = 0; i < script_attrs.length; i++) {\n",
       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
       "      }\n",
       "      // store reference to server id on output_area\n",
       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
       "    }\n",
       "  }\n",
       "\n",
       "  function register_renderer(events, OutputArea) {\n",
       "\n",
       "    function append_mime(data, metadata, element) {\n",
       "      // create a DOM node to render to\n",
       "      var toinsert = this.create_output_subarea(\n",
       "        metadata,\n",
       "        CLASS_NAME,\n",
       "        EXEC_MIME_TYPE\n",
       "      );\n",
       "      this.keyboard_manager.register_events(toinsert);\n",
       "      // Render to node\n",
       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
       "      render(props, toinsert[toinsert.length - 1]);\n",
       "      element.append(toinsert);\n",
       "      return toinsert\n",
       "    }\n",
       "\n",
       "    /* Handle when an output is cleared or removed */\n",
       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
       "    events.on('delete.Cell', handleClearOutput);\n",
       "\n",
       "    /* Handle when a new output is added */\n",
       "    events.on('output_added.OutputArea', handleAddOutput);\n",
       "\n",
       "    /**\n",
       "     * Register the mime type and append_mime function with output_area\n",
       "     */\n",
       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
       "      /* Is output safe? */\n",
       "      safe: true,\n",
       "      /* Index of renderer in `output_area.display_order` */\n",
       "      index: 0\n",
       "    });\n",
       "  }\n",
       "\n",
       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
       "  if (root.Jupyter !== undefined) {\n",
       "    var events = require('base/js/events');\n",
       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
       "\n",
       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
       "      register_renderer(events, OutputArea);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  \n",
       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
       "    root._bokeh_timeout = Date.now() + 5000;\n",
       "    root._bokeh_failed_load = false;\n",
       "  }\n",
       "\n",
       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
       "     \"<div style='background-color: #fdd'>\\n\"+\n",
       "     \"<p>\\n\"+\n",
       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
       "     \"</p>\\n\"+\n",
       "     \"<ul>\\n\"+\n",
       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
       "     \"</ul>\\n\"+\n",
       "     \"<code>\\n\"+\n",
       "     \"from bokeh.resources import INLINE\\n\"+\n",
       "     \"output_notebook(resources=INLINE)\\n\"+\n",
       "     \"</code>\\n\"+\n",
       "     \"</div>\"}};\n",
       "\n",
       "  function display_loaded() {\n",
       "    var el = document.getElementById(\"4120\");\n",
       "    if (el != null) {\n",
       "      el.textContent = \"BokehJS is loading...\";\n",
       "    }\n",
       "    if (root.Bokeh !== undefined) {\n",
       "      if (el != null) {\n",
       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
       "      }\n",
       "    } else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(display_loaded, 100)\n",
       "    }\n",
       "  }\n",
       "\n",
       "\n",
       "  function run_callbacks() {\n",
       "    try {\n",
       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
       "        if (callback != null)\n",
       "          callback();\n",
       "      });\n",
       "    } finally {\n",
       "      delete root._bokeh_onload_callbacks\n",
       "    }\n",
       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
       "  }\n",
       "\n",
       "  function load_libs(css_urls, js_urls, callback) {\n",
       "    if (css_urls == null) css_urls = [];\n",
       "    if (js_urls == null) js_urls = [];\n",
       "\n",
       "    root._bokeh_onload_callbacks.push(callback);\n",
       "    if (root._bokeh_is_loading > 0) {\n",
       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
       "      return null;\n",
       "    }\n",
       "    if (js_urls == null || js_urls.length === 0) {\n",
       "      run_callbacks();\n",
       "      return null;\n",
       "    }\n",
       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
       "\n",
       "    function on_load() {\n",
       "      root._bokeh_is_loading--;\n",
       "      if (root._bokeh_is_loading === 0) {\n",
       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
       "        run_callbacks()\n",
       "      }\n",
       "    }\n",
       "\n",
       "    function on_error() {\n",
       "      console.error(\"failed to load \" + url);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < css_urls.length; i++) {\n",
       "      var url = css_urls[i];\n",
       "      const element = document.createElement(\"link\");\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.rel = \"stylesheet\";\n",
       "      element.type = \"text/css\";\n",
       "      element.href = url;\n",
       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
       "      document.body.appendChild(element);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < js_urls.length; i++) {\n",
       "      var url = js_urls[i];\n",
       "      var element = document.createElement('script');\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.async = false;\n",
       "      element.src = url;\n",
       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
       "      document.head.appendChild(element);\n",
       "    }\n",
       "  };var element = document.getElementById(\"4120\");\n",
       "  if (element == null) {\n",
       "    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '4120' but no matching script tag was found. \")\n",
       "    return false;\n",
       "  }\n",
       "\n",
       "  function inject_raw_css(css) {\n",
       "    const element = document.createElement(\"style\");\n",
       "    element.appendChild(document.createTextNode(css));\n",
       "    document.body.appendChild(element);\n",
       "  }\n",
       "\n",
       "  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n",
       "  var css_urls = [];\n",
       "\n",
       "  var inline_js = [\n",
       "    function(Bokeh) {\n",
       "      Bokeh.set_log_level(\"info\");\n",
       "    },\n",
       "    \n",
       "    function(Bokeh) {\n",
       "      \n",
       "    },\n",
       "    function(Bokeh) {} // ensure no trailing comma for IE\n",
       "  ];\n",
       "\n",
       "  function run_inline_js() {\n",
       "    \n",
       "    if ((root.Bokeh !== undefined) || (force === true)) {\n",
       "      for (var i = 0; i < inline_js.length; i++) {\n",
       "        inline_js[i].call(root, root.Bokeh);\n",
       "      }if (force === true) {\n",
       "        display_loaded();\n",
       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(run_inline_js, 100);\n",
       "    } else if (!root._bokeh_failed_load) {\n",
       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
       "      root._bokeh_failed_load = true;\n",
       "    } else if (force !== true) {\n",
       "      var cell = $(document.getElementById(\"4120\")).parents('.cell').data().cell;\n",
       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
       "    }\n",
       "\n",
       "  }\n",
       "\n",
       "  if (root._bokeh_is_loading === 0) {\n",
       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
       "    run_inline_js();\n",
       "  } else {\n",
       "    load_libs(css_urls, js_urls, function() {\n",
       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
       "      run_inline_js();\n",
       "    });\n",
       "  }\n",
       "}(window));"
      ],
      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"4120\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"4120\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '4120' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"4120\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "  <div class=\"bk-root\" id=\"0415281e-ba00-487f-84a4-c2deeaf8c350\" data-root-id=\"4193\"></div>\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "(function(root) {\n",
       "  function embed_document(root) {\n",
       "    \n",
       "  var docs_json = {\"09ea1bd7-195f-4aa8-8ef1-faab47f85236\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"4123\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"4156\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"4193\",\"type\":\"Column\"},{\"attributes\":{\"formatter\":{\"id\":\"4197\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"4140\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"4139\",\"type\":\"LinearAxis\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4202\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4207\",\"type\":\"DaysTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"4214\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"4200\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4205\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4221\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4217\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"4132\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"4140\",\"type\":\"BasicTicker\"}},\"id\":\"4143\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"4213\",\"type\":\"YearsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"4181\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4181\",\"type\":\"RangeTool\"}]},\"id\":\"4172\",\"type\":\"Toolbar\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4211\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"callback\":null,\"end\":1572457296750.0002,\"start\":1568162090249.9998},\"id\":\"4159\",\"type\":\"Range1d\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"4215\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4216\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4217\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4218\",\"type\":\"DaysTicker\"},{\"id\":\"4219\",\"type\":\"DaysTicker\"},{\"id\":\"4220\",\"type\":\"DaysTicker\"},{\"id\":\"4221\",\"type\":\"DaysTicker\"},{\"id\":\"4222\",\"type\":\"MonthsTicker\"},{\"id\":\"4223\",\"type\":\"MonthsTicker\"},{\"id\":\"4224\",\"type\":\"MonthsTicker\"},{\"id\":\"4225\",\"type\":\"MonthsTicker\"},{\"id\":\"4226\",\"type\":\"YearsTicker\"}]},\"id\":\"4168\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4204\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4212\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4220\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Timeline: Alerts\"},\"id\":\"4124\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"start\":-1.0},\"id\":\"4128\",\"type\":\"Range1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4190\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"4121\",\"type\":\"ColumnDataSource\"}},\"id\":\"4192\",\"type\":\"CDSView\"},{\"attributes\":{\"overlay\":{\"id\":\"4214\",\"type\":\"BoxAnnotation\"}},\"id\":\"4145\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4178\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4174\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4218\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4189\",\"type\":\"Diamond\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4222\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4225\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"4186\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"4135\",\"type\":\"DatetimeTicker\"}},\"id\":\"4134\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4186\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4216\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"4174\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"4168\",\"type\":\"DatetimeTicker\"}},\"id\":\"4167\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4206\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"4226\",\"type\":\"YearsTicker\"},{\"attributes\":{\"callback\":null},\"id\":\"4161\",\"type\":\"DataRange1d\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4122\",\"type\":\"HoverTool\"},{\"id\":\"4144\",\"type\":\"WheelZoomTool\"},{\"id\":\"4145\",\"type\":\"BoxZoomTool\"},{\"id\":\"4146\",\"type\":\"ResetTool\"},{\"id\":\"4147\",\"type\":\"SaveTool\"},{\"id\":\"4148\",\"type\":\"PanTool\"}]},\"id\":\"4149\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"4121\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4177\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4178\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4180\",\"type\":\"CDSView\"}},\"id\":\"4179\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4201\",\"type\":\"Selection\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4215\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4121\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4189\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4190\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4192\",\"type\":\"CDSView\"}},\"id\":\"4191\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4148\",\"type\":\"PanTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"4182\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"4163\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"AlertName\",\"@AlertName\"]]},\"id\":\"4122\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"4197\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"overlay\":{\"id\":\"4182\",\"type\":\"BoxAnnotation\"},\"x_range\":{\"id\":\"4126\",\"type\":\"Range1d\"},\"y_range\":null},\"id\":\"4181\",\"type\":\"RangeTool\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4208\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4219\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4209\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4223\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"ticker\":{\"id\":\"4168\",\"type\":\"DatetimeTicker\"}},\"id\":\"4171\",\"type\":\"Grid\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4177\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4224\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"4147\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"4140\",\"type\":\"BasicTicker\"},{\"attributes\":{\"callback\":null,\"end\":1572292096500.0,\"start\":1568327290500.0},\"id\":\"4126\",\"type\":\"Range1d\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"4173\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"4146\",\"type\":\"ResetTool\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"4202\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4203\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4204\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4205\",\"type\":\"DaysTicker\"},{\"id\":\"4206\",\"type\":\"DaysTicker\"},{\"id\":\"4207\",\"type\":\"DaysTicker\"},{\"id\":\"4208\",\"type\":\"DaysTicker\"},{\"id\":\"4209\",\"type\":\"MonthsTicker\"},{\"id\":\"4210\",\"type\":\"MonthsTicker\"},{\"id\":\"4211\",\"type\":\"MonthsTicker\"},{\"id\":\"4212\",\"type\":\"MonthsTicker\"},{\"id\":\"4213\",\"type\":\"YearsTicker\"}]},\"id\":\"4135\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"source\":{\"id\":\"4121\",\"type\":\"ColumnDataSource\"}},\"id\":\"4180\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4130\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"4165\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"data\":{\"AlertName\":[\"Anonymous IP address\",\"Anonymous IP address\",\"Anonymous IP address\",\"Anonymous IP address\",\"Masquerading as System Files (custom)\",\"Anonymous IP address\",\"Powershell Empire cmdlets seen in command line\",\"Activity from a Tor IP address\",\"Anonymous IP address\",\"Activity from a Tor IP address\",\"Powershell Empire cmdlets seen in command line\",\"Activity from a Tor IP address\",\"Anonymous IP address\",\"Activity from a Tor IP address\",\"Anonymous IP address\",\"Anonymous IP address\",\"Anonymous IP address\",\"Mass download\",\"UnfamiliarLocation\",\"Mass download\",\"UnfamiliarLocation\",\"Anonymous IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Anonymous IP address\",\"Anonymous IP address\",\"Anonymous IP address\",\"Powershell Empire cmdlets seen in command line\",\"Powershell Empire cmdlets seen in command line\\ndata\",\"PowerShell Downloads\",\"Masquerading as System Files (custom)\",\"Encoded Powershell Run - Custom Alert\",\"PowerShell downloads - From Hunting Queries\",\"Masquerading as System Files (custom)\",\"Encoded Powershell Run - Custom Alert\",\"PowerShell Downloads\",\"Masquerading as System Files (custom)\",\"PowerShell downloads - From Hunting Queries\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"PowerShell downloads - From Hunting Queries\",\"PowerShell downloads - From Hunting Queries\",\"Suspicious Powershell Command Line in MDATP\",\"PowerShell Downloads\",\"PowerShell Downloads\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"MDATP Suspicious Powershell Command Line\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Encoded Powershell Run - Custom Alert\",\"MDATP Detections\",\"MDATP Detections\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Suspicious registration of an accessibility\\ndebugger under the IFEO registry key\",\"Sticky Keys binary hijack detected\",\"Sticky Keys binary hijack detected\",\"Suspicious sequence of exploration activities\",\"Suspicious sequence of exploration activities\",\"Suspicious sequence of exploration activities\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"MDATP Detections\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"MDATP Suspicious Powershell Command Line\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell Command Line in MDATP\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Encoded Powershell Run - Custom Alert\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Suspicious Powershell commandline\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Suspicious Powershell commandline\",\"An active 'Mikatz' high-severity malware was\\ndetected\",\"Suspicious Powershell commandline\",\"Sensitive credential memory read\",\"Sensitive credential memory read\",\"Suspicious behavior by a svchost.exe was observed\",\"Malicious credential theft tool execution detected\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"A user was added to an administrative group\",\"Suspicious behavior by cmd.exe was observed\",\"A user was added to an administrative group\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"New group added suspiciously\",\"Suspicious sequence of exploration activities\",\"Suspicious sequence of exploration activities\",\"New group added suspiciously\",\"Suspicious sequence of exploration activities\",\"Suspicious sequence of exploration activities\",\"Suspicious sequence of exploration activities\",\"Suspicious sequence of exploration activities\",\"Suspicious sequence of exploration activities\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Sensitive credential memory read\",\"Suspicious Powershell commandline\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Sensitive credential memory read\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious Powershell commandline\",\"Suspicious registration of an accessibility\\ndebugger under the IFEO registry key\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious Powershell commandline\",\"An active 'Mikatz' high-severity malware was\\ndetected\",\"Suspicious Powershell commandline\",\"A malicious PowerShell Cmdlet was invoked on the\\nmachine\",\"Suspicious behavior by a svchost.exe was observed\",\"PowerShell Downloads\",\"Encoded Powershell Run - Custom Alert\",\"Masquerading as System Files (custom)\",\"Powershell Empire cmdlets seen in command line\\ndata\",\"Encoded Powershell Run - Custom Alert\",\"PowerShell downloads - From Hunting Queries\",\"Activity from a Tor IP address\",\"Suspicious inbox forwarding\",\"Anonymous IP address\",\"Activity from a Tor IP address\",\"PowerShell Downloads\",\"Masquerading as System Files (custom)\",\"Masquerading as System Files (custom)\",\"Anonymous IP address\",\"PowerShell downloads - From Hunting Queries\",\"PowerShell Downloads\",\"Masquerading as System Files (custom)\",\"Encoded Powershell Run - Custom Alert\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Mass delete\",\"Activity from a Tor IP address\",\"PowerShell downloads - From Hunting Queries\",\"Powershell Empire cmdlets seen in command line\",\"Powershell Empire cmdlets seen in command line\\ndata\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Mass download by a single user\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Activity from a Tor IP address\",\"Publicly shared confidential files\",\"Publicly shared confidential files\",\"Publicly shared confidential files\",\"Activity from a Tor IP address\",\"Activity from infrequent country\",\"Activity from a Tor IP address\",\"Publicly shared confidential files\",\"Activity from a Tor IP address\",\"Anonymous IP address\",\"Anonymous IP address\",\"Activity from infrequent country\",\"Anonymous IP address\",\"Suspicious Powershell commandline\",\"PowerShell Downloads\",\"Encoded Powershell Run - Custom Alert\",\"PowerShell downloads - From Hunting Queries\",\"Anonymous IP address\",\"Network connection to a risky host\",\"Suspicious Powershell commandline\",\"Activity from a Tor IP address\",\"A script with suspicious content was observed\",\"A malicious PowerShell Cmdlet was invoked on the\\nmachine\",\"Network connection to a risky host\",\"PowerShell downloads - From Hunting Queries\",\"Encoded Powershell Run - Custom Alert\",\"PowerShell Downloads\",\"PowerShell Downloads\",\"PowerShell downloads - From Hunting Queries\",\"PowerShell Downloads\",\"PowerShell downloads - From Hunting Queries\",\"Encoded Powershell Run - Custom Alert\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"A malicious PowerShell Cmdlet was invoked on the\\nmachine\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Suspicious Powershell commandline\",\"Network connection to a risky host\",\"Network connection to a risky host\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"An active 'Mikatz' high-severity malware was\\ndetected\",\"An active 'Mikatz' high-severity malware was\\ndetected\",\"Suspicious access to LSASS service\",\"Sensitive credential memory read\",\"Sensitive credential memory read\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Suspicious Powershell commandline\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Suspicious access to LSASS service\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by cmd.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious Powershell commandline\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious behavior by a svchost.exe was observed\",\"Suspicious registration of an accessibility\\ndebugger under the IFEO registry key\",\"Suspicious behavior by cmd.exe was observed\",\"PowerShell Downloads\",\"Encoded Powershell Run - Custom Alert\",\"PowerShell downloads - From Hunting Queries\",\"Powershell Empire cmdlets seen in command line\"],\"TimeGenerated\":{\"__ndarray__\":\"AABezwTVdkIAgPrpBNV2QgCAqozh13ZCAIDCA4/XdkIAgOQ8U9Z2QgAA1ahY1nZCAAAI61bWdkIAAPI1WdZ2QgAAS79Y1nZCAADrzljWdkIAAPu0TtZ2QgAAi95Y1nZCAIDfh1jWdkIAAKnuk9Z2QgAAyb+T1nZCAICFpZTWdkIAgJ0s5tZ2QgAA8H4D4HZCAADwfgPgdkIAAPB+A+B2QgAA8H4D4HZCAIBZtlLUdkIAAFQyXNR2QgAAgAFc1HZCAIBD0VzUdkIAgCtar9R2QgCAYGav1HZCAIA8bK/UdkIAAL5O/NV2QgCAHN4G1nZCAIB8n/nVdkIAgNf4+dV2QgCA9lv61XZCAABaKf7VdkIAAM5FBNZ2QgCAs9MV1nZCAAD7FhXWdkIAgBdwFdZ2QgCArn0g1nZCAIA2Mm7ddkIAAOh7cN12QgAAJsVw3XZCAAAe6nHddkIAAJMPc912QgCA0KFz3XZCAIBy7HfddkIAgBGOeN12QgAAa8h43XZCAIBqEXnddkIAgCVbed12QgAAJaR53XZCAIDfNnrddkIAgM+AfN12QgCAmnKm3XZCAAABgWvddkIAgPehpt12QgAAyMhr3XZCAIBhuqbddkIAgHvobd12QgCAwfpv3XZCAACqMnDddkIAAGQOcd12QgAAoldx3XZCAABcM3LddkIAABd9ct12QgAA2MVy3XZCAID2gK/ddkIAAPy8sd12QgAA0Vhz3XZCAIAO63PddkIAgLgQd912QgCAc1p33XZCAIBtJmvddkIAAKwma912QgCANy9r3XZCAABEYWvddkIAgILea912QgCAwCds3XZCAACEemzddkIAgMEMbd12QgAANntu3XZCAAB0xG7ddkIAgB6hcd12QgCATDR03XZCAICKfXTddkIAAAfHdN12QgCABhB13XZCAACDWXXddkIAgIKidd12QgCAwOt13XZCAID4NXbddkIAAGPted12QgAAHcl63XZCAABbEnvddkIAgNdbe912QgCAfPql3XZCAACTHq/ddkIAAJMer912QgAAEB+v3XZCAIBOH6/ddkIAAI0fr912QgCAyx+v3XZCAIBIIK/ddkIAAHOjd912QgAA7zV43XZCAAA9cWzddkIAgH3EbN12QgCA/1Vt3XZCAACkobHddkIAgD2fbd12QgCAcw1v3XZCAADwVm/ddkIAgGygb912QgAAe3523XZCAAC5x3bddkIAgB2Aet12QgCAFaV73XZCAAAV7nvddkIAAFM3fN12QgCA//ml3XZCAIB2+6XddkIAAJ9Spt12QgAAGPSu3XZCAIBW9K7ddkIAgFb0rt12QgCAVvSu3XZCAACV9K7ddkIAgJ39rt12QgCAAgKv3XZCAAAFDK/ddkIAgMYLr912QgCAxguv3XZCAAAFDK/ddkIAgMYLr912QgCAQwyv3XZCAIBDDK/ddkIAgEMMr912QgAAggyv3XZCAIBDDK/ddkIAgNEer912QgCA0R6v3XZCAAAQH6/ddkIAgNEer912QgCATh+v3XZCAIBOH6/ddkIAgMUgr912QgCAxSCv3XZCAIDFIK/ddkIAAAQhr912QgCAxUO+3XZCAAAERL7ddkIAAAREvt12QgCAQkS+3XZCAIBCRL7ddkIAgFiWCt52QgCAulwK3nZCAIC6XAredkIAgH17Ct52QgCA1oEK3nZCAIDWgQredkIAADiRCt52QgCA+ZAK3nZCAAA4kQredkIAgHaRCt52QgAAOJEK3nZCAIB2kQredkIAgHaRCt52QgAAtZEK3nZCAIDzkQredkIAgFiWCt52QgCAWJYK3nZCAIBYlgredkIAgFiWCt52QgCAbGML3nZCAAAPgwredkIAAM5yC952QgAAP3sK3nZCAIBYlgredkIAgMqXE9V2QgCAr1cU1XZCAABk8RPVdkIAgF+sD9V2QgCA7dwK1XZCAADw1A3VdkIAAPXoDdV2QgCACW0O1XZCAIC+mv7UdkIAABc9BtV2QgAARcQK1XZCAABNFgvVdkIAABcTDdV2QgCAp4n+1HZCAAD5LwnVdkIAALy5DNV2QgCAevgM1XZCAAAkeQ3VdkIAgIBuDtV2QgCA21S51HZCAAAFl7nUdkIAAKJiutR2QgCAwtK91HZCAABKL77UdkIAgEXSvdR2QgCAtv8e1XZCAIB8g1fVdkIAANsSYtV2QgAA4sO103ZCAIDrNLbTdkIAgKB/ttN2QgAA8Iu303ZCAICetbTTdkIAABzktdN2QgCAaDW203ZCAIAXjbTTdkIAAPNSttN2QgCAaDW203ZCAADPTLjTdkIAgI5YvdN2QgCAfFu903ZCAAC7W73TdkIAgHf6tNN2QgAApP2003ZCAIBUPrzTdkIAADJdvdN2QgAArJy903ZCAABRSDzXdkIAgHFNPNd2QgCAkAX23HZCAABtTFzddkIAgPVvYt12QgCAyaBi3XZCAAAAzGLddkIAAL3rYt12QgCA4Fhc3XZCAIB4b2LddkIAgHhvYt12QgCAAZJc3XZCAAC9bmLddkIAgPtuYt12QgAAt29i3XZCAICYZzXZdkIAgPCCNdl2QgAAkrE12XZCAIAxl9TadkIAALTf1Np2QgAAfCiK2HZCAIDiS4rYdkIAgLdnith2QgCAmVzO23ZCAICZXM7bdkIAADk4ztt2QgCAdzjO23ZCAAC2OM7bdkIAgPQ4ztt2QgCA9DjO23ZCAID0OM7bdkIAABU+ztt2QgAAFT7O23ZCAIBGVc7bdkIAgEZVztt2QgCAHFzO23ZCAIAcXM7bdkIAgBxcztt2QgAA2FzO23ZCAABVXc7bdkIAANhcztt2QgAA0l3O23ZCAIAQXs7bdkIAgBBeztt2QgAAW1zO23ZCAICTXc7bdkIAgI1eztt2QgCACl/O23ZCAIAKX87bdkIAgI1eztt2QgAASV/O23ZCAICHX87bdkIAAMxeztt2QgCAh1/O23ZCAIAEYM7bdkIAAMZfztt2QgAAQ2DO23ZCAICHX87bdkIAgBOcztt2QgCAEcbO23ZCAAAT5c7bdkIAgHevz9t2Qg==\",\"dtype\":\"float64\",\"shape\":[287]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"4201\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4200\",\"type\":\"UnionRenderers\"}},\"id\":\"4121\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"4135\",\"type\":\"DatetimeTicker\"}},\"id\":\"4138\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4210\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"4167\",\"type\":\"DatetimeAxis\"},{\"id\":\"4173\",\"type\":\"Title\"}],\"center\":[{\"id\":\"4171\",\"type\":\"Grid\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"4179\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"4157\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"4172\",\"type\":\"Toolbar\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"4159\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"4163\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"4161\",\"type\":\"DataRange1d\"},\"y_scale\":{\"id\":\"4165\",\"type\":\"LinearScale\"}},\"id\":\"4156\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"below\":[{\"id\":\"4134\",\"type\":\"DatetimeAxis\"}],\"center\":[{\"id\":\"4138\",\"type\":\"Grid\"},{\"id\":\"4143\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"4139\",\"type\":\"LinearAxis\"}],\"min_border_left\":50,\"plot_height\":200,\"plot_width\":900,\"renderers\":[{\"id\":\"4191\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"4124\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"4149\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"4126\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"4130\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"4128\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"4132\",\"type\":\"LinearScale\"}},\"id\":\"4123\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4203\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4144\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"4157\",\"type\":\"Title\"}],\"root_ids\":[\"4193\"]},\"title\":\"Bokeh Application\",\"version\":\"1.3.4\"}};\n",
       "  var render_items = [{\"docid\":\"09ea1bd7-195f-4aa8-8ef1-faab47f85236\",\"roots\":{\"4193\":\"0415281e-ba00-487f-84a4-c2deeaf8c350\"}}];\n",
       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
       "\n",
       "  }\n",
       "  if (root.Bokeh !== undefined) {\n",
       "    embed_document(root);\n",
       "  } else {\n",
       "    var attempts = 0;\n",
       "    var timer = setInterval(function(root) {\n",
       "      if (root.Bokeh !== undefined) {\n",
       "        embed_document(root);\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "      attempts++;\n",
       "      if (attempts > 100) {\n",
       "        console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "    }, 10, root)\n",
       "  }\n",
       "})(window);"
      ],
      "application/vnd.bokehjs_exec.v0+json": ""
     },
     "metadata": {
      "application/vnd.bokehjs_exec.v0+json": {
       "id": "4193"
      }
     },
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "### Click on alert to view details."
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/vnd.jupyter.widget-view+json": {
       "model_id": "2b7bad34fbe443298eca32688b2d5529",
       "version_major": 2,
       "version_minor": 0
      },
      "text/plain": [
       "VBox(children=(Text(value='', description='Filter alerts by title:', style=DescriptionStyle(description_width=…"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "account_name, account_source = selected_account(select_acct.value)\n",
    "related_alerts = qry_prov.SecurityAlert.list_related_alerts(\n",
    "    **acct_query_params()\n",
    ")\n",
    "\n",
    "def print_related_alerts(alertDict, entityType, entityName):\n",
    "    if len(alertDict) > 0:\n",
    "        md(f\"Found {len(alertDict)} different alert types related to this {entityType} (`{entityName}`)\",\n",
    "           \"large, bold\"\n",
    "        )\n",
    "        for (k, v) in alertDict.items():\n",
    "            print(f\"- {k}, # Alerts: {v}\")\n",
    "    else:\n",
    "        md(f\"No alerts for {entityType} entity `{entityName}`\")\n",
    "\n",
    "\n",
    "if isinstance(related_alerts, pd.DataFrame) and not related_alerts.empty:\n",
    "    alert_items = (\n",
    "        related_alerts[[\"AlertName\", \"TimeGenerated\"]]\n",
    "        .groupby(\"AlertName\")\n",
    "        .TimeGenerated.agg(\"count\")\n",
    "        .to_dict()\n",
    "    )\n",
    "    print_related_alerts(alert_items, \"account\", account_name)\n",
    "    nbdisplay.display_timeline(\n",
    "        data=related_alerts, title=\"Alerts\", source_columns=[\"AlertName\"], height=200\n",
    "    )\n",
    "else:\n",
    "    display(Markdown(\"No related alerts found.\"))\n",
    "\n",
    "def disp_full_alert(alert):\n",
    "    global related_alert\n",
    "    related_alert = SecurityAlert(alert)\n",
    "    nbdisplay.display_alert(related_alert, show_entities=True)\n",
    "\n",
    "if related_alerts is not None and not related_alerts.empty:\n",
    "    related_alerts[\"CompromisedEntity\"] = related_alerts[\"src_accountname\"]\n",
    "    display(Markdown(\"### Click on alert to view details.\"))\n",
    "    rel_alert_select = nbwidgets.AlertSelector(\n",
    "        alerts=related_alerts,\n",
    "        action=disp_full_alert,\n",
    "    )\n",
    "    rel_alert_select.display()"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Hunting/Investigation Bookmarks\n",
    "Any alerts with a matching account name are shown here. Select a bookmark to view the contents."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 44,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:11:57.183856Z",
     "start_time": "2019-10-30T19:11:55.955002Z"
    },
    "scrolled": true
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style='font-size: 130%;font-weight: bold'>Found 31 different bookmarks related to this account (`alexw@m365x648731.onmicrosoft.com`)</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "    <div class=\"bk-root\">\n",
       "        <a href=\"https://bokeh.pydata.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
       "        <span id=\"4434\">Loading BokehJS ...</span>\n",
       "    </div>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "\n",
       "(function(root) {\n",
       "  function now() {\n",
       "    return new Date();\n",
       "  }\n",
       "\n",
       "  var force = true;\n",
       "\n",
       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
       "    root._bokeh_onload_callbacks = [];\n",
       "    root._bokeh_is_loading = undefined;\n",
       "  }\n",
       "\n",
       "  var JS_MIME_TYPE = 'application/javascript';\n",
       "  var HTML_MIME_TYPE = 'text/html';\n",
       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
       "\n",
       "  /**\n",
       "   * Render data to the DOM node\n",
       "   */\n",
       "  function render(props, node) {\n",
       "    var script = document.createElement(\"script\");\n",
       "    node.appendChild(script);\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when an output is cleared or removed\n",
       "   */\n",
       "  function handleClearOutput(event, handle) {\n",
       "    var cell = handle.cell;\n",
       "\n",
       "    var id = cell.output_area._bokeh_element_id;\n",
       "    var server_id = cell.output_area._bokeh_server_id;\n",
       "    // Clean up Bokeh references\n",
       "    if (id != null && id in Bokeh.index) {\n",
       "      Bokeh.index[id].model.document.clear();\n",
       "      delete Bokeh.index[id];\n",
       "    }\n",
       "\n",
       "    if (server_id !== undefined) {\n",
       "      // Clean up Bokeh references\n",
       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
       "      cell.notebook.kernel.execute(cmd, {\n",
       "        iopub: {\n",
       "          output: function(msg) {\n",
       "            var id = msg.content.text.trim();\n",
       "            if (id in Bokeh.index) {\n",
       "              Bokeh.index[id].model.document.clear();\n",
       "              delete Bokeh.index[id];\n",
       "            }\n",
       "          }\n",
       "        }\n",
       "      });\n",
       "      // Destroy server and session\n",
       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
       "      cell.notebook.kernel.execute(cmd);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when a new output is added\n",
       "   */\n",
       "  function handleAddOutput(event, handle) {\n",
       "    var output_area = handle.output_area;\n",
       "    var output = handle.output;\n",
       "\n",
       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
       "      return\n",
       "    }\n",
       "\n",
       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
       "\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
       "      // store reference to embed id on output_area\n",
       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
       "    }\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
       "      var bk_div = document.createElement(\"div\");\n",
       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
       "      var script_attrs = bk_div.children[0].attributes;\n",
       "      for (var i = 0; i < script_attrs.length; i++) {\n",
       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
       "      }\n",
       "      // store reference to server id on output_area\n",
       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
       "    }\n",
       "  }\n",
       "\n",
       "  function register_renderer(events, OutputArea) {\n",
       "\n",
       "    function append_mime(data, metadata, element) {\n",
       "      // create a DOM node to render to\n",
       "      var toinsert = this.create_output_subarea(\n",
       "        metadata,\n",
       "        CLASS_NAME,\n",
       "        EXEC_MIME_TYPE\n",
       "      );\n",
       "      this.keyboard_manager.register_events(toinsert);\n",
       "      // Render to node\n",
       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
       "      render(props, toinsert[toinsert.length - 1]);\n",
       "      element.append(toinsert);\n",
       "      return toinsert\n",
       "    }\n",
       "\n",
       "    /* Handle when an output is cleared or removed */\n",
       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
       "    events.on('delete.Cell', handleClearOutput);\n",
       "\n",
       "    /* Handle when a new output is added */\n",
       "    events.on('output_added.OutputArea', handleAddOutput);\n",
       "\n",
       "    /**\n",
       "     * Register the mime type and append_mime function with output_area\n",
       "     */\n",
       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
       "      /* Is output safe? */\n",
       "      safe: true,\n",
       "      /* Index of renderer in `output_area.display_order` */\n",
       "      index: 0\n",
       "    });\n",
       "  }\n",
       "\n",
       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
       "  if (root.Jupyter !== undefined) {\n",
       "    var events = require('base/js/events');\n",
       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
       "\n",
       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
       "      register_renderer(events, OutputArea);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  \n",
       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
       "    root._bokeh_timeout = Date.now() + 5000;\n",
       "    root._bokeh_failed_load = false;\n",
       "  }\n",
       "\n",
       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
       "     \"<div style='background-color: #fdd'>\\n\"+\n",
       "     \"<p>\\n\"+\n",
       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
       "     \"</p>\\n\"+\n",
       "     \"<ul>\\n\"+\n",
       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
       "     \"</ul>\\n\"+\n",
       "     \"<code>\\n\"+\n",
       "     \"from bokeh.resources import INLINE\\n\"+\n",
       "     \"output_notebook(resources=INLINE)\\n\"+\n",
       "     \"</code>\\n\"+\n",
       "     \"</div>\"}};\n",
       "\n",
       "  function display_loaded() {\n",
       "    var el = document.getElementById(\"4434\");\n",
       "    if (el != null) {\n",
       "      el.textContent = \"BokehJS is loading...\";\n",
       "    }\n",
       "    if (root.Bokeh !== undefined) {\n",
       "      if (el != null) {\n",
       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
       "      }\n",
       "    } else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(display_loaded, 100)\n",
       "    }\n",
       "  }\n",
       "\n",
       "\n",
       "  function run_callbacks() {\n",
       "    try {\n",
       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
       "        if (callback != null)\n",
       "          callback();\n",
       "      });\n",
       "    } finally {\n",
       "      delete root._bokeh_onload_callbacks\n",
       "    }\n",
       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
       "  }\n",
       "\n",
       "  function load_libs(css_urls, js_urls, callback) {\n",
       "    if (css_urls == null) css_urls = [];\n",
       "    if (js_urls == null) js_urls = [];\n",
       "\n",
       "    root._bokeh_onload_callbacks.push(callback);\n",
       "    if (root._bokeh_is_loading > 0) {\n",
       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
       "      return null;\n",
       "    }\n",
       "    if (js_urls == null || js_urls.length === 0) {\n",
       "      run_callbacks();\n",
       "      return null;\n",
       "    }\n",
       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
       "\n",
       "    function on_load() {\n",
       "      root._bokeh_is_loading--;\n",
       "      if (root._bokeh_is_loading === 0) {\n",
       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
       "        run_callbacks()\n",
       "      }\n",
       "    }\n",
       "\n",
       "    function on_error() {\n",
       "      console.error(\"failed to load \" + url);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < css_urls.length; i++) {\n",
       "      var url = css_urls[i];\n",
       "      const element = document.createElement(\"link\");\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.rel = \"stylesheet\";\n",
       "      element.type = \"text/css\";\n",
       "      element.href = url;\n",
       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
       "      document.body.appendChild(element);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < js_urls.length; i++) {\n",
       "      var url = js_urls[i];\n",
       "      var element = document.createElement('script');\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.async = false;\n",
       "      element.src = url;\n",
       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
       "      document.head.appendChild(element);\n",
       "    }\n",
       "  };var element = document.getElementById(\"4434\");\n",
       "  if (element == null) {\n",
       "    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '4434' but no matching script tag was found. \")\n",
       "    return false;\n",
       "  }\n",
       "\n",
       "  function inject_raw_css(css) {\n",
       "    const element = document.createElement(\"style\");\n",
       "    element.appendChild(document.createTextNode(css));\n",
       "    document.body.appendChild(element);\n",
       "  }\n",
       "\n",
       "  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n",
       "  var css_urls = [];\n",
       "\n",
       "  var inline_js = [\n",
       "    function(Bokeh) {\n",
       "      Bokeh.set_log_level(\"info\");\n",
       "    },\n",
       "    \n",
       "    function(Bokeh) {\n",
       "      \n",
       "    },\n",
       "    function(Bokeh) {} // ensure no trailing comma for IE\n",
       "  ];\n",
       "\n",
       "  function run_inline_js() {\n",
       "    \n",
       "    if ((root.Bokeh !== undefined) || (force === true)) {\n",
       "      for (var i = 0; i < inline_js.length; i++) {\n",
       "        inline_js[i].call(root, root.Bokeh);\n",
       "      }if (force === true) {\n",
       "        display_loaded();\n",
       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(run_inline_js, 100);\n",
       "    } else if (!root._bokeh_failed_load) {\n",
       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
       "      root._bokeh_failed_load = true;\n",
       "    } else if (force !== true) {\n",
       "      var cell = $(document.getElementById(\"4434\")).parents('.cell').data().cell;\n",
       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
       "    }\n",
       "\n",
       "  }\n",
       "\n",
       "  if (root._bokeh_is_loading === 0) {\n",
       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
       "    run_inline_js();\n",
       "  } else {\n",
       "    load_libs(css_urls, js_urls, function() {\n",
       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
       "      run_inline_js();\n",
       "    });\n",
       "  }\n",
       "}(window));"
      ],
      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"4434\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"4434\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '4434' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"4434\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "  <div class=\"bk-root\" id=\"12e5a599-c2d4-459a-a684-a99d6f37886b\" data-root-id=\"4507\"></div>\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "(function(root) {\n",
       "  function embed_document(root) {\n",
       "    \n",
       "  var docs_json = {\"ee09bfb5-06e0-47a6-8416-8efa80fa0274\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"4437\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"4470\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"4507\",\"type\":\"Column\"},{\"attributes\":{\"overlay\":{\"id\":\"4496\",\"type\":\"BoxAnnotation\"},\"x_range\":{\"id\":\"4440\",\"type\":\"Range1d\"},\"y_range\":null},\"id\":\"4495\",\"type\":\"RangeTool\"},{\"attributes\":{\"source\":{\"id\":\"4435\",\"type\":\"ColumnDataSource\"}},\"id\":\"4506\",\"type\":\"CDSView\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"4529\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4530\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4531\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4532\",\"type\":\"DaysTicker\"},{\"id\":\"4533\",\"type\":\"DaysTicker\"},{\"id\":\"4534\",\"type\":\"DaysTicker\"},{\"id\":\"4535\",\"type\":\"DaysTicker\"},{\"id\":\"4536\",\"type\":\"MonthsTicker\"},{\"id\":\"4537\",\"type\":\"MonthsTicker\"},{\"id\":\"4538\",\"type\":\"MonthsTicker\"},{\"id\":\"4539\",\"type\":\"MonthsTicker\"},{\"id\":\"4540\",\"type\":\"YearsTicker\"}]},\"id\":\"4482\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"4496\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"callback\":null,\"end\":1571813404652.15,\"start\":1568435651856.8499},\"id\":\"4473\",\"type\":\"Range1d\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4518\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4538\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"4495\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4495\",\"type\":\"RangeTool\"}]},\"id\":\"4486\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"4460\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"4454\",\"type\":\"BasicTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4536\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4491\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4527\",\"type\":\"YearsTicker\"},{\"attributes\":{\"text\":\"Timeline: Bookmarks\"},\"id\":\"4438\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4533\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4435\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4503\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4504\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4506\",\"type\":\"CDSView\"}},\"id\":\"4505\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4504\",\"type\":\"Diamond\"},{\"attributes\":{\"ticker\":{\"id\":\"4482\",\"type\":\"DatetimeTicker\"}},\"id\":\"4485\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"4515\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4500\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4517\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4524\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"4477\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4462\",\"type\":\"PanTool\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4521\",\"type\":\"DaysTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"4516\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4517\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4518\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4519\",\"type\":\"DaysTicker\"},{\"id\":\"4520\",\"type\":\"DaysTicker\"},{\"id\":\"4521\",\"type\":\"DaysTicker\"},{\"id\":\"4522\",\"type\":\"DaysTicker\"},{\"id\":\"4523\",\"type\":\"MonthsTicker\"},{\"id\":\"4524\",\"type\":\"MonthsTicker\"},{\"id\":\"4525\",\"type\":\"MonthsTicker\"},{\"id\":\"4526\",\"type\":\"MonthsTicker\"},{\"id\":\"4527\",\"type\":\"YearsTicker\"}]},\"id\":\"4449\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4523\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"4528\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"4449\",\"type\":\"DatetimeTicker\"}},\"id\":\"4452\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"4479\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"start\":-1.0},\"id\":\"4442\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4535\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4534\",\"type\":\"DaysTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4458\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"4514\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4520\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4526\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"BookmarkName\",\"@BookmarkName\"],[\"Tags\",\"@Tags\"]]},\"id\":\"4436\",\"type\":\"HoverTool\"},{\"attributes\":{\"below\":[{\"id\":\"4448\",\"type\":\"DatetimeAxis\"}],\"center\":[{\"id\":\"4452\",\"type\":\"Grid\"},{\"id\":\"4457\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"4453\",\"type\":\"LinearAxis\"}],\"min_border_left\":50,\"plot_height\":200,\"plot_width\":900,\"renderers\":[{\"id\":\"4505\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"4438\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"4463\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"4440\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"4444\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"4442\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"4446\",\"type\":\"LinearScale\"}},\"id\":\"4437\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"4454\",\"type\":\"BasicTicker\"}},\"id\":\"4457\",\"type\":\"Grid\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"4471\",\"type\":\"Title\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"4487\",\"type\":\"Title\"},{\"attributes\":{\"formatter\":{\"id\":\"4488\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"4482\",\"type\":\"DatetimeTicker\"}},\"id\":\"4481\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4516\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4531\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4537\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4435\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4491\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4492\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4494\",\"type\":\"CDSView\"}},\"id\":\"4493\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4522\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4532\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4539\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"BookmarkName\":[\"SecurityAlert - 961799ddaf9d\",\"Suspicious Powershell Command Line in MDATP\",\"MDATP Alert\",\"MDATP  Suspicious Powershell Command\",\" Suspicious Powershell Command Line in MDATP -\\n420e5ff3c39c\",\"Suspicious Powershell Command Line in MDATP\",\"Advanced Multistage Attack Detection - ZScaler &\\nMDATP\",\"MDATP Suspicious Powershell Command Line\",\" Suspicious Powershell Command Line in MDATP -\\nbaa2ced71f7e\",\" Masquerading files - 91d0b68b3df5\",\" Masquerading files to look like system\\nexecutables - 273574418fed\",\" Masquerading files of windows system processe(s)\\n- c6b42c99a709\",\"SecurityEvent - f73cc89ae062\",\" Masquerading files of windows system processe(s)\\n- 027fff90eea1\",\" Copy of Masquerading files of windows system\\nprocesse(s) - f5d65cb8cb27\",\"SecurityEvent - 00cd81b12ebe\",\" Masquerading files of windows system processe(s)\\n- 0a84967389eb\",\" Masquerading files of windows system processe(s)\\n- 10c2aaabdc47\",\"SecurityEvent - e7998c41baf9\",\"SecurityEvent - a21871766389\",\" Masquerading files of windows system processe(s)\\n- e1ef65826ff8\",\" Least Common Parent And Child Process Pairs -\\nc35bb574feb6\",\" Masquerading files of windows system processe(s)\\n- 1291dce958fb\",\" Masquerading files of windows system processe(s)\\n- d57e6011f539\",\" Masquerading files\",\" Masquerading files to look like system\\nexecutables - 8754943044af\",\" Masquerading files to look like system\\nexecutables - 5101d73a4d0d\",\" Masquerading files of windows system processe(s)\\n- 702ade076740\",\" Masquerading files of windows system processe(s)\\n- 0bc6a98a5956\",\" Masquerading files of windows system processes -\\n342264d7b6e8\",\" Masquerading files of windows system processes -\\naf74bf16f22e\"],\"Tags\":[\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\",\"[]\"],\"TimeGenerated\":{\"__ndarray__\":\"ALAll6/ddkIAIDd/sN12QgBAqVKx3XZCAFDm57HddkIAsBDqr912QgBQ9suw3XZCAAAkvbDddkIAECQCsd12QgCQdGMC3nZCAIB0Av/UdkIAcEEuD9V2QgAQtkYP1XZCADAnfA/VdkIAII+pD9V2QgAwSL0P1XZCAMBHIxDVdkIAsD6UD9V2QgAw4fsP1XZCAFAuBhDVdkIAcGoQENV2QgBAdjIQ1XZCALAur/fVdkIAoHcEAdZ2QgBgoycB1nZCAKBiNybWdkIAoD/eA9Z2QgDAjcQu1nZCACDpcVDWdkIA4NSpT9Z2QgBA23tU1HZCABDGAlXUdkI=\",\"dtype\":\"float64\",\"shape\":[31]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"4515\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4514\",\"type\":\"UnionRenderers\"}},\"id\":\"4435\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4525\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4503\",\"type\":\"Diamond\"},{\"attributes\":{\"formatter\":{\"id\":\"4511\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"4454\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"4453\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"4461\",\"type\":\"SaveTool\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4530\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"4481\",\"type\":\"DatetimeAxis\"},{\"id\":\"4487\",\"type\":\"Title\"}],\"center\":[{\"id\":\"4485\",\"type\":\"Grid\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"4493\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"4471\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"4486\",\"type\":\"Toolbar\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"4473\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"4477\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"4475\",\"type\":\"DataRange1d\"},\"y_scale\":{\"id\":\"4479\",\"type\":\"LinearScale\"}},\"id\":\"4470\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"4444\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"4528\",\"type\":\"BoxAnnotation\"}},\"id\":\"4459\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4488\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4492\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4511\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"4500\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"4449\",\"type\":\"DatetimeTicker\"}},\"id\":\"4448\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4436\",\"type\":\"HoverTool\"},{\"id\":\"4458\",\"type\":\"WheelZoomTool\"},{\"id\":\"4459\",\"type\":\"BoxZoomTool\"},{\"id\":\"4460\",\"type\":\"ResetTool\"},{\"id\":\"4461\",\"type\":\"SaveTool\"},{\"id\":\"4462\",\"type\":\"PanTool\"}]},\"id\":\"4463\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"4540\",\"type\":\"YearsTicker\"},{\"attributes\":{\"callback\":null},\"id\":\"4475\",\"type\":\"DataRange1d\"},{\"attributes\":{\"source\":{\"id\":\"4435\",\"type\":\"ColumnDataSource\"}},\"id\":\"4494\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"end\":1571683491083.0999,\"start\":1568565565425.9001},\"id\":\"4440\",\"type\":\"Range1d\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4529\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"4446\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4519\",\"type\":\"DaysTicker\"}],\"root_ids\":[\"4507\"]},\"title\":\"Bokeh Application\",\"version\":\"1.3.4\"}};\n",
       "  var render_items = [{\"docid\":\"ee09bfb5-06e0-47a6-8416-8efa80fa0274\",\"roots\":{\"4507\":\"12e5a599-c2d4-459a-a684-a99d6f37886b\"}}];\n",
       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
       "\n",
       "  }\n",
       "  if (root.Bokeh !== undefined) {\n",
       "    embed_document(root);\n",
       "  } else {\n",
       "    var attempts = 0;\n",
       "    var timer = setInterval(function(root) {\n",
       "      if (root.Bokeh !== undefined) {\n",
       "        embed_document(root);\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "      attempts++;\n",
       "      if (attempts > 100) {\n",
       "        console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "    }, 10, root)\n",
       "  }\n",
       "})(window);"
      ],
      "application/vnd.bokehjs_exec.v0+json": ""
     },
     "metadata": {
      "application/vnd.bokehjs_exec.v0+json": {
       "id": "4507"
      }
     },
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "### Click on bookmark to view details."
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/vnd.jupyter.widget-view+json": {
       "model_id": "4b765304636b411b9970fe84e1705c37",
       "version_major": 2,
       "version_minor": 0
      },
      "text/plain": [
       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "acct_name = acct_query_params()[\"account_name\"]\n",
    "related_bkmark_df = qry_prov.AzureSentinel.list_bookmarks_for_entity(\n",
    "    **acct_query_params(), entity_id=acct_name\n",
    ")\n",
    "\n",
    "def print_related_bkmk(bookmarks, entityType, entityName):\n",
    "    if len(bookmarks) > 0:\n",
    "        md(f\"Found {len(bookmarks)} different bookmarks related to this {entityType} (`{entityName}`)\",\n",
    "           \"large, bold\"\n",
    "        )\n",
    "    else:\n",
    "        md(f\"No alerts for {entityType} entity `{entityName}`\")\n",
    "\n",
    "\n",
    "if isinstance(related_bkmark_df, pd.DataFrame) and not related_bkmark_df.empty:\n",
    "    bookmarks = (related_bkmark_df\n",
    "                 .apply(lambda x: (f\"{x.BookmarkName} {x.Tags}  {x.TimeGenerated}\", x.BookmarkId),\n",
    "                        axis=1)\n",
    "                 .tolist())\n",
    "    print_related_bkmk(bookmarks, \"account\", account_name)\n",
    "    nbdisplay.display_timeline(\n",
    "        data=related_bkmark_df,\n",
    "        title=\"Bookmarks\",\n",
    "        source_columns=[\"BookmarkName\", \"Tags\"], height=200\n",
    "    )\n",
    "else:\n",
    "    display(Markdown(\"No related bookmarks found.\"))\n",
    "\n",
    "def disp_bookmark(bookmark_id):\n",
    "    display(related_bkmark_df[related_bkmark_df[\"BookmarkId\"] == bookmark_id].T)\n",
    "\n",
    "if related_bkmark_df is not None and not related_bkmark_df.empty:\n",
    "    display(Markdown(\"### Click on bookmark to view details.\"))\n",
    "    rel_bkmk_select = nbwidgets.SelectString(\n",
    "        item_list=bookmarks,\n",
    "        action=disp_bookmark,\n",
    "        auto_display=True\n",
    "    )\n",
    "    "
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Further Investigation\n",
    "Depending on the type of account (AAD or Host/Endpoint account) we can drill deeper to look at data specific to that account type."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 101,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T23:31:56.944618Z",
     "start_time": "2019-10-30T23:31:50.797227Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold;font-size: 130%;color: blue'>Account 'alexw@m365x648731.onmicrosoft.com'. Source is 'O365Activity'</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "### For further analysis go to go to [AAD/Office Account](#AAD/Office-Account)"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "# Function definitions used below\n",
    "# This cell should be executed before continuing further.\n",
    "\n",
    "# WHOIS lookup function\n",
    "from functools import lru_cache\n",
    "from ipwhois import IPWhois\n",
    "from ipaddress import ip_address\n",
    "\n",
    "@lru_cache(maxsize=1024)\n",
    "def get_whois_info(ip_lookup, show_progress=False):\n",
    "    try:\n",
    "        ip = ip_address(ip_lookup)\n",
    "    except ValueError:\n",
    "        return \"Not an IP Address\", {}\n",
    "    if ip.is_private:\n",
    "        return \"private address\", {}\n",
    "    if not ip.is_global:\n",
    "        return \"other address\", {}\n",
    "    whois = IPWhois(ip)\n",
    "    whois_result = whois.lookup_whois()\n",
    "    if show_progress:\n",
    "        print(\".\", end=\"\")\n",
    "    return whois_result[\"asn_description\"], whois_result\n",
    "\n",
    "\n",
    "ti_lookup = TILookup()\n",
    "def check_ip_ti(df, ip_col):\n",
    "\n",
    "    ip4_rgx = r\"((?:[0-9]{1,3}\\.){3}[0-9]{1,3})\"\n",
    "    df = (df\n",
    "          .assign(IP_ext=lambda x: x[ip_col].str.extract(ip4_rgx, expand=False))\n",
    "          .rename(columns={ip_col: ip_col + \"_orig\"})\n",
    "          .rename(columns={\"IP_ext\": ip_col})\n",
    "         )\n",
    "    src_ip_addrs = (df[[ip_col]]\n",
    "                    .dropna()\n",
    "                    .drop_duplicates()\n",
    "                   )\n",
    "    md(f\"Querying TI for {len(src_ip_addrs)} indicators...\")\n",
    "    ti_results = ti_lookup.lookup_iocs(data=src_ip_addrs, obs_col=ip_col)\n",
    "    ti_results = ti_results[ti_results[\"Severity\"] > 0]\n",
    "\n",
    "    ti_merged_df = df.merge(ti_results, how=\"left\", left_on=ip_col, right_on=\"Ioc\")\n",
    "    return ti_results, ti_merged_df, src_ip_addrs\n",
    "\n",
    "\n",
    "geo_lookup = GeoLiteLookup()\n",
    "def check_geo_whois(ip_df, df, ip_col):\n",
    "    \n",
    "    ip4_rgx = r\"((?:[0-9]{1,3}\\.){3}[0-9]{1,3})\"\n",
    "    df = (df\n",
    "          .assign(IP_ext=lambda x: x[ip_col].str.extract(ip4_rgx, expand=False))\n",
    "          .rename(columns={ip_col: ip_col + \"_orig\"})\n",
    "          .rename(columns={\"IP_ext\": ip_col})\n",
    "         )\n",
    "    md(f\"Querying geolocation for {len(ip_df)} ip addresses...\")\n",
    "    \n",
    "    geo_ips = geo_lookup.lookup_ip(ip_addr_list=list(ip_df[ip_col].values))\n",
    "    # TODO replace\n",
    "    ip_dicts = [{**ent.Location.properties, \"IpAddress\": ent.Address} for ent in geo_ips[1]]\n",
    "    df_out = pd.DataFrame(data=ip_dicts)\n",
    "    geo_df = df.merge(df_out, how=\"left\", left_on=ip_col, right_on=\"IpAddress\")\n",
    "\n",
    "    md(f\"Querying WhoIs for {len(ip_df)} ip addresses...\")\n",
    "    whois_df = ip_df.copy()\n",
    "    # Get the WhoIs results\n",
    "    whois_df[[\"ASNDesc\", \"WhoisResult\"]] = (\n",
    "        ip_df\n",
    "        .apply(lambda x: get_whois_info(x[ip_col], show_progress=True),\n",
    "               axis=1, result_type=\"expand\"))\n",
    "    geo_whois_df = geo_df.merge(whois_df, how=\"left\", right_on=ip_col, left_on=ip_col)\n",
    "    return geo_whois_df\n",
    "\n",
    "# Based on the account type, advice the user where to go next.\n",
    "\n",
    "acct, source = selected_account(select_acct.value)\n",
    "md(f\"Account '{acct}'. Source is '{source}'\", \"bold, large, blue\")\n",
    "\n",
    "goto = lambda x: display(Markdown(f\"### For further analysis go to {x}\"))\n",
    "if source == \"LinuxHostLogon\":\n",
    "    goto(\"go to [LinuxHostLogon](#Linux-Host)\")\n",
    "if source == \"WindowsHostLogon\":\n",
    "    goto(\"go to [WindowsHostLogon](#Windows-Host)\")\n",
    "if source in [\"AADLogon\", \"AzureActivity\", \"O365Activity\"]:\n",
    "    goto(\"go to [AAD/Office Account](#AAD/Office-Account)\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Windows Host\n",
    "For Windows accounts we look for the following types of data:\n",
    "\n",
    "- Logon Summary\n",
    "- Threat Intelligence reports for logon source IP Address(es)\n",
    "- Geo location and Whois lookup for logon source IP Address(es)\n",
    "- Additional alerts for the hosts where the account had logged on\n",
    "- Additional bookmarks for the hosts where the account had logged on"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 19,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T18:56:31.728264Z",
     "start_time": "2019-10-30T18:56:30.573897Z"
    }
   },
   "outputs": [],
   "source": [
    "ext_logon_status = \"| extend LogonStatus = iff(EventID == 4624, 'success', 'failed')\"\n",
    "all_win_logons = (qry_prov.WindowsSecurity\n",
    "                  .list_logon_attempts_by_account(**acct_query_params(),\n",
    "                                                 add_query_items=ext_logon_status))"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Host Logon Summary"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 20,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T18:56:33.644730Z",
     "start_time": "2019-10-30T18:56:33.482799Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/html": [
       "<div>\n",
       "<style scoped>\n",
       "    .dataframe tbody tr th:only-of-type {\n",
       "        vertical-align: middle;\n",
       "    }\n",
       "\n",
       "    .dataframe tbody tr th {\n",
       "        vertical-align: top;\n",
       "    }\n",
       "\n",
       "    .dataframe thead th {\n",
       "        text-align: right;\n",
       "    }\n",
       "</style>\n",
       "<table border=\"1\" class=\"dataframe\">\n",
       "  <thead>\n",
       "    <tr style=\"text-align: right;\">\n",
       "      <th></th>\n",
       "      <th>TotalLogons</th>\n",
       "      <th>LogonResult</th>\n",
       "      <th>IPAddresses</th>\n",
       "      <th>LogonTypeCount</th>\n",
       "      <th>FirstLogon</th>\n",
       "      <th>LastLogon</th>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <th>Computer</th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "    </tr>\n",
       "  </thead>\n",
       "  <tbody>\n",
       "    <tr>\n",
       "      <td>WebServer-1</td>\n",
       "      <td>48</td>\n",
       "      <td>{'failed': 48}</td>\n",
       "      <td>[185.81.128.116, 185.107.45.130, 173.249.58.228, 63.150.106.131, 212.92.106.156]</td>\n",
       "      <td>{3: 48}</td>\n",
       "      <td>2019-10-25 19:54:13.153</td>\n",
       "      <td>2019-10-30 17:37:44.297</td>\n",
       "    </tr>\n",
       "  </tbody>\n",
       "</table>\n",
       "</div>"
      ],
      "text/plain": [
       "             TotalLogons     LogonResult  \\\n",
       "Computer                                   \n",
       "WebServer-1           48  {'failed': 48}   \n",
       "\n",
       "                                                                                  IPAddresses  \\\n",
       "Computer                                                                                        \n",
       "WebServer-1  [185.81.128.116, 185.107.45.130, 173.249.58.228, 63.150.106.131, 212.92.106.156]   \n",
       "\n",
       "            LogonTypeCount              FirstLogon               LastLogon  \n",
       "Computer                                                                    \n",
       "WebServer-1        {3: 48} 2019-10-25 19:54:13.153 2019-10-30 17:37:44.297  "
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "    <div class=\"bk-root\">\n",
       "        <a href=\"https://bokeh.pydata.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
       "        <span id=\"1001\">Loading BokehJS ...</span>\n",
       "    </div>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "\n",
       "(function(root) {\n",
       "  function now() {\n",
       "    return new Date();\n",
       "  }\n",
       "\n",
       "  var force = true;\n",
       "\n",
       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
       "    root._bokeh_onload_callbacks = [];\n",
       "    root._bokeh_is_loading = undefined;\n",
       "  }\n",
       "\n",
       "  var JS_MIME_TYPE = 'application/javascript';\n",
       "  var HTML_MIME_TYPE = 'text/html';\n",
       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
       "\n",
       "  /**\n",
       "   * Render data to the DOM node\n",
       "   */\n",
       "  function render(props, node) {\n",
       "    var script = document.createElement(\"script\");\n",
       "    node.appendChild(script);\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when an output is cleared or removed\n",
       "   */\n",
       "  function handleClearOutput(event, handle) {\n",
       "    var cell = handle.cell;\n",
       "\n",
       "    var id = cell.output_area._bokeh_element_id;\n",
       "    var server_id = cell.output_area._bokeh_server_id;\n",
       "    // Clean up Bokeh references\n",
       "    if (id != null && id in Bokeh.index) {\n",
       "      Bokeh.index[id].model.document.clear();\n",
       "      delete Bokeh.index[id];\n",
       "    }\n",
       "\n",
       "    if (server_id !== undefined) {\n",
       "      // Clean up Bokeh references\n",
       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
       "      cell.notebook.kernel.execute(cmd, {\n",
       "        iopub: {\n",
       "          output: function(msg) {\n",
       "            var id = msg.content.text.trim();\n",
       "            if (id in Bokeh.index) {\n",
       "              Bokeh.index[id].model.document.clear();\n",
       "              delete Bokeh.index[id];\n",
       "            }\n",
       "          }\n",
       "        }\n",
       "      });\n",
       "      // Destroy server and session\n",
       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
       "      cell.notebook.kernel.execute(cmd);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when a new output is added\n",
       "   */\n",
       "  function handleAddOutput(event, handle) {\n",
       "    var output_area = handle.output_area;\n",
       "    var output = handle.output;\n",
       "\n",
       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
       "      return\n",
       "    }\n",
       "\n",
       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
       "\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
       "      // store reference to embed id on output_area\n",
       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
       "    }\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
       "      var bk_div = document.createElement(\"div\");\n",
       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
       "      var script_attrs = bk_div.children[0].attributes;\n",
       "      for (var i = 0; i < script_attrs.length; i++) {\n",
       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
       "      }\n",
       "      // store reference to server id on output_area\n",
       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
       "    }\n",
       "  }\n",
       "\n",
       "  function register_renderer(events, OutputArea) {\n",
       "\n",
       "    function append_mime(data, metadata, element) {\n",
       "      // create a DOM node to render to\n",
       "      var toinsert = this.create_output_subarea(\n",
       "        metadata,\n",
       "        CLASS_NAME,\n",
       "        EXEC_MIME_TYPE\n",
       "      );\n",
       "      this.keyboard_manager.register_events(toinsert);\n",
       "      // Render to node\n",
       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
       "      render(props, toinsert[toinsert.length - 1]);\n",
       "      element.append(toinsert);\n",
       "      return toinsert\n",
       "    }\n",
       "\n",
       "    /* Handle when an output is cleared or removed */\n",
       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
       "    events.on('delete.Cell', handleClearOutput);\n",
       "\n",
       "    /* Handle when a new output is added */\n",
       "    events.on('output_added.OutputArea', handleAddOutput);\n",
       "\n",
       "    /**\n",
       "     * Register the mime type and append_mime function with output_area\n",
       "     */\n",
       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
       "      /* Is output safe? */\n",
       "      safe: true,\n",
       "      /* Index of renderer in `output_area.display_order` */\n",
       "      index: 0\n",
       "    });\n",
       "  }\n",
       "\n",
       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
       "  if (root.Jupyter !== undefined) {\n",
       "    var events = require('base/js/events');\n",
       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
       "\n",
       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
       "      register_renderer(events, OutputArea);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  \n",
       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
       "    root._bokeh_timeout = Date.now() + 5000;\n",
       "    root._bokeh_failed_load = false;\n",
       "  }\n",
       "\n",
       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
       "     \"<div style='background-color: #fdd'>\\n\"+\n",
       "     \"<p>\\n\"+\n",
       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
       "     \"</p>\\n\"+\n",
       "     \"<ul>\\n\"+\n",
       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
       "     \"</ul>\\n\"+\n",
       "     \"<code>\\n\"+\n",
       "     \"from bokeh.resources import INLINE\\n\"+\n",
       "     \"output_notebook(resources=INLINE)\\n\"+\n",
       "     \"</code>\\n\"+\n",
       "     \"</div>\"}};\n",
       "\n",
       "  function display_loaded() {\n",
       "    var el = document.getElementById(\"1001\");\n",
       "    if (el != null) {\n",
       "      el.textContent = \"BokehJS is loading...\";\n",
       "    }\n",
       "    if (root.Bokeh !== undefined) {\n",
       "      if (el != null) {\n",
       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
       "      }\n",
       "    } else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(display_loaded, 100)\n",
       "    }\n",
       "  }\n",
       "\n",
       "\n",
       "  function run_callbacks() {\n",
       "    try {\n",
       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
       "        if (callback != null)\n",
       "          callback();\n",
       "      });\n",
       "    } finally {\n",
       "      delete root._bokeh_onload_callbacks\n",
       "    }\n",
       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
       "  }\n",
       "\n",
       "  function load_libs(css_urls, js_urls, callback) {\n",
       "    if (css_urls == null) css_urls = [];\n",
       "    if (js_urls == null) js_urls = [];\n",
       "\n",
       "    root._bokeh_onload_callbacks.push(callback);\n",
       "    if (root._bokeh_is_loading > 0) {\n",
       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
       "      return null;\n",
       "    }\n",
       "    if (js_urls == null || js_urls.length === 0) {\n",
       "      run_callbacks();\n",
       "      return null;\n",
       "    }\n",
       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
       "\n",
       "    function on_load() {\n",
       "      root._bokeh_is_loading--;\n",
       "      if (root._bokeh_is_loading === 0) {\n",
       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
       "        run_callbacks()\n",
       "      }\n",
       "    }\n",
       "\n",
       "    function on_error() {\n",
       "      console.error(\"failed to load \" + url);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < css_urls.length; i++) {\n",
       "      var url = css_urls[i];\n",
       "      const element = document.createElement(\"link\");\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.rel = \"stylesheet\";\n",
       "      element.type = \"text/css\";\n",
       "      element.href = url;\n",
       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
       "      document.body.appendChild(element);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < js_urls.length; i++) {\n",
       "      var url = js_urls[i];\n",
       "      var element = document.createElement('script');\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.async = false;\n",
       "      element.src = url;\n",
       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
       "      document.head.appendChild(element);\n",
       "    }\n",
       "  };var element = document.getElementById(\"1001\");\n",
       "  if (element == null) {\n",
       "    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n",
       "    return false;\n",
       "  }\n",
       "\n",
       "  function inject_raw_css(css) {\n",
       "    const element = document.createElement(\"style\");\n",
       "    element.appendChild(document.createTextNode(css));\n",
       "    document.body.appendChild(element);\n",
       "  }\n",
       "\n",
       "  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n",
       "  var css_urls = [];\n",
       "\n",
       "  var inline_js = [\n",
       "    function(Bokeh) {\n",
       "      Bokeh.set_log_level(\"info\");\n",
       "    },\n",
       "    \n",
       "    function(Bokeh) {\n",
       "      \n",
       "    },\n",
       "    function(Bokeh) {} // ensure no trailing comma for IE\n",
       "  ];\n",
       "\n",
       "  function run_inline_js() {\n",
       "    \n",
       "    if ((root.Bokeh !== undefined) || (force === true)) {\n",
       "      for (var i = 0; i < inline_js.length; i++) {\n",
       "        inline_js[i].call(root, root.Bokeh);\n",
       "      }if (force === true) {\n",
       "        display_loaded();\n",
       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(run_inline_js, 100);\n",
       "    } else if (!root._bokeh_failed_load) {\n",
       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
       "      root._bokeh_failed_load = true;\n",
       "    } else if (force !== true) {\n",
       "      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n",
       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
       "    }\n",
       "\n",
       "  }\n",
       "\n",
       "  if (root._bokeh_is_loading === 0) {\n",
       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
       "    run_inline_js();\n",
       "  } else {\n",
       "    load_libs(css_urls, js_urls, function() {\n",
       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
       "      run_inline_js();\n",
       "    });\n",
       "  }\n",
       "}(window));"
      ],
      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"1001\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "  <div class=\"bk-root\" id=\"5454ce70-3a84-46fa-8eab-abf65ff46e94\" data-root-id=\"1124\"></div>\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "(function(root) {\n",
       "  function embed_document(root) {\n",
       "    \n",
       "  var docs_json = {\"c7306f57-7ca0-44d2-8a0a-518ba2030319\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1008\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"1041\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"1124\",\"type\":\"Column\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1083\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"1006\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1082\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1083\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"1085\",\"type\":\"CDSView\"}},\"id\":\"1084\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1095\",\"type\":\"Diamond\"},{\"attributes\":{\"below\":[{\"id\":\"1052\",\"type\":\"DatetimeAxis\"},{\"id\":\"1058\",\"type\":\"Title\"}],\"center\":[{\"id\":\"1056\",\"type\":\"Grid\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1064\",\"type\":\"GlyphRenderer\"},{\"id\":\"1069\",\"type\":\"GlyphRenderer\"},{\"id\":\"1074\",\"type\":\"GlyphRenderer\"},{\"id\":\"1079\",\"type\":\"GlyphRenderer\"},{\"id\":\"1084\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"1042\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"1057\",\"type\":\"Toolbar\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1044\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"1048\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"1046\",\"type\":\"DataRange1d\"},\"y_scale\":{\"id\":\"1050\",\"type\":\"LinearScale\"}},\"id\":\"1041\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1133\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1128\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1094\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1094\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1095\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"1097\",\"type\":\"CDSView\"}},\"id\":\"1096\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1007\",\"type\":\"HoverTool\"},{\"id\":\"1029\",\"type\":\"WheelZoomTool\"},{\"id\":\"1030\",\"type\":\"BoxZoomTool\"},{\"id\":\"1031\",\"type\":\"ResetTool\"},{\"id\":\"1032\",\"type\":\"SaveTool\"},{\"id\":\"1033\",\"type\":\"PanTool\"}]},\"id\":\"1034\",\"type\":\"Toolbar\"},{\"attributes\":{\"callback\":null,\"data\":{\"Computer\":[\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\"],\"LogonStatus\":[\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\",\"failed\"],\"LogonType\":[3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3],\"TimeGenerated\":{\"__ndarray__\":\"AFCRptLhdkIAkHbq2+F2QgBw7W7J4XZCAPAqYLbhdkIAwCCTrOF2QgDwGRPA4XZCABB1zaLhdkIA8IoZmeF2QgDwVD984XZCAHCdIXLhdkIAgMF8j+F2QgBA4+Bn4XZCAPBU7oXhdkIAUL7WR+F2QgAQXk894XZCAPAVa13hdkIA4GjEJ+F2QgBAiacy4XZCAMCwgFLhdkIA0EINHOF2QgCAH4UQ4XZCAMDbVwXhdkIAIAjO5OB2QgDQrlr64HZCADCxIbjgdkIAwB1sw+B2QgAQK5us4HZCAOCVvs7gdkIAEFeKoOB2QgBQ3YPv4HZCADAH69ngdkIAoLCvlOB2QgAQdu2I4HZCABAghVXgdkIAoODyYuB2QgBQTKx84HZCAMBgm2/gdkIAEPK8R+B2Qg==\",\"dtype\":\"float64\",\"shape\":[38]},\"index\":[0,1,2,3,5,6,7,9,10,11,12,15,16,17,18,19,20,22,23,24,25,26,27,28,29,30,32,33,34,35,39,40,42,43,44,45,46,47],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2]},\"selected\":{\"id\":\"1136\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"1135\",\"type\":\"UnionRenderers\"}},\"id\":\"1004\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1115\",\"type\":\"Diamond\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1161\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1003\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1099\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1100\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"1102\",\"type\":\"CDSView\"}},\"id\":\"1101\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1160\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1017\",\"type\":\"LinearScale\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1141\",\"type\":\"AdaptiveTicker\"},{\"id\":\"1142\",\"type\":\"AdaptiveTicker\"},{\"id\":\"1143\",\"type\":\"AdaptiveTicker\"},{\"id\":\"1144\",\"type\":\"DaysTicker\"},{\"id\":\"1145\",\"type\":\"DaysTicker\"},{\"id\":\"1146\",\"type\":\"DaysTicker\"},{\"id\":\"1147\",\"type\":\"DaysTicker\"},{\"id\":\"1148\",\"type\":\"MonthsTicker\"},{\"id\":\"1149\",\"type\":\"MonthsTicker\"},{\"id\":\"1150\",\"type\":\"MonthsTicker\"},{\"id\":\"1151\",\"type\":\"MonthsTicker\"},{\"id\":\"1152\",\"type\":\"YearsTicker\"}]},\"id\":\"1020\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1131\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1165\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#29788E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#29788E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1104\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1091\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"1020\",\"type\":\"DatetimeTicker\"}},\"id\":\"1023\",\"type\":\"Grid\"},{\"attributes\":{\"source\":{\"id\":\"1003\",\"type\":\"ColumnDataSource\"}},\"id\":\"1102\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null},\"id\":\"1046\",\"type\":\"DataRange1d\"},{\"attributes\":{\"fill_color\":{\"value\":\"#79D151\"},\"line_color\":{\"value\":\"#79D151\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1082\",\"type\":\"Circle\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1156\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1105\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1157\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1139\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1100\",\"type\":\"Diamond\"},{\"attributes\":{\"formatter\":{\"id\":\"1059\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"1053\",\"type\":\"DatetimeTicker\"}},\"id\":\"1052\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"callback\":null,\"end\":1572520635968.6,\"start\":1571969681481.4001},\"id\":\"1044\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1097\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1042\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1158\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1132\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#404387\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#404387\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1099\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#22A784\"},\"line_color\":{\"value\":\"#22A784\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1077\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1110\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"BasicTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#79D151\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#79D151\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1114\",\"type\":\"Diamond\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1163\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#22A784\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#22A784\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1109\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"185.107.45.130\"},\"renderers\":[{\"id\":\"1101\",\"type\":\"GlyphRenderer\"}]},\"id\":\"1120\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1164\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1128\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"1025\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1024\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1031\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#29788E\"},\"line_color\":{\"value\":\"#29788E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1072\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"1006\",\"type\":\"ColumnDataSource\"}},\"id\":\"1117\",\"type\":\"CDSView\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"1119\",\"type\":\"LegendItem\"},{\"id\":\"1120\",\"type\":\"LegendItem\"},{\"id\":\"1121\",\"type\":\"LegendItem\"},{\"id\":\"1122\",\"type\":\"LegendItem\"},{\"id\":\"1123\",\"type\":\"LegendItem\"}],\"label_text_font_size\":{\"value\":\"8pt\"},\"location\":\"center\"},\"id\":\"1118\",\"type\":\"Legend\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"1087\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data_source\":{\"id\":\"1005\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1109\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1110\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"1112\",\"type\":\"CDSView\"}},\"id\":\"1111\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1086\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1086\",\"type\":\"RangeTool\"}]},\"id\":\"1057\",\"type\":\"Toolbar\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"LogonType\",\"@LogonType\"],[\"Computer\",\"@Computer\"],[\"LogonStatus\",\"@LogonStatus\"]]},\"id\":\"1007\",\"type\":\"HoverTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1006\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1114\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1115\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"1117\",\"type\":\"CDSView\"}},\"id\":\"1116\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"1004\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1072\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1073\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"1075\",\"type\":\"CDSView\"}},\"id\":\"1074\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"185.81.128.116\"},\"renderers\":[{\"id\":\"1106\",\"type\":\"GlyphRenderer\"}]},\"id\":\"1121\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1063\",\"type\":\"Circle\"},{\"attributes\":{\"overlay\":{\"id\":\"1153\",\"type\":\"BoxAnnotation\"}},\"id\":\"1030\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"1004\",\"type\":\"ColumnDataSource\"}},\"id\":\"1075\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"1005\",\"type\":\"ColumnDataSource\"}},\"id\":\"1080\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1135\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1162\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1032\",\"type\":\"SaveTool\"},{\"attributes\":{\"label\":{\"value\":\"173.249.58.228\"},\"renderers\":[{\"id\":\"1096\",\"type\":\"GlyphRenderer\"}]},\"id\":\"1119\",\"type\":\"LegendItem\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"1025\",\"type\":\"BasicTicker\"}},\"id\":\"1028\",\"type\":\"Grid\"},{\"attributes\":{\"source\":{\"id\":\"1005\",\"type\":\"ColumnDataSource\"}},\"id\":\"1112\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"1006\",\"type\":\"ColumnDataSource\"}},\"id\":\"1085\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"1004\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1104\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1105\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"1107\",\"type\":\"CDSView\"}},\"id\":\"1106\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1068\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1134\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"212.92.106.156\"},\"renderers\":[{\"id\":\"1111\",\"type\":\"GlyphRenderer\"}]},\"id\":\"1122\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1073\",\"type\":\"Circle\"},{\"attributes\":{\"overlay\":{\"id\":\"1087\",\"type\":\"BoxAnnotation\"},\"x_range\":{\"id\":\"1011\",\"type\":\"Range1d\"},\"y_range\":null},\"id\":\"1086\",\"type\":\"RangeTool\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1155\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1048\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"1005\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1077\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1078\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"1080\",\"type\":\"CDSView\"}},\"id\":\"1079\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"ticker\":{\"id\":\"1053\",\"type\":\"DatetimeTicker\"}},\"id\":\"1056\",\"type\":\"Grid\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1033\",\"type\":\"PanTool\"},{\"attributes\":{\"source\":{\"id\":\"1004\",\"type\":\"ColumnDataSource\"}},\"id\":\"1107\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"1003\",\"type\":\"ColumnDataSource\"}},\"id\":\"1070\",\"type\":\"CDSView\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1091\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"1020\",\"type\":\"DatetimeTicker\"}},\"id\":\"1019\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"data_source\":{\"id\":\"1003\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1067\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1068\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"1070\",\"type\":\"CDSView\"}},\"id\":\"1069\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1078\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1159\",\"type\":\"DaysTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1029\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1136\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1015\",\"type\":\"LinearScale\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1143\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1154\",\"type\":\"AdaptiveTicker\"},{\"id\":\"1155\",\"type\":\"AdaptiveTicker\"},{\"id\":\"1156\",\"type\":\"AdaptiveTicker\"},{\"id\":\"1157\",\"type\":\"DaysTicker\"},{\"id\":\"1158\",\"type\":\"DaysTicker\"},{\"id\":\"1159\",\"type\":\"DaysTicker\"},{\"id\":\"1160\",\"type\":\"DaysTicker\"},{\"id\":\"1161\",\"type\":\"MonthsTicker\"},{\"id\":\"1162\",\"type\":\"MonthsTicker\"},{\"id\":\"1163\",\"type\":\"MonthsTicker\"},{\"id\":\"1164\",\"type\":\"MonthsTicker\"},{\"id\":\"1165\",\"type\":\"YearsTicker\"}]},\"id\":\"1053\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1062\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1063\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"1065\",\"type\":\"CDSView\"}},\"id\":\"1064\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1144\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"Computer\":[\"WebServer-1\"],\"LogonStatus\":[\"failed\"],\"LogonType\":[3],\"TimeGenerated\":{\"__ndarray__\":\"AKDzVL/hdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[8],\"y_index\":[0]},\"selected\":{\"id\":\"1132\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"1131\",\"type\":\"UnionRenderers\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1145\",\"type\":\"DaysTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1154\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"Computer\":[\"WebServer-1\",\"WebServer-1\",\"WebServer-1\"],\"LogonStatus\":[\"failed\",\"failed\",\"failed\"],\"LogonType\":[3,3,3],\"TimeGenerated\":{\"__ndarray__\":\"ADACW4zgdkIAwHWvjOB2QgCwsASN4HZC\",\"dtype\":\"float64\",\"shape\":[3]},\"index\":[36,37,38],\"y_index\":[4,4,4]},\"selected\":{\"id\":\"1140\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"1139\",\"type\":\"UnionRenderers\"}},\"id\":\"1006\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"end\":4.2,\"start\":-0.2},\"id\":\"1013\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1065\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1149\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Timeline: Logons\"},\"id\":\"1009\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1148\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1058\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"data\":{\"Computer\":[\"WebServer-1\"],\"LogonStatus\":[\"failed\"],\"LogonType\":[3],\"TimeGenerated\":{\"__ndarray__\":\"AIBMNNrgdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[41],\"y_index\":[3]},\"selected\":{\"id\":\"1138\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"1137\",\"type\":\"UnionRenderers\"}},\"id\":\"1005\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1152\",\"type\":\"YearsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1151\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1153\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"callback\":null,\"data\":{\"Computer\":[\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\",\"WebServer-1\"],\"LogonStatus\":[\"failed\",\"failed\",\"failed\",\"failed\",\"failed\"],\"LogonType\":[3,3,3,3,3],\"TimeGenerated\":{\"__ndarray__\":\"AMBrPK7hdkIAMGROguF2QgDQx7xV4XZCALDYfCjhdkIAwG5ayuB2Qg==\",\"dtype\":\"float64\",\"shape\":[5]},\"index\":[4,13,14,21,31],\"y_index\":[1,1,1,1,1]},\"selected\":{\"id\":\"1134\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"1133\",\"type\":\"UnionRenderers\"}},\"id\":\"1003\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1062\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1147\",\"type\":\"DaysTicker\"},{\"attributes\":{\"label\":{\"value\":\"63.150.106.131\"},\"renderers\":[{\"id\":\"1116\",\"type\":\"GlyphRenderer\"}]},\"id\":\"1123\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"1138\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1050\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1146\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#404387\"},\"line_color\":{\"value\":\"#404387\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1067\",\"type\":\"Circle\"},{\"attributes\":{\"below\":[{\"id\":\"1019\",\"type\":\"DatetimeAxis\"}],\"center\":[{\"id\":\"1023\",\"type\":\"Grid\"},{\"id\":\"1028\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"1024\",\"type\":\"LinearAxis\"},{\"id\":\"1118\",\"type\":\"Legend\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"1096\",\"type\":\"GlyphRenderer\"},{\"id\":\"1101\",\"type\":\"GlyphRenderer\"},{\"id\":\"1106\",\"type\":\"GlyphRenderer\"},{\"id\":\"1111\",\"type\":\"GlyphRenderer\"},{\"id\":\"1116\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"1009\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"1034\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"1011\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"1015\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"1013\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"1017\",\"type\":\"LinearScale\"}},\"id\":\"1008\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1059\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1140\",\"type\":\"Selection\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1142\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1141\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1150\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1137\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"end\":1572499445411.4,\"start\":1571990872038.5999},\"id\":\"1011\",\"type\":\"Range1d\"}],\"root_ids\":[\"1124\"]},\"title\":\"Bokeh Application\",\"version\":\"1.3.4\"}};\n",
       "  var render_items = [{\"docid\":\"c7306f57-7ca0-44d2-8a0a-518ba2030319\",\"roots\":{\"1124\":\"5454ce70-3a84-46fa-8eab-abf65ff46e94\"}}];\n",
       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
       "\n",
       "  }\n",
       "  if (root.Bokeh !== undefined) {\n",
       "    embed_document(root);\n",
       "  } else {\n",
       "    var attempts = 0;\n",
       "    var timer = setInterval(function(root) {\n",
       "      if (root.Bokeh !== undefined) {\n",
       "        embed_document(root);\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "      attempts++;\n",
       "      if (attempts > 100) {\n",
       "        console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "    }, 10, root)\n",
       "  }\n",
       "})(window);"
      ],
      "application/vnd.bokehjs_exec.v0+json": ""
     },
     "metadata": {
      "application/vnd.bokehjs_exec.v0+json": {
       "id": "1124"
      }
     },
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1008', <span id=\"1430\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;{'value': 1.0},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;{'value': '#ffffff'},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[DatetimeAxis(id='1019', ...)],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;{'value': 1.0},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;{'value': '#ffffff'},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1023', ...), Grid(id='1028', ...)],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='1024', ...), Legend(id='1118', ...)],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;50,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;{'value': 1.0},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;{'value': '#e5e5e5'},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;{'value': 1},</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">plot_height&nbsp;=&nbsp;300,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">plot_width&nbsp;=&nbsp;900,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='1096', ...), GlyphRenderer(id='1101', ...), GlyphRenderer(id='1106', ...), GlyphRenderer(id='1111', ...), GlyphRenderer(id='1116', ...)],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1009', ...),</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1034', ...),</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='1011', ...),</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='1015', ...),</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='1013', ...),</div></div><div class=\"1429\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='1017', ...))</div></div></div>\n",
       "<script>\n",
       "(function() {\n",
       "  var expanded = false;\n",
       "  var ellipsis = document.getElementById(\"1430\");\n",
       "  ellipsis.addEventListener(\"click\", function() {\n",
       "    var rows = document.getElementsByClassName(\"1429\");\n",
       "    for (var i = 0; i < rows.length; i++) {\n",
       "      var el = rows[i];\n",
       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
       "    }\n",
       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
       "    expanded = !expanded;\n",
       "  });\n",
       "})();\n",
       "</script>\n"
      ],
      "text/plain": [
       "Figure(id='1008', ...)"
      ]
     },
     "execution_count": 20,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "logon_summary = (all_win_logons\n",
    " .groupby(\"Computer\")\n",
    " .agg(\n",
    "     TotalLogons=pd.NamedAgg(column=\"EventID\", aggfunc=\"count\"),\n",
    "     LogonResult=pd.NamedAgg(column=\"LogonStatus\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     IPAddresses=pd.NamedAgg(column=\"IpAddress\", aggfunc=lambda x: x.unique().tolist()),\n",
    "     LogonTypeCount=pd.NamedAgg(column=\"LogonType\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     FirstLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"min\"),\n",
    "     LastLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"max\"),\n",
    "  )\n",
    ")\n",
    "\n",
    "display(logon_summary)\n",
    "nbdisplay.display_timeline(data=all_win_logons,\n",
    "                           group_by=\"IpAddress\",\n",
    "                           source_columns=[\"Computer\", \"LogonStatus\", \"LogonType\"],\n",
    "                           title=\"Logons\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Threat Intelligence for logon IP Addresses\n",
    "<details>\n",
    "    <summary>TI Configuration</summary>\n",
    "If you have not used msticpy threat intelligence lookups before you will need to supply API keys for the \n",
    "TI Providers that you want to use. Please see the section on configuring [msticpyconfig.yaml](#msticpyconfig.yaml-configuration-File)\n",
    "\n",
    "Then reload provider settings:\n",
    "```\n",
    "mylookup = TILookup()\n",
    "mylookup.reload_provider_settings()\n",
    "```\n",
    "</details>"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 53,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:15:49.867732Z",
     "start_time": "2019-10-30T19:15:24.802584Z"
    },
    "scrolled": true
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold;color: red;font-size: 130%'>10 threat intelligence hits have been matched on one or more source IP addresses.</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold;color: red'> You should investigate these hosts using the 'Entity Explorer - Windows Host' notebook</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style=''>Logon details for TI matches are in the `all_win_logons_ti` DataFrame</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "<div>\n",
       "<style scoped>\n",
       "    .dataframe tbody tr th:only-of-type {\n",
       "        vertical-align: middle;\n",
       "    }\n",
       "\n",
       "    .dataframe tbody tr th {\n",
       "        vertical-align: top;\n",
       "    }\n",
       "\n",
       "    .dataframe thead th {\n",
       "        text-align: right;\n",
       "    }\n",
       "</style>\n",
       "<table border=\"1\" class=\"dataframe\">\n",
       "  <thead>\n",
       "    <tr style=\"text-align: right;\">\n",
       "      <th></th>\n",
       "      <th>Ioc</th>\n",
       "      <th>IocType</th>\n",
       "      <th>QuerySubtype</th>\n",
       "      <th>Provider</th>\n",
       "      <th>Result</th>\n",
       "      <th>Severity</th>\n",
       "      <th>Details</th>\n",
       "      <th>RawResult</th>\n",
       "      <th>Reference</th>\n",
       "      <th>Status</th>\n",
       "    </tr>\n",
       "  </thead>\n",
       "  <tbody>\n",
       "    <tr>\n",
       "      <td>0</td>\n",
       "      <td>185.81.128.116</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 4, 'names': ['RDP Attackers - August 2019 - A', 'Scan port 3389 RDP (S3#)', 'Sca...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.81.128.116/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>1</td>\n",
       "      <td>185.107.45.130</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 3, 'names': ['RDP Attackers - October 2019 - C', 'Shunlist IPs - 2018-03-18', 'R...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.107.45.130/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>2</td>\n",
       "      <td>173.249.58.228</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 8, 'names': ['RDP Attackers - October 2019 - B', 'RDP Attackers - September 2019...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/173.249.58.228/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>3</td>\n",
       "      <td>63.150.106.131</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 2, 'names': ['Shunlist IPs - 2018-01-21', 'RiskDiscovery HoneyDB sensors feeds -...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/63.150.106.131/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>4</td>\n",
       "      <td>212.92.106.156</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 8, 'names': ['RDP Attackers - October 2019 - C', 'RDP Attackers - October 2019 -...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/212.92.106.156/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>0</td>\n",
       "      <td>185.81.128.116</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Firewall deny log analysis', 're...</td>\n",
       "      <td>{'ip': '185.81.128.116', 'history': [{'created': '2014-12-17T07:27:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.81.128.116</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>1</td>\n",
       "      <td>185.107.45.130</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 10, 'cats': {'Spam': 100, 'Dynamic IPs': 71}, 'categoryDescriptions': {'Spam': 'This c...</td>\n",
       "      <td>{'ip': '185.107.45.130', 'history': [{'created': '2015-07-04T06:21:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.107.45.130</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>2</td>\n",
       "      <td>173.249.58.228</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '173.249.58.228', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/173.249.58.228</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>3</td>\n",
       "      <td>63.150.106.131</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '63.150.106.131', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/63.150.106.131</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>4</td>\n",
       "      <td>212.92.106.156</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 10, 'cats': {'Spam': 100}, 'categoryDescriptions': {'Spam': 'This category lists IP ad...</td>\n",
       "      <td>{'ip': '212.92.106.156', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/212.92.106.156</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "  </tbody>\n",
       "</table>\n",
       "</div>"
      ],
      "text/plain": [
       "              Ioc IocType QuerySubtype Provider  Result  Severity  \\\n",
       "0  185.81.128.116    ipv4         None      OTX    True         2   \n",
       "1  185.107.45.130    ipv4         None      OTX    True         2   \n",
       "2  173.249.58.228    ipv4         None      OTX    True         2   \n",
       "3  63.150.106.131    ipv4         None      OTX    True         2   \n",
       "4  212.92.106.156    ipv4         None      OTX    True         2   \n",
       "0  185.81.128.116    ipv4         None   XForce    True         1   \n",
       "1  185.107.45.130    ipv4         None   XForce    True         2   \n",
       "2  173.249.58.228    ipv4         None   XForce    True         1   \n",
       "3  63.150.106.131    ipv4         None   XForce    True         1   \n",
       "4  212.92.106.156    ipv4         None   XForce    True         2   \n",
       "\n",
       "                                                                                               Details  \\\n",
       "0  {'pulse_count': 4, 'names': ['RDP Attackers - August 2019 - A', 'Scan port 3389 RDP (S3#)', 'Sca...   \n",
       "1  {'pulse_count': 3, 'names': ['RDP Attackers - October 2019 - C', 'Shunlist IPs - 2018-03-18', 'R...   \n",
       "2  {'pulse_count': 8, 'names': ['RDP Attackers - October 2019 - B', 'RDP Attackers - September 2019...   \n",
       "3  {'pulse_count': 2, 'names': ['Shunlist IPs - 2018-01-21', 'RiskDiscovery HoneyDB sensors feeds -...   \n",
       "4  {'pulse_count': 8, 'names': ['RDP Attackers - October 2019 - C', 'RDP Attackers - October 2019 -...   \n",
       "0  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Firewall deny log analysis', 're...   \n",
       "1  {'score': 10, 'cats': {'Spam': 100, 'Dynamic IPs': 71}, 'categoryDescriptions': {'Spam': 'This c...   \n",
       "2  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "3  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "4  {'score': 10, 'cats': {'Spam': 100}, 'categoryDescriptions': {'Spam': 'This category lists IP ad...   \n",
       "\n",
       "                                                                                             RawResult  \\\n",
       "0  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "1  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "2  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "3  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "4  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "0  {'ip': '185.81.128.116', 'history': [{'created': '2014-12-17T07:27:00.000Z', 'reason': 'Regional...   \n",
       "1  {'ip': '185.107.45.130', 'history': [{'created': '2015-07-04T06:21:00.000Z', 'reason': 'Regional...   \n",
       "2  {'ip': '173.249.58.228', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "3  {'ip': '63.150.106.131', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "4  {'ip': '212.92.106.156', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "\n",
       "                                                                  Reference  \\\n",
       "0  https://otx.alienvault.com/api/v1/indicators/IPv4/185.81.128.116/general   \n",
       "1  https://otx.alienvault.com/api/v1/indicators/IPv4/185.107.45.130/general   \n",
       "2  https://otx.alienvault.com/api/v1/indicators/IPv4/173.249.58.228/general   \n",
       "3  https://otx.alienvault.com/api/v1/indicators/IPv4/63.150.106.131/general   \n",
       "4  https://otx.alienvault.com/api/v1/indicators/IPv4/212.92.106.156/general   \n",
       "0                        https://api.xforce.ibmcloud.com/ipr/185.81.128.116   \n",
       "1                        https://api.xforce.ibmcloud.com/ipr/185.107.45.130   \n",
       "2                        https://api.xforce.ibmcloud.com/ipr/173.249.58.228   \n",
       "3                        https://api.xforce.ibmcloud.com/ipr/63.150.106.131   \n",
       "4                        https://api.xforce.ibmcloud.com/ipr/212.92.106.156   \n",
       "\n",
       "   Status  \n",
       "0       0  \n",
       "1       0  \n",
       "2       0  \n",
       "3       0  \n",
       "4       0  \n",
       "0       0  \n",
       "1       0  \n",
       "2       0  \n",
       "3       0  \n",
       "4       0  "
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "ti_results, all_win_logons_ti, src_ip_addrs_win = check_ip_ti(df=all_win_logons, ip_col=\"IpAddress\")\n",
    "if not ti_results.empty:\n",
    "    md(f\"{len(ti_results)} threat intelligence hits have been \"\n",
    "       + \"matched on one or more source IP addresses.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these hosts using \"\n",
    "       + \"the 'Entity Explorer - Windows Host' notebook\", \"bold, red\" )\n",
    "    md(\"Logon details for TI matches are in the `all_win_logons_ti` DataFrame\")\n",
    "    display(ti_results)\n",
    "else:\n",
    "    md(\"No additional items found for logged on hosts\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Geolocation and ownership for source logon IP addresses"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 54,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:16:22.729410Z",
     "start_time": "2019-10-30T19:16:03.246559Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold'>Geolocations and ASN Owner for account logon source IP addresses. Information only</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "<div>\n",
       "<style scoped>\n",
       "    .dataframe tbody tr th:only-of-type {\n",
       "        vertical-align: middle;\n",
       "    }\n",
       "\n",
       "    .dataframe tbody tr th {\n",
       "        vertical-align: top;\n",
       "    }\n",
       "\n",
       "    .dataframe thead th {\n",
       "        text-align: right;\n",
       "    }\n",
       "</style>\n",
       "<table border=\"1\" class=\"dataframe\">\n",
       "  <thead>\n",
       "    <tr style=\"text-align: right;\">\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th>TotalLogons</th>\n",
       "      <th>LogonResult</th>\n",
       "      <th>LogonTypeCount</th>\n",
       "      <th>FirstLogon</th>\n",
       "      <th>LastLogon</th>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <th>Computer</th>\n",
       "      <th>IpAddress</th>\n",
       "      <th>CountryCode</th>\n",
       "      <th>CountryName</th>\n",
       "      <th>City</th>\n",
       "      <th>ASNDesc</th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "    </tr>\n",
       "  </thead>\n",
       "  <tbody>\n",
       "    <tr>\n",
       "      <td rowspan=\"2\" valign=\"top\">WebServer-1</td>\n",
       "      <td>173.249.58.228</td>\n",
       "      <td>DE</td>\n",
       "      <td>Germany</td>\n",
       "      <td>Nuremberg</td>\n",
       "      <td>CONTABO, DE</td>\n",
       "      <td>1</td>\n",
       "      <td>{'failed': 1}</td>\n",
       "      <td>{3: 1}</td>\n",
       "      <td>2019-10-30 09:18:11.770</td>\n",
       "      <td>2019-10-30 09:18:11.770</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.107.45.130</td>\n",
       "      <td>NL</td>\n",
       "      <td>Netherlands</td>\n",
       "      <td>Oss</td>\n",
       "      <td>NFORCE, NL</td>\n",
       "      <td>1</td>\n",
       "      <td>{'failed': 1}</td>\n",
       "      <td>{3: 1}</td>\n",
       "      <td>2019-10-30 04:19:25.500</td>\n",
       "      <td>2019-10-30 04:19:25.500</td>\n",
       "    </tr>\n",
       "  </tbody>\n",
       "</table>\n",
       "</div>"
      ],
      "text/plain": [
       "                                                                          TotalLogons  \\\n",
       "Computer    IpAddress      CountryCode CountryName City      ASNDesc                    \n",
       "WebServer-1 173.249.58.228 DE          Germany     Nuremberg CONTABO, DE            1   \n",
       "            185.107.45.130 NL          Netherlands Oss       NFORCE, NL             1   \n",
       "\n",
       "                                                                            LogonResult  \\\n",
       "Computer    IpAddress      CountryCode CountryName City      ASNDesc                      \n",
       "WebServer-1 173.249.58.228 DE          Germany     Nuremberg CONTABO, DE  {'failed': 1}   \n",
       "            185.107.45.130 NL          Netherlands Oss       NFORCE, NL   {'failed': 1}   \n",
       "\n",
       "                                                                         LogonTypeCount  \\\n",
       "Computer    IpAddress      CountryCode CountryName City      ASNDesc                      \n",
       "WebServer-1 173.249.58.228 DE          Germany     Nuremberg CONTABO, DE         {3: 1}   \n",
       "            185.107.45.130 NL          Netherlands Oss       NFORCE, NL          {3: 1}   \n",
       "\n",
       "                                                                                      FirstLogon  \\\n",
       "Computer    IpAddress      CountryCode CountryName City      ASNDesc                               \n",
       "WebServer-1 173.249.58.228 DE          Germany     Nuremberg CONTABO, DE 2019-10-30 09:18:11.770   \n",
       "            185.107.45.130 NL          Netherlands Oss       NFORCE, NL  2019-10-30 04:19:25.500   \n",
       "\n",
       "                                                                                       LastLogon  \n",
       "Computer    IpAddress      CountryCode CountryName City      ASNDesc                              \n",
       "WebServer-1 173.249.58.228 DE          Germany     Nuremberg CONTABO, DE 2019-10-30 09:18:11.770  \n",
       "            185.107.45.130 NL          Netherlands Oss       NFORCE, NL  2019-10-30 04:19:25.500  "
      ]
     },
     "execution_count": 54,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "all_win_logons_geo = check_geo_whois(src_ip_addrs_win, all_win_logons, \"IpAddress\")\n",
    "md(\"Geolocations and ASN Owner for account logon source IP addresses. Information only\", \"bold\")\n",
    "\n",
    "(all_win_logons_geo[~all_win_logons_geo[\"CountryName\"].isna()]\n",
    " .groupby([\"Computer\", \"IpAddress\", \"CountryCode\",\"CountryName\", \"City\", \"ASNDesc\"])\n",
    " .agg(\n",
    "     TotalLogons=pd.NamedAgg(column=\"EventID\", aggfunc=\"count\"),\n",
    "     LogonResult=pd.NamedAgg(column=\"LogonStatus\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     LogonTypeCount=pd.NamedAgg(column=\"LogonType\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     FirstLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"min\"),\n",
    "     LastLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"max\"),\n",
    "  )\n",
    ")\n"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Additional Alerts for logged-on hosts"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 23,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T18:59:39.221208Z",
     "start_time": "2019-10-30T18:59:37.439830Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style=''>No additional alerts found</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "related_host_alerts = []\n",
    "for host in all_win_logons[\"Computer\"].unique():\n",
    "    host_alerts = qry_prov.SecurityAlert.list_related_alerts(\n",
    "        start=acct_query_params()[\"start\"],\n",
    "        end=acct_query_params()[\"end\"],\n",
    "        host_name=host\n",
    "    )\n",
    "    related_host_alerts.append(host_alerts)\n",
    "    \n",
    "related_host_alerts_df = pd.concat(related_host_alerts)\n",
    "\n",
    "# Show host alerts that were not in the Account alerts list\n",
    "related_host_alerts_df = related_host_alerts_df[~related_host_alerts_df[\"SystemAlertId\"]\n",
    "                                                .isin(related_alerts[\"SystemAlertId\"])]\n",
    "if not related_host_alerts_df.empty:\n",
    "    md(f\"{len(related_host_alerts_df)} additional alerts have been \"\n",
    "       + \"triggered on one or more hosts.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these hosts using \"\n",
    "       + \"the 'Entity Explorer - Windows Host' notebook\", \"bold, red\" )\n",
    "    display(related_host_alerts_df)\n",
    "else:\n",
    "    md(\"No additional alerts found\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "#### Additional alerts for source IP addresses\n",
    "We can also search for alerts that contain the IP addresses that were the origin of logons to the host."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 24,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:00:08.147249Z",
     "start_time": "2019-10-30T19:00:07.109628Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style=''>No additional alerts found.</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "ip_list = \",\".join(list(all_win_logons[\"IpAddress\"].unique()))\n",
    "related_ip_alerts_df = qry_prov.SecurityAlert.list_alerts_for_ip(\n",
    "    start=acct_query_params()[\"start\"],\n",
    "    end=acct_query_params()[\"end\"],\n",
    "    source_ip_list=ip_list\n",
    ")\n",
    "# remove Account and host alerts already seen\n",
    "related_ip_alerts_df = related_ip_alerts_df[~related_ip_alerts_df[\"SystemAlertId\"]\n",
    "                                            .isin(related_alerts[\"SystemAlertId\"])]\n",
    "related_ip_alerts_df = related_ip_alerts_df[~related_ip_alerts_df[\"SystemAlertId\"]\n",
    "                                            .isin(related_host_alerts_df[\"SystemAlertId\"])]\n",
    "if not related_ip_alerts_df.empty:\n",
    "    md(f\"{len(related_ip_alerts_df)} additional alerts have been \"\n",
    "       + \"triggered from one or more source IPs.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these IPs using \"\n",
    "       + \"the 'Entity Explorer - IP Address' notebook\", \"bold, red\" )\n",
    "    display(related_ip_alerts_df)\n",
    "else:\n",
    "    md(\"No additional alerts found.\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Additional Investigation Bookmarks for logged-on hosts"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 25,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:00:12.305509Z",
     "start_time": "2019-10-30T19:00:11.427623Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style=''>No additional items found for logged on hosts</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "related_host_bkmks = []\n",
    "for host in all_win_logons[\"Computer\"].unique():\n",
    "    host_bkmks = qry_prov.AzureSentinel.list_bookmarks_for_entity(\n",
    "        start=acct_query_params()[\"start\"],\n",
    "        end=acct_query_params()[\"end\"],\n",
    "        entity_id=f\"'{host}'\"\n",
    "    )\n",
    "    related_host_bkmks.append(host_bkmks)\n",
    "    \n",
    "related_host_bkmks_df = pd.concat(related_host_bkmks)\n",
    "\n",
    "# Show host bookmarks that were not in the Account bookmarks list\n",
    "related_host_bkmks_df = related_host_bkmks_df[~related_host_bkmks_df[\"BookmarkId\"]\n",
    "                                              .isin(related_bkmark_df[\"BookmarkId\"])]\n",
    "if not related_host_bkmks_df.empty:\n",
    "    md(f\"{len(related_host_bkmks_df)} additional investigation bookmarks have been \"\n",
    "       + \"found for one or more hosts.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these hosts using \"\n",
    "       + \"the 'Entity Explorer - Windows Host' notebook\", \"bold, red\" )\n",
    "    display(related_host_bkmks_df)\n",
    "else:\n",
    "    md(\"No additional items found for logged on hosts\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Linux Host\n",
    "For Linux accounts we look for the following types of data:\n",
    "- Logon Summary\n",
    "- Threat Intelligence reports for logon source IP Address(es)\n",
    "- Geo location and Whois lookup for logon source IP Address(es)\n",
    "- Additional alerts for the hosts where the account had logged on\n",
    "- Additional bookmarks for the hosts where the account had logged on\n"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-17T01:12:09.414523Z",
     "start_time": "2019-10-17T01:12:06.50592Z"
    }
   },
   "outputs": [],
   "source": [
    "all_lx_logons = (qry_prov.LinuxSyslog\n",
    "                 .list_logons_for_account(**acct_query_params()))"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Host Logon Summary"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-18T00:37:26.703212Z",
     "start_time": "2019-10-18T00:37:26.610352Z"
    }
   },
   "outputs": [],
   "source": [
    "logon_summary = (all_lx_logons\n",
    " .groupby(\"Computer\")\n",
    " .agg(\n",
    "     TotalLogons=pd.NamedAgg(column=\"Computer\", aggfunc=\"count\"),\n",
    "     FailedLogons=pd.NamedAgg(column=\"LogonResult\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     IPAddresses=pd.NamedAgg(column=\"SourceIP\", aggfunc=lambda x: x.unique().tolist()),\n",
    "     LogonTypeCount=pd.NamedAgg(column=\"LogonType\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     FirstLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"min\"),\n",
    "     LastLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"max\"),\n",
    "  )\n",
    ")\n",
    "\n",
    "display(logon_summary)\n",
    "nbdisplay.display_timeline(data=all_lx_logons,\n",
    "                           group_by=\"SourceIP\",\n",
    "                           source_columns=[\"Computer\", \"LogonResult\", \"LogonType\"],\n",
    "                           title=\"Logons\");"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Threat Intelligence for logon IP Addresses\n",
    "<details>\n",
    "    <summary>TI Configuration</summary>\n",
    "If you have not used msticpy threat intelligence lookups before you will need to supply API keys for the \n",
    "TI Providers that you want to use. Please see the section on configuring [msticpyconfig.yaml](#msticpyconfig.yaml-configuration-File)\n",
    "\n",
    "Then reload provider settings:\n",
    "```\n",
    "mylookup = TILookup()\n",
    "mylookup.reload_provider_settings()\n",
    "```\n",
    "</details>"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-18T00:34:57.729768Z",
     "start_time": "2019-10-18T00:34:56.96394Z"
    },
    "scrolled": true
   },
   "outputs": [],
   "source": [
    "ti_results_lx, all_lx_logons_ti, src_ip_addrs_lx = check_ip_ti(df=all_lx_logons, ip_col=\"SourceIP\")\n",
    "\n",
    "if not ti_results_lx.empty:\n",
    "    md(f\"{len(ti_results_lx)} threat intelligence hits have been \"\n",
    "       + \"matched on one or more source IP addresses.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these hosts using \"\n",
    "       + \"the 'Entity Explorer - Linux Host' notebook\", \"bold, red\" )\n",
    "    display(ti_results_lx)\n",
    "else:\n",
    "    md(\"No additional items found for logged on hosts\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Geolocation and ownership for source logon IP addresses"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-18T00:36:38.966326Z",
     "start_time": "2019-10-18T00:36:38.921842Z"
    }
   },
   "outputs": [],
   "source": [
    "all_lx_logons_geo = check_geo_whois(src_ip_addrs_lx, all_lx_logons, \"SourceIP\")\n",
    "\n",
    "md(\"Geolocations and ASN Owner for account logon source IP addresses. Information only\", \"bold\")\n",
    "\n",
    "(all_lx_logons_geo[~all_lx_logons_geo[\"CountryName\"].isna()]\n",
    " .groupby([\"Computer\", \"SourceIP\", \"CountryCode\",\"CountryName\", \"City\", \"ASNDesc\"])\n",
    " .agg(\n",
    "     TotalLogons=pd.NamedAgg(column=\"SourceSystem\", aggfunc=\"count\"),\n",
    "     LogonResult=pd.NamedAgg(column=\"LogonResult\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     LogonTypeCount=pd.NamedAgg(column=\"LogonType\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     FirstLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"min\"),\n",
    "     LastLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"max\"),\n",
    "  )\n",
    ")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Additional Alerts for logged-on hosts"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-18T02:35:11.6751Z",
     "start_time": "2019-10-18T02:35:06.398572Z"
    }
   },
   "outputs": [],
   "source": [
    "related_host_alerts = []\n",
    "for host in all_lx_logons[\"Computer\"].unique():\n",
    "    host_alerts = qry_prov.SecurityAlert.list_related_alerts(\n",
    "        start=acct_query_params()[\"start\"],\n",
    "        end=acct_query_params()[\"end\"],\n",
    "        host_name=host\n",
    "    )\n",
    "    related_host_alerts.append(host_alerts)\n",
    "    \n",
    "related_host_alerts_df = pd.concat(related_host_alerts)\n",
    "\n",
    "# Show host alerts that were not in the Account alerts list\n",
    "related_host_alerts_df = related_host_alerts_df[~related_host_alerts_df[\"SystemAlertId\"]\n",
    "                                                .isin(related_alerts[\"SystemAlertId\"])]\n",
    "if not related_host_alerts_df.empty:\n",
    "    md(f\"{len(related_host_alerts_df)} additional alerts have been \"\n",
    "       + \"triggered on one or more hosts.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these hosts using \"\n",
    "       + \"the 'Entity Explorer - Linux Host' notebook\", \"bold, red\" )\n",
    "    display(related_host_alerts_df[['TenantId','TimeGenerated','AlertDisplayName','ConfidenceLevel','ConfidenceScore','Computer','ExtendedProperties','Entities']])\n",
    "else:\n",
    "    md(\"No additional items found for logged on hosts\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "#### Additional alerts for source IP addresses\n",
    "We can also search for alerts that contain the IP addresses that were the origin of logons to the host."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-18T02:38:57.430531Z",
     "start_time": "2019-10-18T02:38:51.274039Z"
    }
   },
   "outputs": [],
   "source": [
    "ip_list = \",\".join(list(all_lx_logons[\"SourceIP\"].unique()))\n",
    "related_ip_alerts_df = qry_prov.SecurityAlert.list_alerts_for_ip(\n",
    "    start=acct_query_params()[\"start\"],\n",
    "    end=acct_query_params()[\"end\"],\n",
    "    source_ip_list=ip_list\n",
    ")\n",
    "# remove Account and host alerts already seen\n",
    "related_ip_alerts_df = related_ip_alerts_df[~related_ip_alerts_df[\"SystemAlertId\"]\n",
    "                                            .isin(related_alerts[\"SystemAlertId\"])]\n",
    "related_ip_alerts_df = related_ip_alerts_df[~related_ip_alerts_df[\"SystemAlertId\"]\n",
    "                                            .isin(related_host_alerts_df[\"SystemAlertId\"])]\n",
    "if not related_ip_alerts_df.empty:\n",
    "    md(f\"{len(related_ip_alerts_df)} additional alerts have been \"\n",
    "       + \"triggered from one or more source IPs.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these IPs using \"\n",
    "       + \"the 'Entity Explorer - IP Address' notebook\", \"bold, red\" )\n",
    "    display(related_ip_alerts_df)\n",
    "else:\n",
    "    md(\"No additional alerts found.\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Additional Investigation Bookmarks for logged-on hosts"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-17T01:37:22.034764Z",
     "start_time": "2019-10-17T01:37:19.091489Z"
    }
   },
   "outputs": [],
   "source": [
    "related_host_bkmks = []\n",
    "for host in all_lx_logons[\"Computer\"].unique():\n",
    "    host_bkmks = qry_prov.AzureSentinel.list_bookmarks_for_entity(\n",
    "        start=acct_query_params()[\"start\"],\n",
    "        end=acct_query_params()[\"end\"],\n",
    "        entity_id=host\n",
    "    )\n",
    "    related_host_bkmks.append(host_bkmks)\n",
    "    \n",
    "related_host_bkmks_df = pd.concat(related_host_bkmks)\n",
    "\n",
    "# Show host bookmarks that were not in the Account bookmarks list\n",
    "related_host_bkmks_df = related_host_bkmks_df[~related_host_bkmks_df[\"BookmarkId\"]\n",
    "                                              .isin(related_bkmark_df[\"BookmarkId\"])]\n",
    "if not related_host_bkmks_df.empty:\n",
    "    md(f\"{len(related_host_bkmks_df)} additional investigation bookmarks have been \"\n",
    "       + \"found for one or more hosts.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these hosts using \"\n",
    "       + \"the 'Entity Explorer - Windows Host' notebook\", \"bold, red\" )\n",
    "    display(related_host_bkmks_df)\n",
    "else:\n",
    "    md(\"No additional items found for logged on hosts\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## AAD/Office Account\n",
    "For an Azure Active Directory account we look for the following data:\n",
    "- AAD Sign-on activity\n",
    "- Azure Activity\n",
    "- Office 365 operations\n",
    "- Threat intelligence reports for the client IP Address used in any of these activities\n",
    "- Geo location and Whois lookup for logon source IP Address(es)\n",
    "- Additional alerts for the logon source IP Address(es)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 46,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:14:01.006037Z",
     "start_time": "2019-10-30T19:13:55.233867Z"
    },
    "scrolled": true
   },
   "outputs": [],
   "source": [
    "# Fetch the data\n",
    "aad_sum_qry = \"\"\"\n",
    "| extend UserPrincipalName=tolower(UserPrincipalName)\n",
    "| project-rename Operation=OperationName, AppResourceProvider=AppDisplayName\"\"\"\n",
    "aad_signin_df = (qry_prov.Azure\n",
    "                 .list_aad_signins_for_account(**acct_query_params(),\n",
    "                                              add_query_items=aad_sum_qry)\n",
    "                )\n",
    "\n",
    "az_sum_qry = \"\"\"\n",
    "| extend UserPrincipalName=tolower(Caller)\n",
    "| project-rename IPAddress=CallerIpAddress, Operation=OperationName,\n",
    "  AppResourceProvider=ResourceProvider\"\"\"\n",
    "azure_activity_df = (qry_prov.Azure\n",
    "                     .list_azure_activity_for_account(**acct_query_params(),\n",
    "                                                      add_query_items=az_sum_qry)\n",
    "                    )\n",
    "\n",
    "o365_sum_qry = \"\"\"\n",
    "| extend UserPrincipalName=tolower(UserId)\n",
    "| project-rename IPAddress=ClientIP, ResourceId=OfficeObjectId,\n",
    "  AppResourceProvider=OfficeWorkload\"\"\"\n",
    "o365_activity_df = (qry_prov.Office365\n",
    "                    .list_activity_for_account(**acct_query_params(),\n",
    "                                               add_query_items=o365_sum_qry)\n",
    "                    )\n"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Azure/Office Summary"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 47,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:14:04.897961Z",
     "start_time": "2019-10-30T19:14:03.670582Z"
    },
    "scrolled": false
   },
   "outputs": [
    {
     "data": {
      "text/html": [
       "\n",
       "    <div class=\"bk-root\">\n",
       "        <a href=\"https://bokeh.pydata.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
       "        <span id=\"4748\">Loading BokehJS ...</span>\n",
       "    </div>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "\n",
       "(function(root) {\n",
       "  function now() {\n",
       "    return new Date();\n",
       "  }\n",
       "\n",
       "  var force = true;\n",
       "\n",
       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
       "    root._bokeh_onload_callbacks = [];\n",
       "    root._bokeh_is_loading = undefined;\n",
       "  }\n",
       "\n",
       "  var JS_MIME_TYPE = 'application/javascript';\n",
       "  var HTML_MIME_TYPE = 'text/html';\n",
       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
       "\n",
       "  /**\n",
       "   * Render data to the DOM node\n",
       "   */\n",
       "  function render(props, node) {\n",
       "    var script = document.createElement(\"script\");\n",
       "    node.appendChild(script);\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when an output is cleared or removed\n",
       "   */\n",
       "  function handleClearOutput(event, handle) {\n",
       "    var cell = handle.cell;\n",
       "\n",
       "    var id = cell.output_area._bokeh_element_id;\n",
       "    var server_id = cell.output_area._bokeh_server_id;\n",
       "    // Clean up Bokeh references\n",
       "    if (id != null && id in Bokeh.index) {\n",
       "      Bokeh.index[id].model.document.clear();\n",
       "      delete Bokeh.index[id];\n",
       "    }\n",
       "\n",
       "    if (server_id !== undefined) {\n",
       "      // Clean up Bokeh references\n",
       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
       "      cell.notebook.kernel.execute(cmd, {\n",
       "        iopub: {\n",
       "          output: function(msg) {\n",
       "            var id = msg.content.text.trim();\n",
       "            if (id in Bokeh.index) {\n",
       "              Bokeh.index[id].model.document.clear();\n",
       "              delete Bokeh.index[id];\n",
       "            }\n",
       "          }\n",
       "        }\n",
       "      });\n",
       "      // Destroy server and session\n",
       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
       "      cell.notebook.kernel.execute(cmd);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when a new output is added\n",
       "   */\n",
       "  function handleAddOutput(event, handle) {\n",
       "    var output_area = handle.output_area;\n",
       "    var output = handle.output;\n",
       "\n",
       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
       "      return\n",
       "    }\n",
       "\n",
       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
       "\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
       "      // store reference to embed id on output_area\n",
       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
       "    }\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
       "      var bk_div = document.createElement(\"div\");\n",
       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
       "      var script_attrs = bk_div.children[0].attributes;\n",
       "      for (var i = 0; i < script_attrs.length; i++) {\n",
       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
       "      }\n",
       "      // store reference to server id on output_area\n",
       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
       "    }\n",
       "  }\n",
       "\n",
       "  function register_renderer(events, OutputArea) {\n",
       "\n",
       "    function append_mime(data, metadata, element) {\n",
       "      // create a DOM node to render to\n",
       "      var toinsert = this.create_output_subarea(\n",
       "        metadata,\n",
       "        CLASS_NAME,\n",
       "        EXEC_MIME_TYPE\n",
       "      );\n",
       "      this.keyboard_manager.register_events(toinsert);\n",
       "      // Render to node\n",
       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
       "      render(props, toinsert[toinsert.length - 1]);\n",
       "      element.append(toinsert);\n",
       "      return toinsert\n",
       "    }\n",
       "\n",
       "    /* Handle when an output is cleared or removed */\n",
       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
       "    events.on('delete.Cell', handleClearOutput);\n",
       "\n",
       "    /* Handle when a new output is added */\n",
       "    events.on('output_added.OutputArea', handleAddOutput);\n",
       "\n",
       "    /**\n",
       "     * Register the mime type and append_mime function with output_area\n",
       "     */\n",
       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
       "      /* Is output safe? */\n",
       "      safe: true,\n",
       "      /* Index of renderer in `output_area.display_order` */\n",
       "      index: 0\n",
       "    });\n",
       "  }\n",
       "\n",
       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
       "  if (root.Jupyter !== undefined) {\n",
       "    var events = require('base/js/events');\n",
       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
       "\n",
       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
       "      register_renderer(events, OutputArea);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  \n",
       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
       "    root._bokeh_timeout = Date.now() + 5000;\n",
       "    root._bokeh_failed_load = false;\n",
       "  }\n",
       "\n",
       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
       "     \"<div style='background-color: #fdd'>\\n\"+\n",
       "     \"<p>\\n\"+\n",
       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
       "     \"</p>\\n\"+\n",
       "     \"<ul>\\n\"+\n",
       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
       "     \"</ul>\\n\"+\n",
       "     \"<code>\\n\"+\n",
       "     \"from bokeh.resources import INLINE\\n\"+\n",
       "     \"output_notebook(resources=INLINE)\\n\"+\n",
       "     \"</code>\\n\"+\n",
       "     \"</div>\"}};\n",
       "\n",
       "  function display_loaded() {\n",
       "    var el = document.getElementById(\"4748\");\n",
       "    if (el != null) {\n",
       "      el.textContent = \"BokehJS is loading...\";\n",
       "    }\n",
       "    if (root.Bokeh !== undefined) {\n",
       "      if (el != null) {\n",
       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
       "      }\n",
       "    } else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(display_loaded, 100)\n",
       "    }\n",
       "  }\n",
       "\n",
       "\n",
       "  function run_callbacks() {\n",
       "    try {\n",
       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
       "        if (callback != null)\n",
       "          callback();\n",
       "      });\n",
       "    } finally {\n",
       "      delete root._bokeh_onload_callbacks\n",
       "    }\n",
       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
       "  }\n",
       "\n",
       "  function load_libs(css_urls, js_urls, callback) {\n",
       "    if (css_urls == null) css_urls = [];\n",
       "    if (js_urls == null) js_urls = [];\n",
       "\n",
       "    root._bokeh_onload_callbacks.push(callback);\n",
       "    if (root._bokeh_is_loading > 0) {\n",
       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
       "      return null;\n",
       "    }\n",
       "    if (js_urls == null || js_urls.length === 0) {\n",
       "      run_callbacks();\n",
       "      return null;\n",
       "    }\n",
       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
       "\n",
       "    function on_load() {\n",
       "      root._bokeh_is_loading--;\n",
       "      if (root._bokeh_is_loading === 0) {\n",
       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
       "        run_callbacks()\n",
       "      }\n",
       "    }\n",
       "\n",
       "    function on_error() {\n",
       "      console.error(\"failed to load \" + url);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < css_urls.length; i++) {\n",
       "      var url = css_urls[i];\n",
       "      const element = document.createElement(\"link\");\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.rel = \"stylesheet\";\n",
       "      element.type = \"text/css\";\n",
       "      element.href = url;\n",
       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
       "      document.body.appendChild(element);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < js_urls.length; i++) {\n",
       "      var url = js_urls[i];\n",
       "      var element = document.createElement('script');\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.async = false;\n",
       "      element.src = url;\n",
       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
       "      document.head.appendChild(element);\n",
       "    }\n",
       "  };var element = document.getElementById(\"4748\");\n",
       "  if (element == null) {\n",
       "    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '4748' but no matching script tag was found. \")\n",
       "    return false;\n",
       "  }\n",
       "\n",
       "  function inject_raw_css(css) {\n",
       "    const element = document.createElement(\"style\");\n",
       "    element.appendChild(document.createTextNode(css));\n",
       "    document.body.appendChild(element);\n",
       "  }\n",
       "\n",
       "  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n",
       "  var css_urls = [];\n",
       "\n",
       "  var inline_js = [\n",
       "    function(Bokeh) {\n",
       "      Bokeh.set_log_level(\"info\");\n",
       "    },\n",
       "    \n",
       "    function(Bokeh) {\n",
       "      \n",
       "    },\n",
       "    function(Bokeh) {} // ensure no trailing comma for IE\n",
       "  ];\n",
       "\n",
       "  function run_inline_js() {\n",
       "    \n",
       "    if ((root.Bokeh !== undefined) || (force === true)) {\n",
       "      for (var i = 0; i < inline_js.length; i++) {\n",
       "        inline_js[i].call(root, root.Bokeh);\n",
       "      }if (force === true) {\n",
       "        display_loaded();\n",
       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(run_inline_js, 100);\n",
       "    } else if (!root._bokeh_failed_load) {\n",
       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
       "      root._bokeh_failed_load = true;\n",
       "    } else if (force !== true) {\n",
       "      var cell = $(document.getElementById(\"4748\")).parents('.cell').data().cell;\n",
       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
       "    }\n",
       "\n",
       "  }\n",
       "\n",
       "  if (root._bokeh_is_loading === 0) {\n",
       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
       "    run_inline_js();\n",
       "  } else {\n",
       "    load_libs(css_urls, js_urls, function() {\n",
       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
       "      run_inline_js();\n",
       "    });\n",
       "  }\n",
       "}(window));"
      ],
      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"4748\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"4748\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '4748' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"4748\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "  <div class=\"bk-root\" id=\"83c37f65-ba3f-4d6e-811a-1c71506e709f\" data-root-id=\"4931\"></div>\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "(function(root) {\n",
       "  function embed_document(root) {\n",
       "    \n",
       "  var docs_json = {\"bfd39c5b-3dfa-4bc2-814a-6d1d9016f0f7\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"4760\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"4793\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"4931\",\"type\":\"Column\"},{\"attributes\":{\"callback\":null,\"end\":1572766365920.2,\"start\":1568282043461.8},\"id\":\"4763\",\"type\":\"Range1d\"},{\"attributes\":{\"below\":[{\"id\":\"4804\",\"type\":\"DatetimeAxis\"},{\"id\":\"4810\",\"type\":\"Title\"}],\"center\":[{\"id\":\"4808\",\"type\":\"Grid\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"4816\",\"type\":\"GlyphRenderer\"},{\"id\":\"4821\",\"type\":\"GlyphRenderer\"},{\"id\":\"4826\",\"type\":\"GlyphRenderer\"},{\"id\":\"4831\",\"type\":\"GlyphRenderer\"},{\"id\":\"4836\",\"type\":\"GlyphRenderer\"},{\"id\":\"4841\",\"type\":\"GlyphRenderer\"},{\"id\":\"4846\",\"type\":\"GlyphRenderer\"},{\"id\":\"4851\",\"type\":\"GlyphRenderer\"},{\"id\":\"4856\",\"type\":\"GlyphRenderer\"},{\"id\":\"4861\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"4794\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"4809\",\"type\":\"Toolbar\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"4796\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"4800\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"4798\",\"type\":\"DataRange1d\"},\"y_scale\":{\"id\":\"4802\",\"type\":\"LinearScale\"}},\"id\":\"4793\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"4942\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#482172\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#482172\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4876\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4892\",\"type\":\"Diamond\"},{\"attributes\":{\"overlay\":{\"id\":\"4864\",\"type\":\"BoxAnnotation\"},\"x_range\":{\"id\":\"4763\",\"type\":\"Range1d\"},\"y_range\":null},\"id\":\"4863\",\"type\":\"RangeTool\"},{\"attributes\":{\"source\":{\"id\":\"4752\",\"type\":\"ColumnDataSource\"}},\"id\":\"4889\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2D6E8E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2D6E8E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4891\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"77.247.181.163\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"40.117.152.107\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"92.62.139.103\",\"40.117.152.107\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"40.126.9.50\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.101.6\",\"185.220.101.6\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"199.249.230.113\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"77.247.181.163\",\"77.247.181.163\",\"40.126.9.50\",\"40.126.9.50\",\"40.126.9.50\",\"40.126.9.50\",\"40.117.152.107\",\"77.247.181.163\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"92.62.139.103\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"40.126.9.51\",\"52.109.6.30\",\"40.126.9.51\",\"40.126.9.49\",\"185.220.101.1\",\"40.126.9.49\",\"185.220.101.1\",\"52.109.6.30\",\"185.220.101.1\",\"40.126.9.51\",\"185.220.101.1\",\"185.220.101.1\",\"185.220.101.1\",\"40.126.9.51\",\"185.220.101.1\",\"\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"\",\"23.129.64.152\",\"\",\"23.129.64.152\",\"23.129.64.152\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"\",\"40.117.152.107\",\"23.129.64.152\",\"\",\"23.129.64.152\",\"\",\"40.117.152.107\",\"23.129.64.152\",\"23.129.64.152\",\"\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"185.220.101.31\",\"23.129.64.152\",\"185.220.101.31\",\"185.220.101.31\",\"23.129.64.152\",\"40.117.152.107\",\"40.117.152.107\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"40.117.152.107\",\"23.129.64.152\",\"40.117.152.107\",\"23.129.64.152\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"104.41.146.53\",\"66.146.193.33\",\"20.190.128.101\",\"20.190.128.103\",\"104.41.146.53\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"199.249.230.111\",\"199.249.230.111\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"66.146.193.33\",\"66.146.193.33\",\"104.41.146.53\",\"66.146.193.33\",\"66.146.193.33\",\"20.190.128.103\",\"66.146.193.33\",\"66.146.193.33\",\"199.249.230.111\",\"199.249.230.111\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"199.249.230.111\",\"104.41.146.53\",\"20.190.128.103\",\"52.109.6.30\",\"52.109.6.30\",\"199.249.230.111\",\"66.146.193.33\",\"199.249.230.111\",\"66.146.193.33\",\"20.190.128.103\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"199.249.230.111\",\"66.146.193.33\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"66.146.193.33\",\"66.146.193.33\",\"\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"20.190.128.103\",\"104.41.146.53\",\"66.146.193.33\",\"104.41.146.53\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"20.190.129.100\",\"52.109.6.30\",\"104.41.146.53\",\"109.70.100.26\",\"52.109.6.30\",\"109.70.100.26\",\"109.70.100.26\",\"52.109.6.30\",\"109.70.100.26\",\"20.190.129.100\",\"20.190.129.100\",\"20.190.129.100\"],\"Operation\":[\"FileUploaded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PageViewed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FilePreviewed\",\"FileAccessed\",\"PageViewed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"AnonymousLinkCreated\",\"SharingInheritanceBroken\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"GroupAdded\",\"SearchQueryPerformed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileModified\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FolderCreated\",\"FilePreviewed\",\"FileModified\",\"PageViewed\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"PageViewed\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"AddedToGroup\",\"SharingSet\",\"GroupAdded\",\"SharingInheritanceBroken\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"FileUploaded\",\"FileUploaded\",\"FilePreviewed\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"FilePreviewed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessedExtended\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FilePreviewed\",\"FileDownloaded\",\"FileDownloaded\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"PageViewed\",\"PageViewed\",\"FilePreviewed\",\"FileDownloaded\",\"FilePreviewed\",\"FileAccessed\",\"FileDownloaded\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"FileDownloaded\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"ClientViewSignaled\",\"PageViewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileDownloaded\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileDownloaded\",\"FileDownloaded\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FilePreviewed\",\"FilePreviewed\",\"PageViewed\",\"FolderModified\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FilePreviewed\",\"FileDownloaded\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"PageViewed\",\"FilePreviewed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FolderCreated\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FolderDeleted\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileUploaded\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"ListCreated\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileModifiedExtended\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileUploaded\",\"FileModifiedExtended\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModifiedExtended\",\"FileAccessed\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileUploaded\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModifiedExtended\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileModified\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModified\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModifiedExtended\",\"FileAccessed\",\"FileUploaded\",\"SearchQueryPerformed\",\"PageViewed\",\"FilePreviewed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"PageViewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"PageViewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FolderDeleted\",\"FilePreviewed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"PageViewed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAkDL3TdkIAgOULvdN2QgCA5Qu903ZCAIDlC73TdkIAACoLvdN2QgCA6wq903ZCAAA2Cb3TdkIAADYJvdN2QgAAuQi903ZCAAC/B73TdkIAAEIHvdN2QgAAQge903ZCAABCB73TdkIAAEIHvdN2QgAAfv2803ZCAACE/LzTdkIAAAf8vNN2QgCAaAu903ZCAIDxCb3TdkIAADwIvdN2QgAAPAi903ZCAAA8CL3TdkIAgP0HvdN2QgCAbgq903ZCAAC/B73TdkIAgLfpvNN2QgAAeem803ZCAIA66bzTdkIAgDrpvNN2QgCAOum803ZCAIA66bzTdkIAgDrpvNN2QgCAOum803ZCAIA66bzTdkIAgLz9vNN2QgAAKgu903ZCAAAwCr3TdkIAALMJvdN2QgAAPAi903ZCAAA8CL3TdkIAAL8HvdN2QgCAdAm903ZCAIB0Cb3TdkIAALkIvdN2QgCA9wi903ZCAAAkDL3TdkIAgGgLvdN2QgAArQq903ZCAIB0Cb3TdkIAAH79vNN2QgAAuQi903ZCAIA//bzTdkIAgOD3vNN2QgCA4Pe803ZCAIDg97zTdkIAgOD3vNN2QgAAove803ZCAIDg97zTdkIAAKL3vNN2QgCAdfS803ZCAIB19LzTdkIAgHX0vNN2QgCAdfS803ZCAIB19LzTdkIAgHX0vNN2QgAAN/S803ZCAADS77zTdkIAgJPvvNN2QgCAk++803ZCAICT77zTdkIAgJPvvNN2QgCAk++803ZCAABV77zTdkIAgHbfvNN2QgAANgm903ZCAAA2Cb3TdkIAgAMHvdN2QgCAJwG903ZCAIADB73TdkIAAA37vNN2QgAADfu803ZCAAAN+7zTdkIAAA37vNN2QgAADfu803ZCAIDO+rzTdkIAAA37vNN2QgAAMuC803ZCAAAy4LzTdkIAADLgvNN2QgAAJAy903ZCAIBoC73TdkIAgPiystN2QgAA7V+003ZCAABwX7TTdkIAAHBftNN2QgCAMV+003ZCAADzXrTTdkIAgLRetNN2QgCAtF6003ZCAAB2XrTTdkIAAHZetNN2QgCAFxC003ZCAACuK7TTdkIAgPgptNN2QgAAEzC003ZCAAA9KbTTdkIAgG8rtNN2QgAAd0m003ZCAACuK7TTdkIAAK4rtNN2QgCArAy003ZCAIAvDLTTdkIAAMAotNN2QgAA6wy003ZCAICsDLTTdkIAAK4rtNN2QgAAbgy003ZCAADxC7TTdkIAAG4MtNN2QgCASHC003ZCAIBIcLTTdkIAgMtvtNN2QgAACnC003ZCAAAbgrTTdkIAgPVotNN2QgAAt2i003ZCAIDvabTTdkIAAK4rtNN2QgCAhGa003ZCAACuK7TTdkIAgIGxstN2QgCACrCy03ZCAICsDLTTdkIAgG8rtNN2QgCA/ii003ZCAADrDLTTdkIAAOsMtNN2QgCArAy003ZCAABuDLTTdkIAAPELtNN2QgAAbgy003ZCAICsDLTTdkIAAG4MtNN2QgCAuAq003ZCAABuDLTTdkIAgKwMtNN2QgCA25a003ZCAID4KbTTdkIAAK4rtNN2QgCA+2e003ZCAACuK7TTdkIAAD0ptNN2QgAAEzC003ZCAIBFr7TTdkIAgOyotNN2QgCAUa2003ZCAADps7TTdkIAAO+ytNN2QgCASHC003ZCAAAKcLTTdkIAgPG8tNN2QgAAs7y003ZCAADXtrTTdkIAgASltNN2QgAA6bO003ZCAICktLTTdkIAAOmztNN2QgCAqrO003ZCAAA3p7TTdkIAgNSstNN2QgAAQGe003ZCAACuK7TTdkIAgJt3tNN2QgAAriu003ZCAID4KbTTdkIAAMJ7tNN2QgAAFm6003ZCAIAVt7TTdkIAgOyotNN2QgCABKW003ZCAAATMLTTdkIAAD0ptNN2QgAAriu003ZCAACAhrTTdkIAgO9ptNN2QgAAK7Wy03ZCAID4srLTdkIAAEmwstN2QgAASbCy03ZCAICBsbLTdkIAgIGxstN2QgCACrCy03ZCAID4srLTdkIAgKqztNN2QgCAsLK003ZCAAB+sLTTdkIAAD2mtNN2QgAAriu003ZCAABmtLTTdkIAgJ61tNN2QgCA9H2003ZCAADdtbTTdkIAAOmztNN2QgCAsLK003ZCAIA/sLTTdkIAgCG1tNN2QgAAbLO003ZCAIA/sLTTdkIAAA2utNN2QgCAG7a003ZCAICktLTTdkIAgKqztNN2QgAAQ6W003ZCAADFubTTdkIAgIa5tNN2QgAAuqa003ZCAID1aLTTdkIAAGC1tNN2QgCAqrO003ZCAIDvabTTdkIAgOcFt9N2QgAAqQW303ZCAAAIC7fTdkIAAIsKt9N2QgAA9g2303ZCAAD2DbfTdkIAAPYNt9N2QgAA9g2303ZCAIC3DbfTdkIAAKkFt9N2QgCA4Qa303ZCAACjBrfTdkIAAPGItNN2QgCA8by003ZCAIDxvLTTdkIAgCG1tNN2QgCAqrO003ZCAABysrTTdkIAgPG8tNN2QgCAqrO003ZCAICwsrTTdkIAgO9ptNN2QgAAriu003ZCAACpBbfTdkIAgO9ptNN2QgCA72m003ZCAAAIC7fTdkIAgMkKt9N2QgAAiwq303ZCAAAmBrfTdkIAgEwKt9N2QgAAqQW303ZCAACpBbfTdkIAAKkFt9N2QgAAJga303ZCAAAmBrfTdkIAgPkCt9N2QgAAqQW303ZCAIDmILbTdkIAgF0ittN2QgAAliO203ZCAADeF7bTdkIAgJ8XttN2QgAAYRe203ZCAABhF7bTdkIAgCIXttN2QgCAIhe203ZCAADkFrbTdkIAAGcWttN2QgCApRa203ZCAAANJbbTdkIAAA0lttN2QgAADSW203ZCAAANJbbTdkIAgG8fttN2QgAAPR2203ZCAAAOCrfTdkIAACwFt9N2QgAAqQW303ZCAACpBbfTdkIAAA4Kt9N2QgAAqQW303ZCAAAsBbfTdkIAABcvu9N2QgAAFy+703ZCAAAXL7vTdkIAABcvu9N2QgAAFy+703ZCAIAfOLvTdkIAgCU3u9N2QgAA+TO703ZCAAD5M7vTdkIAgCU3u9N2QgCANzS703ZCAIA3NLvTdkIAALgpu9N2QgAAOym703ZCAABHJ7vTdkIAALgpu9N2QgCAoje703ZCAICiN7vTdkIAAEEou9N2QgCAJTe703ZCAAB2NLvTdkIAgDc0u9N2QgCASTG703ZCAICoNrvTdkIAAGo2u9N2QgCArjW703ZCAAC4KbvTdkIAALAsXN12QgAAJy5c3XZCAACwLFzddkIAAC0tXN12QgCA6C1c3XZCAAAtLVzddkIAgOgtXN12QgAAJy5c3XZCAIBrLVzddkIAALAsXN12QgAAqi1c3XZCAACqLVzddkIAAKotXN12QgAAsCxc3XZCAACqLVzddkIAAKk5VdR2QgAAISZV1HZCAIDVPFXUdkIAgGo5VdR2QgAAlzxV1HZCAAAhJlXUdkIAACEmVdR2QgAAqTlV1HZCAID/NVXUdkIAAIanVdR2QgAACadV1HZCAAAJp1XUdkIAgEenVdR2QgCAR6dV1HZCAAAJp1XUdkIAgMqmVdR2QgCAR6dV1HZCAAAJp1XUdkIAgMqmVdR2QgCAQahV1HZCAIBHp1XUdkIAgMqmVdR2QgCAQahV1HZCAAAJp1XUdkIAgEenVdR2QgCATaZV1HZCAACFP1XUdkIAgNYnVdR2QgCA1TxV1HZCAACXPFXUdkIAAME1VdR2QgAAhT9V1HZCAIB8NlXUdkIAgHA4VdR2QgCA1TxV1HZCAIDVPFXUdkIAACY6VdR2QgCA5zlV1HZCAIDtOFXUdkIAAK84VdR2QgAA6y5V1HZCAIDQKFXUdkIAAH9AVdR2QgCAQEBV1HZCAAAhJlXUdkIAgNYnVdR2QgCA1idV1HZCAAAPKVXUdkIAgC8uVdR2QgCA6CRV1HZCAAAJp1XUdkIAgEenVdR2QgCAyqZV1HZCAACGp1XUdkIAAAmnVdR2QgCAyqZV1HZCAIBfJlXUdkIAACEmVdR2QgAAISZV1HZCAAB6LFXUdkIAgEcqVdR2QgCATSlV1HZCAIDWJ1XUdkIAgF8mVdR2QgAAISZV1HZCAAAhJlXUdkIAgF8mVdR2QgAAISZV1HZCAIDQKFXUdkIAACEmVdR2QgCA1idV1HZCAAAhJlXUdkIAgOUjs9R2QgAADROz1HZCAABlLrPUdkIAAGUus9R2QgCAryyz1HZCAAD0K7PUdkIAAPoqs9R2QgAABimz1HZCAACJKLPUdkIAgFAns9R2QgAAGCaz1HZCAAAYJrPUdkIAgN8ks9R2QgCA3ySz1HZCAABJCbPUdkIAAOoDs9R2QgCAQACz1HZCAACCPrPUdkIAgNI7s9R2QgCAIRqz1HZCAIAhGrPUdkIAgI7zstR2QgCAF/Ky1HZCAADf8LLUdkIAAN/wstR2QgAAJQ+z1HZCAAAlD7PUdkIAACUPs9R2QgAAJQ+z1HZCAIDmDrPUdkIAgOYOs9R2QgCA5g6z1HZCAIDmDrPUdkIAAKgOs9R2QgCAaQ6z1HZCAAArDrPUdkIAACsOs9R2QgAAKw6z1HZCAIDsDbPUdkIAgOwNs9R2QgCA7A2z1HZCAACuDbPUdkIAAK4Ns9R2QgCAbw2z1HZCAIBvDbPUdkIAgG8Ns9R2QgAAMQ2z1HZCAAAxDbPUdkIAADENs9R2QgCA8gyz1HZCAIDyDLPUdkIAAG0Ds9R2QgAAbQOz1HZCAICrA7PUdkIAgKsDs9R2QgAAIPuy1HZCAIDn+bLUdkIAgO34stR2QgCA7fiy1HZCAIBw+LLUdkIAgHD4stR2QgAAOPey1HZCAICC9bLUdkIAgIL1stR2QgAAx/Sy1HZCAADH9LLUdkIAAM3zstR2QgCAEfOy1HZCAICU8rLUdkIAgJTystR2QgAAXPGy1HZCAABc8bLUdkIAgM4Ss9R2QgCAzhKz1HZCAACj+rLUdkIAAKn5stR2QgAAMviy1HZCAIB297LUdkIAgHb3stR2QgCAgvWy1HZCAIBk+rLUdkIAgGT6stR2QgCAavmy1HZCAIBq+bLUdkIAAK/4stR2QgAAtfey1HZCAAC197LUdkIAAD72stR2QgAAPvay1HZCAIAF9bLUdkIAANnxstR2QgCA5/my1HZCAAAs+bLUdkIAgHb3stR2QgCAfPay1HZCAIB89rLUdkIAgIj0stR2QgAA0/Ky1HZCAADT8rLUdkIAgJTystR2QgAAXPGy1HZCAIAd8bLUdkIAADENs9R2QgAAJvqy1HZCAAAI/7LUdkIAgMn+stR2QgCA4fqy1HZCAIDh+rLUdkIAAD72stR2QgAAzfOy1HZCAACuDbPUdkIAAK4Ns9R2QgCAIRqz1HZCAIAhGrPUdkIAgN8ks9R2QgCA3ySz1HZCAIDlI7PUdkIAAEkJs9R2QgAA6gOz1HZCAIBAALPUdkIAAEczs9R2QgAAyjKz1HZCAADuLLPUdkIAAHcrs9R2QgAAgymz1HZCAIBKKLPUdkIAgAgzs9R2QgAATTKz1HZCAADcL7PUdkIAgBUcs9R2QgAAYBqz1HZCAIAhGrPUdkIAgI7zstR2QgCAF/Ky1HZCAADf8LLUdkIAAN/wstR2QgAATTKz1HZCAABNMrPUdkIAAFMxs9R2QgAAWTCz1HZCAIAgL7PUdkIAAHEss9R2QgAAgymz1HZCAACDKbPUdkIAgFYms9R2QgCAViaz1HZCAIAzF7PUdkIAAHcrs9R2QgCAuyqz1HZCAIA+KrPUdkIAgM0ns9R2QgAAmyWz1HZCAACnI7PUdkIAAKcjs9R2QgCA6yKz1HZCAIDlI7PUdkIAgBlFs9R2QgCA8gyz1HZCAIDyDLPUdkIAgPIMs9R2QgCA8gyz1HZCAIBtN7PUdkIAAKY4s9R2QgAATTKz1HZCAADQMbPUdkIAAFkws9R2QgAA3C+z1HZCAAANE7PUdkIAgMcos9R2QgAADCiz1HZCAACPJ7PUdkIAgNMms9R2QgCAViaz1HZCAAChJLPUdkIAACojs9R2QgAAKiOz1HZCAAAwIrPUdkIAADAis9R2QgAAMCKz1HZCAIDwNrPUdkIAAEczs9R2QgCAkTGz1HZCAICXMLPUdkIAANwvs9R2QgAAZS6z1HZCAIAyLLPUdkIAAPQrs9R2QgCAOCuz1HZCAAB9KrPUdkIAAAAqs9R2QgCAwD6z1HZCAABj7a/UdkIAAObsr9R2QgCAGV2v1HZCAICWXa/UdkIAAABCr9R2QgAAg0Gv1HZCAIAZXa/UdkIAgJBer9R2QgCAnFyv1HZCAABeXK/UdkIAAPRDr9R2QgCAtUOv1HZCAICb7q/UdkIAgJvur9R2QgAA4O2v1HZCAID686/UdkIAgInxr9R2QgCAm+6v1HZCAABd7q/UdkIAAODtr9R2QgCAJO2v1HZCAIAk7a/UdkIAgKfsr9R2QgCAp+yv1HZCAABeXK/UdkIAgJxcr9R2QgAA1V2v1HZCAABeXK/UdkIAgA1fr9R2QgAAg0Gv1HZCAICcXK/UdkIAgCVbr9R2QgAA9EOv1HZCAIC1Q6/UdkIAAIFrr9R2QgAAgWuv1HZCAIBCa6/UdkIAgEJrr9R2QgCAMkSv1HZCAAD6Qq/UdkIAAINBr9R2QgCAtUOv1HZCAIC1Q6/UdkIAAHFEr9R2QgCANJev1HZCAAD0Q6/UdkIAAF5cr9R2QgAAg0Gv1HZCAABeXK/UdkIAAF5cr9R2QgAA/muv1HZCAAB7bK/UdkIAgDxsr9R2QgAA/muv1HZCAAD+a6/UdkIAgL9rr9R2QgCAv2uv1HZCAABeXK/UdkIAgLVDr9R2QgAAXlyv1HZCAADC8q/UdkIAgB7ur9R2QgCAoe2v1HZCAAD2lq/UdkIAANtcr9R2QgAA21yv1HZCAADbXK/UdkIAgBNer9R2QgAAXlyv1HZCAACDQa/UdkIAgBldr9R2QgAARmCv1HZCAABSXq/UdkIAAL17/tR2QgAAvXv+1HZCAAC9e/7UdkIAAMN6/tR2QgAAvXv+1HZCAIB+e/7UdkIAAL17/tR2QgAAvXv+1HZCAAC9e/7UdkIAAL17/tR2QgCA+3v+1HZCAAC9e/7UdkIAAEB7/tR2QgAAw3r+1HZCAABAe/7UdkI=\",\"dtype\":\"float64\",\"shape\":[676]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676],\"y_index\":[9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9]},\"selected\":{\"id\":\"4957\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4956\",\"type\":\"UnionRenderers\"}},\"id\":\"4758\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Exchange\",\"Exchange\",\"Exchange\",\"Exchange\"],\"IPAddress\":[\"[2a02:418:6017::148]:45644\",\"176.10.99.200:45866\",\"185.207.139.2:7127\",\"185.207.139.2:30396\"],\"Operation\":[\"New-InboxRule\",\"New-InboxRule\",\"Remove-InboxRule\",\"Remove-InboxRule\"],\"TimeGenerated\":{\"__ndarray__\":\"AABUw7LTdkIAgGzXBNV2QgCAH6dY1nZCAADbp1jWdkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[132,677,678,679],\"y_index\":[2,2,2,2]},\"selected\":{\"id\":\"4943\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4942\",\"type\":\"UnionRenderers\"}},\"id\":\"4751\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"4935\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"4753\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4891\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4892\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4894\",\"type\":\"CDSView\"}},\"id\":\"4893\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4961\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"4941\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"4753\",\"type\":\"ColumnDataSource\"}},\"id\":\"4894\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4917\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4897\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"4749\",\"type\":\"ColumnDataSource\"}},\"id\":\"4874\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4940\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#24848D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#24848D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4896\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"4767\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\"],\"IPAddress\":[\"131.107.147.205\",\"131.107.147.205\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\"],\"Operation\":[\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\"],\"TimeGenerated\":{\"__ndarray__\":\"AIASlQLddkIAgPSUAt12QgDwtVX23HZCAMCaVfbcdkIAEMtJ9tx2QgCgr0n23HZCAOAvHRXddkIAMBMdFd12QgDA/fEd3XZCALDg8R3ddkI=\",\"dtype\":\"float64\",\"shape\":[10]},\"index\":[40,41,52,53,54,55,76,77,84,85],\"y_index\":[3,3,3,3,3,3,3,3,3,3]},\"selected\":{\"id\":\"4945\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4944\",\"type\":\"UnionRenderers\"}},\"id\":\"4752\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"4754\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4896\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4897\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4899\",\"type\":\"CDSView\"}},\"id\":\"4898\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"4772\",\"type\":\"DatetimeTicker\"}},\"id\":\"4775\",\"type\":\"Grid\"},{\"attributes\":{\"callback\":null,\"end\":9.1,\"start\":-0.1},\"id\":\"4765\",\"type\":\"Range1d\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4759\",\"type\":\"HoverTool\"},{\"id\":\"4781\",\"type\":\"WheelZoomTool\"},{\"id\":\"4782\",\"type\":\"BoxZoomTool\"},{\"id\":\"4783\",\"type\":\"ResetTool\"},{\"id\":\"4784\",\"type\":\"SaveTool\"},{\"id\":\"4785\",\"type\":\"PanTool\"}]},\"id\":\"4786\",\"type\":\"Toolbar\"},{\"attributes\":{\"source\":{\"id\":\"4754\",\"type\":\"ColumnDataSource\"}},\"id\":\"4899\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4902\",\"type\":\"Diamond\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"4777\",\"type\":\"BasicTicker\"}},\"id\":\"4780\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#1E9A89\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#1E9A89\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4901\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"4939\",\"type\":\"Selection\"},{\"attributes\":{\"callback\":null,\"end\":1572953212689.3,\"start\":1568095196692.7},\"id\":\"4796\",\"type\":\"Range1d\"},{\"attributes\":{\"data_source\":{\"id\":\"4755\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4901\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4902\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4904\",\"type\":\"CDSView\"}},\"id\":\"4903\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"4935\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"4777\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"4776\",\"type\":\"LinearAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4907\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"4755\",\"type\":\"ColumnDataSource\"}},\"id\":\"4904\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4777\",\"type\":\"BasicTicker\"},{\"attributes\":{\"below\":[{\"id\":\"4771\",\"type\":\"DatetimeAxis\"}],\"center\":[{\"id\":\"4775\",\"type\":\"Grid\"},{\"id\":\"4780\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"4776\",\"type\":\"LinearAxis\"},{\"id\":\"4920\",\"type\":\"Legend\"}],\"min_border_left\":50,\"plot_height\":400,\"plot_width\":900,\"renderers\":[{\"id\":\"4873\",\"type\":\"GlyphRenderer\"},{\"id\":\"4878\",\"type\":\"GlyphRenderer\"},{\"id\":\"4883\",\"type\":\"GlyphRenderer\"},{\"id\":\"4888\",\"type\":\"GlyphRenderer\"},{\"id\":\"4893\",\"type\":\"GlyphRenderer\"},{\"id\":\"4898\",\"type\":\"GlyphRenderer\"},{\"id\":\"4903\",\"type\":\"GlyphRenderer\"},{\"id\":\"4908\",\"type\":\"GlyphRenderer\"},{\"id\":\"4913\",\"type\":\"GlyphRenderer\"},{\"id\":\"4918\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"4761\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"4786\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"4763\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"4767\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"4765\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"4769\",\"type\":\"LinearScale\"}},\"id\":\"4760\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2AB07E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2AB07E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4906\",\"type\":\"Diamond\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"4810\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Notebooks\",\"Azure Notebooks\",\"Azure Notebooks\"],\"IPAddress\":[\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AKC/g8LcdkIAgMWEwtx2QgCwAITC3HZC\",\"dtype\":\"float64\",\"shape\":[3]},\"index\":[34,35,38],\"y_index\":[0,0,0]},\"selected\":{\"id\":\"4939\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4938\",\"type\":\"UnionRenderers\"}},\"id\":\"4749\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"4938\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 SharePoint Online\",\"Office 365 SharePoint Online\"],\"IPAddress\":[\"109.70.100.26\",\"109.70.100.26\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AFAHWq/UdkIAUAdar9R2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[13,16],\"y_index\":[8,8]},\"selected\":{\"id\":\"4955\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4954\",\"type\":\"UnionRenderers\"}},\"id\":\"4757\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"4958\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4959\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4960\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4961\",\"type\":\"DaysTicker\"},{\"id\":\"4962\",\"type\":\"DaysTicker\"},{\"id\":\"4963\",\"type\":\"DaysTicker\"},{\"id\":\"4964\",\"type\":\"DaysTicker\"},{\"id\":\"4965\",\"type\":\"MonthsTicker\"},{\"id\":\"4966\",\"type\":\"MonthsTicker\"},{\"id\":\"4967\",\"type\":\"MonthsTicker\"},{\"id\":\"4968\",\"type\":\"MonthsTicker\"},{\"id\":\"4969\",\"type\":\"YearsTicker\"}]},\"id\":\"4772\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4756\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4906\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4907\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4909\",\"type\":\"CDSView\"}},\"id\":\"4908\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4769\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"4868\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"4772\",\"type\":\"DatetimeTicker\"}},\"id\":\"4771\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4912\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"4756\",\"type\":\"ColumnDataSource\"}},\"id\":\"4909\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null},\"id\":\"4798\",\"type\":\"DataRange1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#4FC369\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#4FC369\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4911\",\"type\":\"Diamond\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"4794\",\"type\":\"Title\"},{\"attributes\":{\"data_source\":{\"id\":\"4749\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4871\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4872\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4874\",\"type\":\"CDSView\"}},\"id\":\"4873\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"4863\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4863\",\"type\":\"RangeTool\"}]},\"id\":\"4809\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"4757\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4911\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4912\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4914\",\"type\":\"CDSView\"}},\"id\":\"4913\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4800\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4781\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"4944\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"4945\",\"type\":\"Selection\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"4921\",\"type\":\"LegendItem\"},{\"id\":\"4922\",\"type\":\"LegendItem\"},{\"id\":\"4923\",\"type\":\"LegendItem\"},{\"id\":\"4924\",\"type\":\"LegendItem\"},{\"id\":\"4925\",\"type\":\"LegendItem\"},{\"id\":\"4926\",\"type\":\"LegendItem\"},{\"id\":\"4927\",\"type\":\"LegendItem\"},{\"id\":\"4928\",\"type\":\"LegendItem\"},{\"id\":\"4929\",\"type\":\"LegendItem\"},{\"id\":\"4930\",\"type\":\"LegendItem\"}],\"label_text_font_size\":{\"value\":\"8pt\"},\"location\":\"center\"},\"id\":\"4920\",\"type\":\"Legend\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#83D34B\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#83D34B\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4916\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"4784\",\"type\":\"SaveTool\"},{\"attributes\":{\"source\":{\"id\":\"4757\",\"type\":\"ColumnDataSource\"}},\"id\":\"4914\",\"type\":\"CDSView\"},{\"attributes\":{\"overlay\":{\"id\":\"4970\",\"type\":\"BoxAnnotation\"}},\"id\":\"4782\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"4783\",\"type\":\"ResetTool\"},{\"attributes\":{\"data_source\":{\"id\":\"4758\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4916\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4917\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4919\",\"type\":\"CDSView\"}},\"id\":\"4918\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\"],\"IPAddress\":[\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"176.10.99.200\",\"176.10.99.200\",\"176.10.99.200\",\"176.10.99.200\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AFDxPa/UdkIAUPE9r9R2QgBg5z6v1HZCAGDnPq/UdkIAIAUpXN12QgDg0Slc3XZCACAFKVzddkIA4NEpXN12QgAwJXX+1HZCABCLdv7UdkIAEIt2/tR2QgAwJXX+1HZC\",\"dtype\":\"float64\",\"shape\":[12]},\"index\":[11,12,14,15,25,26,27,28,54,55,56,57],\"y_index\":[6,6,6,6,6,6,6,6,6,6,6,6]},\"selected\":{\"id\":\"4951\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4950\",\"type\":\"UnionRenderers\"}},\"id\":\"4755\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4962\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2D6E8E\"},\"line_color\":{\"value\":\"#2D6E8E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4834\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4835\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"4753\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4834\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4835\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4837\",\"type\":\"CDSView\"}},\"id\":\"4836\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4785\",\"type\":\"PanTool\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4963\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#423D84\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#423D84\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4881\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"4758\",\"type\":\"ColumnDataSource\"}},\"id\":\"4919\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4964\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4965\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4750\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4876\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4877\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4879\",\"type\":\"CDSView\"}},\"id\":\"4878\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"ticker\":{\"id\":\"4805\",\"type\":\"DatetimeTicker\"}},\"id\":\"4808\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"4802\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"4753\",\"type\":\"ColumnDataSource\"}},\"id\":\"4837\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4871\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"4948\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4966\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#24848D\"},\"line_color\":{\"value\":\"#24848D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4839\",\"type\":\"Circle\"},{\"attributes\":{\"formatter\":{\"id\":\"4811\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"4805\",\"type\":\"DatetimeTicker\"}},\"id\":\"4804\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"label\":{\"value\":\"Azure Notebooks\"},\"renderers\":[{\"id\":\"4873\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4921\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4840\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4967\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4754\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4839\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4840\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4842\",\"type\":\"CDSView\"}},\"id\":\"4841\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4868\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"4971\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4972\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4973\",\"type\":\"AdaptiveTicker\"},{\"id\":\"4974\",\"type\":\"DaysTicker\"},{\"id\":\"4975\",\"type\":\"DaysTicker\"},{\"id\":\"4976\",\"type\":\"DaysTicker\"},{\"id\":\"4977\",\"type\":\"DaysTicker\"},{\"id\":\"4978\",\"type\":\"MonthsTicker\"},{\"id\":\"4979\",\"type\":\"MonthsTicker\"},{\"id\":\"4980\",\"type\":\"MonthsTicker\"},{\"id\":\"4981\",\"type\":\"MonthsTicker\"},{\"id\":\"4982\",\"type\":\"YearsTicker\"}]},\"id\":\"4805\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"source\":{\"id\":\"4750\",\"type\":\"ColumnDataSource\"}},\"id\":\"4879\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"Azure Portal\"},\"renderers\":[{\"id\":\"4878\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4922\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4968\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4811\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"label\":{\"value\":\"Exchange\"},\"renderers\":[{\"id\":\"4883\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4923\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"4864\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data_source\":{\"id\":\"4749\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4814\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4815\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4817\",\"type\":\"CDSView\"}},\"id\":\"4816\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"Microsoft.Logic\"},\"renderers\":[{\"id\":\"4888\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4924\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"4754\",\"type\":\"ColumnDataSource\"}},\"id\":\"4842\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4969\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4877\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"Microsoft.OperationalInsights\"},\"renderers\":[{\"id\":\"4893\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4925\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4815\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1E9A89\"},\"line_color\":{\"value\":\"#1E9A89\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4844\",\"type\":\"Circle\"},{\"attributes\":{\"label\":{\"value\":\"Microsoft.SecurityInsights\"},\"renderers\":[{\"id\":\"4898\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4926\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4845\",\"type\":\"Circle\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"4970\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4971\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4755\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4844\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4845\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4847\",\"type\":\"CDSView\"}},\"id\":\"4846\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"SharePoint\"},\"renderers\":[{\"id\":\"4918\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4930\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4872\",\"type\":\"Diamond\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4972\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4814\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4943\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"O365 Suite UX\"},\"renderers\":[{\"id\":\"4903\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4927\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"Office 365 Exchange Online\"},\"renderers\":[{\"id\":\"4908\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4928\",\"type\":\"LegendItem\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4973\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"source\":{\"id\":\"4755\",\"type\":\"ColumnDataSource\"}},\"id\":\"4847\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"4758\",\"type\":\"ColumnDataSource\"}},\"id\":\"4862\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4974\",\"type\":\"DaysTicker\"},{\"attributes\":{\"label\":{\"value\":\"Office 365 SharePoint Online\"},\"renderers\":[{\"id\":\"4913\",\"type\":\"GlyphRenderer\"}]},\"id\":\"4929\",\"type\":\"LegendItem\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"IPAddress\",\"@IPAddress\"],[\"AppResourceProvider\",\"@AppResourceProvider\"],[\"Operation\",\"@Operation\"]]},\"id\":\"4759\",\"type\":\"HoverTool\"},{\"attributes\":{\"source\":{\"id\":\"4749\",\"type\":\"ColumnDataSource\"}},\"id\":\"4817\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2AB07E\"},\"line_color\":{\"value\":\"#2AB07E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4849\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"4758\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4859\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4860\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4862\",\"type\":\"CDSView\"}},\"id\":\"4861\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4850\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4949\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4975\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4756\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4849\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4850\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4852\",\"type\":\"CDSView\"}},\"id\":\"4851\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#482172\"},\"line_color\":{\"value\":\"#482172\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4819\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4820\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"4750\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4819\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4820\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4822\",\"type\":\"CDSView\"}},\"id\":\"4821\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\"],\"IPAddress\":[\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.174.123\",\"131.107.174.123\",\"131.107.174.123\",\"131.107.174.123\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.205\",\"131.107.147.205\"],\"Operation\":[\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Cases\",\"Update Cases\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Cases\",\"Update Cases\"],\"TimeGenerated\":{\"__ndarray__\":\"AEBwkq7ddkIAYDySrt12QgBAboCu3XZCAOBBgK7ddkIA0FmLpt12QgAAJYum3XZCAGA/t6bddkIAUA63pt12QgAQsW+l3XZCAFCAb6XddkIA0Bdnpd12QgAg9Wal3XZCAJD1ZaXddkIAkM1lpd12QgAgf2Sl3XZCAOBfZKXddkIAgCFjpd12QgDACmOl3XZCAOBKW6XddkIA8Ctbpd12QgDgeoel3XZCALBah6XddkIA8EWHpd12QgDwAYel3XZCAACFhqXddkIAQECGpd12QgBAUIKl3XZCAHAMgqXddkIA0Gx0pd12QgBQQnSl3XZCAIBbcqXddkIAADZypd12QgDgaFcC3XZCANA4VwLddkIAkBVWAt12QgAQ4VUC3XZCAJD2VALddkIAMNRUAt12QgAQCUgC3XZCAADiRwLddkIA4L/Y9dx2QgCgh9j13HZCAICa0vXcdkIA8H/S9dx2QgAQ2c/13HZCAFCxz/XcdkIA0GIHFd12QgDwKAcV3XZCAJD0AxXddkIAcKEDFd12QgAwZ4Id3XZCAIAwgh3ddkIAABN3Hd12QgBQ+nYd3XZCAKBFdR3ddkIA8A51Hd12QgAw82wd3XZCADC8bB3ddkIAQBDHl992QgCQBseX33ZC\",\"dtype\":\"float64\",\"shape\":[60]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,68,69,70,71,72,73,78,79,80,81,86,87,88,89,90,91,92,93,94,95],\"y_index\":[5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5]},\"selected\":{\"id\":\"4949\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4948\",\"type\":\"UnionRenderers\"}},\"id\":\"4754\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4976\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4882\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"23.129.64.193\",\"23.129.64.193\",\"23.129.64.193\",\"23.129.64.193\",\"185.220.101.48\",\"198.98.58.135\",\"198.98.58.135\",\"185.220.101.48\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\",\"217.115.10.132\",\"217.115.10.132\",\"185.4.132.135\",\"185.4.132.135\",\"185.4.132.135\",\"185.4.132.135\",\"109.70.100.24\",\"109.70.100.24\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AIBWKzzXdkIAEOUsPNd2QgCAVis813ZCABDlLDzXdkIAICQV5tZ2QgAwA+2O13ZCADAD7Y7XdkIAICQV5tZ2QgCQqLkE1XZCAJCouQTVdkIAYHKyBNV2QgAgrrwE1XZCACCuvATVdkIA0CGpk9Z2QgDQIamT1nZCAKDAp5PWdkIAoMCnk9Z2QgBQgmdY1nZCAFCCZ1jWdkIA0NOWWNZ2QgDQ05ZY1nZCABDvl1jWdkIAEO+XWNZ2QgAwIHDh13ZCADAgcOHXdkI=\",\"dtype\":\"float64\",\"shape\":[25]},\"index\":[3,4,5,6,7,8,9,10,46,47,48,49,50,58,59,60,61,62,63,64,65,66,67,68,69],\"y_index\":[7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7]},\"selected\":{\"id\":\"4953\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4952\",\"type\":\"UnionRenderers\"}},\"id\":\"4756\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#83D34B\"},\"line_color\":{\"value\":\"#83D34B\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4859\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4950\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"4951\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4977\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"4756\",\"type\":\"ColumnDataSource\"}},\"id\":\"4852\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4978\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"4750\",\"type\":\"ColumnDataSource\"}},\"id\":\"4822\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#4FC369\"},\"line_color\":{\"value\":\"#4FC369\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4854\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4952\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4855\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4953\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4979\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4757\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4854\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4855\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4857\",\"type\":\"CDSView\"}},\"id\":\"4856\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#423D84\"},\"line_color\":{\"value\":\"#423D84\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4824\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4825\",\"type\":\"Circle\"},{\"attributes\":{\"text\":\"Timeline: Azure Signin activity by Provider\"},\"id\":\"4761\",\"type\":\"Title\"},{\"attributes\":{\"data_source\":{\"id\":\"4751\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4881\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4882\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4884\",\"type\":\"CDSView\"}},\"id\":\"4883\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"4751\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4824\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4825\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4827\",\"type\":\"CDSView\"}},\"id\":\"4826\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4954\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"4955\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4980\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4981\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"4757\",\"type\":\"ColumnDataSource\"}},\"id\":\"4857\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4860\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4956\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"4957\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"4751\",\"type\":\"ColumnDataSource\"}},\"id\":\"4827\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\"],\"IPAddress\":[\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\"],\"Operation\":[\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\"],\"TimeGenerated\":{\"__ndarray__\":\"ACCF5hHddkIAQGrmEd12QgAwS9kR3XZCADAy2RHddkIAoM/XEd12QgAwrtcR3XZCAPDR1hHddkIAsLLWEd12QgAQbtUR3XZCACAx1RHddkIAQP2V9tx2QgDQ6pX23HZCABD3lPbcdkIAIOeU9tx2QgBAE5L23HZCAEAJkvbcdkIAUCqR9tx2QgCwBpH23HZCADBzj/bcdkIAoFOP9tx2QgDg3Yn23HZCABC8ifbcdkIAMAFCFd12QgAQ1kEV3XZCADBj0x3ddkIAoBvTHd12Qg==\",\"dtype\":\"float64\",\"shape\":[26]},\"index\":[42,43,44,45,46,47,48,49,50,51,56,57,58,59,60,61,62,63,64,65,66,67,74,75,82,83],\"y_index\":[4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4]},\"selected\":{\"id\":\"4947\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4946\",\"type\":\"UnionRenderers\"}},\"id\":\"4753\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"4947\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"4982\",\"type\":\"YearsTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\"],\"IPAddress\":[\"131.107.174.181\",\"131.107.159.181\",\"131.107.160.181\",\"131.107.160.77\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"167.220.2.105\",\"131.107.160.77\",\"131.107.160.77\",\"131.107.160.77\",\"131.107.159.205\",\"167.220.2.123\",\"167.220.2.123\",\"131.107.159.143\",\"131.107.159.205\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.174.205\",\"131.107.174.205\",\"131.107.160.205\",\"131.107.174.205\",\"131.107.160.205\",\"50.35.65.178\",\"131.107.159.205\",\"50.35.65.178\",\"131.107.160.77\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ADB9RZ7hdkIAYGtXnuF2QgDgx4Ge4XZCAHCWiwHddkIAkHWp9tx2QgAAwqf23HZCAOAAtvXcdkIAMJs5Ed12QgCQ5zxl3XZCADDhVGXddkIAUOJSZd12QgDAO06l3XZCAJAjrKXddkIAkIKqpd12QgDA272o3XZCACAUTaXddkIAsBt+wtx2QgCA0X3C3HZCAAB0fcLcdkIAQNtlrt12QgBwWKeu3XZCAFByK7fddkIAUPulrt12QgCQfpT43XZCAJCHFgHgdkIAoPw4Qd92QgDwg+Np33ZCALBXuZffdkI=\",\"dtype\":\"float64\",\"shape\":[28]},\"index\":[0,1,2,17,18,19,20,21,22,23,24,29,30,31,32,33,36,37,39,40,41,42,43,44,45,51,52,53],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"4941\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"4940\",\"type\":\"UnionRenderers\"}},\"id\":\"4750\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4887\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#38578C\"},\"line_color\":{\"value\":\"#38578C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4829\",\"type\":\"Circle\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4958\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"source\":{\"id\":\"4751\",\"type\":\"ColumnDataSource\"}},\"id\":\"4884\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4830\",\"type\":\"Circle\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4959\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4752\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4829\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4830\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"4832\",\"type\":\"CDSView\"}},\"id\":\"4831\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#38578C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#38578C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4886\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"4752\",\"type\":\"ColumnDataSource\"}},\"id\":\"4832\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4960\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"4946\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"4752\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"4886\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4887\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"4889\",\"type\":\"CDSView\"}},\"id\":\"4888\",\"type\":\"GlyphRenderer\"}],\"root_ids\":[\"4931\"]},\"title\":\"Bokeh Application\",\"version\":\"1.3.4\"}};\n",
       "  var render_items = [{\"docid\":\"bfd39c5b-3dfa-4bc2-814a-6d1d9016f0f7\",\"roots\":{\"4931\":\"83c37f65-ba3f-4d6e-811a-1c71506e709f\"}}];\n",
       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
       "\n",
       "  }\n",
       "  if (root.Bokeh !== undefined) {\n",
       "    embed_document(root);\n",
       "  } else {\n",
       "    var attempts = 0;\n",
       "    var timer = setInterval(function(root) {\n",
       "      if (root.Bokeh !== undefined) {\n",
       "        embed_document(root);\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "      attempts++;\n",
       "      if (attempts > 100) {\n",
       "        console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "    }, 10, root)\n",
       "  }\n",
       "})(window);"
      ],
      "application/vnd.bokehjs_exec.v0+json": ""
     },
     "metadata": {
      "application/vnd.bokehjs_exec.v0+json": {
       "id": "4931"
      }
     },
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "    <div class=\"bk-root\">\n",
       "        <a href=\"https://bokeh.pydata.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
       "        <span id=\"5316\">Loading BokehJS ...</span>\n",
       "    </div>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "\n",
       "(function(root) {\n",
       "  function now() {\n",
       "    return new Date();\n",
       "  }\n",
       "\n",
       "  var force = true;\n",
       "\n",
       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
       "    root._bokeh_onload_callbacks = [];\n",
       "    root._bokeh_is_loading = undefined;\n",
       "  }\n",
       "\n",
       "  var JS_MIME_TYPE = 'application/javascript';\n",
       "  var HTML_MIME_TYPE = 'text/html';\n",
       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
       "\n",
       "  /**\n",
       "   * Render data to the DOM node\n",
       "   */\n",
       "  function render(props, node) {\n",
       "    var script = document.createElement(\"script\");\n",
       "    node.appendChild(script);\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when an output is cleared or removed\n",
       "   */\n",
       "  function handleClearOutput(event, handle) {\n",
       "    var cell = handle.cell;\n",
       "\n",
       "    var id = cell.output_area._bokeh_element_id;\n",
       "    var server_id = cell.output_area._bokeh_server_id;\n",
       "    // Clean up Bokeh references\n",
       "    if (id != null && id in Bokeh.index) {\n",
       "      Bokeh.index[id].model.document.clear();\n",
       "      delete Bokeh.index[id];\n",
       "    }\n",
       "\n",
       "    if (server_id !== undefined) {\n",
       "      // Clean up Bokeh references\n",
       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
       "      cell.notebook.kernel.execute(cmd, {\n",
       "        iopub: {\n",
       "          output: function(msg) {\n",
       "            var id = msg.content.text.trim();\n",
       "            if (id in Bokeh.index) {\n",
       "              Bokeh.index[id].model.document.clear();\n",
       "              delete Bokeh.index[id];\n",
       "            }\n",
       "          }\n",
       "        }\n",
       "      });\n",
       "      // Destroy server and session\n",
       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
       "      cell.notebook.kernel.execute(cmd);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when a new output is added\n",
       "   */\n",
       "  function handleAddOutput(event, handle) {\n",
       "    var output_area = handle.output_area;\n",
       "    var output = handle.output;\n",
       "\n",
       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
       "      return\n",
       "    }\n",
       "\n",
       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
       "\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
       "      // store reference to embed id on output_area\n",
       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
       "    }\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
       "      var bk_div = document.createElement(\"div\");\n",
       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
       "      var script_attrs = bk_div.children[0].attributes;\n",
       "      for (var i = 0; i < script_attrs.length; i++) {\n",
       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
       "      }\n",
       "      // store reference to server id on output_area\n",
       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
       "    }\n",
       "  }\n",
       "\n",
       "  function register_renderer(events, OutputArea) {\n",
       "\n",
       "    function append_mime(data, metadata, element) {\n",
       "      // create a DOM node to render to\n",
       "      var toinsert = this.create_output_subarea(\n",
       "        metadata,\n",
       "        CLASS_NAME,\n",
       "        EXEC_MIME_TYPE\n",
       "      );\n",
       "      this.keyboard_manager.register_events(toinsert);\n",
       "      // Render to node\n",
       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
       "      render(props, toinsert[toinsert.length - 1]);\n",
       "      element.append(toinsert);\n",
       "      return toinsert\n",
       "    }\n",
       "\n",
       "    /* Handle when an output is cleared or removed */\n",
       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
       "    events.on('delete.Cell', handleClearOutput);\n",
       "\n",
       "    /* Handle when a new output is added */\n",
       "    events.on('output_added.OutputArea', handleAddOutput);\n",
       "\n",
       "    /**\n",
       "     * Register the mime type and append_mime function with output_area\n",
       "     */\n",
       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
       "      /* Is output safe? */\n",
       "      safe: true,\n",
       "      /* Index of renderer in `output_area.display_order` */\n",
       "      index: 0\n",
       "    });\n",
       "  }\n",
       "\n",
       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
       "  if (root.Jupyter !== undefined) {\n",
       "    var events = require('base/js/events');\n",
       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
       "\n",
       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
       "      register_renderer(events, OutputArea);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  \n",
       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
       "    root._bokeh_timeout = Date.now() + 5000;\n",
       "    root._bokeh_failed_load = false;\n",
       "  }\n",
       "\n",
       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
       "     \"<div style='background-color: #fdd'>\\n\"+\n",
       "     \"<p>\\n\"+\n",
       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
       "     \"</p>\\n\"+\n",
       "     \"<ul>\\n\"+\n",
       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
       "     \"</ul>\\n\"+\n",
       "     \"<code>\\n\"+\n",
       "     \"from bokeh.resources import INLINE\\n\"+\n",
       "     \"output_notebook(resources=INLINE)\\n\"+\n",
       "     \"</code>\\n\"+\n",
       "     \"</div>\"}};\n",
       "\n",
       "  function display_loaded() {\n",
       "    var el = document.getElementById(\"5316\");\n",
       "    if (el != null) {\n",
       "      el.textContent = \"BokehJS is loading...\";\n",
       "    }\n",
       "    if (root.Bokeh !== undefined) {\n",
       "      if (el != null) {\n",
       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
       "      }\n",
       "    } else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(display_loaded, 100)\n",
       "    }\n",
       "  }\n",
       "\n",
       "\n",
       "  function run_callbacks() {\n",
       "    try {\n",
       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
       "        if (callback != null)\n",
       "          callback();\n",
       "      });\n",
       "    } finally {\n",
       "      delete root._bokeh_onload_callbacks\n",
       "    }\n",
       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
       "  }\n",
       "\n",
       "  function load_libs(css_urls, js_urls, callback) {\n",
       "    if (css_urls == null) css_urls = [];\n",
       "    if (js_urls == null) js_urls = [];\n",
       "\n",
       "    root._bokeh_onload_callbacks.push(callback);\n",
       "    if (root._bokeh_is_loading > 0) {\n",
       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
       "      return null;\n",
       "    }\n",
       "    if (js_urls == null || js_urls.length === 0) {\n",
       "      run_callbacks();\n",
       "      return null;\n",
       "    }\n",
       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
       "\n",
       "    function on_load() {\n",
       "      root._bokeh_is_loading--;\n",
       "      if (root._bokeh_is_loading === 0) {\n",
       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
       "        run_callbacks()\n",
       "      }\n",
       "    }\n",
       "\n",
       "    function on_error() {\n",
       "      console.error(\"failed to load \" + url);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < css_urls.length; i++) {\n",
       "      var url = css_urls[i];\n",
       "      const element = document.createElement(\"link\");\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.rel = \"stylesheet\";\n",
       "      element.type = \"text/css\";\n",
       "      element.href = url;\n",
       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
       "      document.body.appendChild(element);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < js_urls.length; i++) {\n",
       "      var url = js_urls[i];\n",
       "      var element = document.createElement('script');\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.async = false;\n",
       "      element.src = url;\n",
       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
       "      document.head.appendChild(element);\n",
       "    }\n",
       "  };var element = document.getElementById(\"5316\");\n",
       "  if (element == null) {\n",
       "    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '5316' but no matching script tag was found. \")\n",
       "    return false;\n",
       "  }\n",
       "\n",
       "  function inject_raw_css(css) {\n",
       "    const element = document.createElement(\"style\");\n",
       "    element.appendChild(document.createTextNode(css));\n",
       "    document.body.appendChild(element);\n",
       "  }\n",
       "\n",
       "  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n",
       "  var css_urls = [];\n",
       "\n",
       "  var inline_js = [\n",
       "    function(Bokeh) {\n",
       "      Bokeh.set_log_level(\"info\");\n",
       "    },\n",
       "    \n",
       "    function(Bokeh) {\n",
       "      \n",
       "    },\n",
       "    function(Bokeh) {} // ensure no trailing comma for IE\n",
       "  ];\n",
       "\n",
       "  function run_inline_js() {\n",
       "    \n",
       "    if ((root.Bokeh !== undefined) || (force === true)) {\n",
       "      for (var i = 0; i < inline_js.length; i++) {\n",
       "        inline_js[i].call(root, root.Bokeh);\n",
       "      }if (force === true) {\n",
       "        display_loaded();\n",
       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(run_inline_js, 100);\n",
       "    } else if (!root._bokeh_failed_load) {\n",
       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
       "      root._bokeh_failed_load = true;\n",
       "    } else if (force !== true) {\n",
       "      var cell = $(document.getElementById(\"5316\")).parents('.cell').data().cell;\n",
       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
       "    }\n",
       "\n",
       "  }\n",
       "\n",
       "  if (root._bokeh_is_loading === 0) {\n",
       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
       "    run_inline_js();\n",
       "  } else {\n",
       "    load_libs(css_urls, js_urls, function() {\n",
       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
       "      run_inline_js();\n",
       "    });\n",
       "  }\n",
       "}(window));"
      ],
      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"5316\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"5316\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '5316' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"5316\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "  <div class=\"bk-root\" id=\"17b77c10-0ad5-4883-bfd9-d8647a0044a3\" data-root-id=\"5955\"></div>\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "(function(root) {\n",
       "  function embed_document(root) {\n",
       "    \n",
       "  var docs_json = {\"2fedad96-5d65-49ab-9fde-0178587cc094\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"5366\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"5399\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"5955\",\"type\":\"Column\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5748\",\"type\":\"Diamond\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"5383\",\"type\":\"BasicTicker\"}},\"id\":\"5386\",\"type\":\"Grid\"},{\"attributes\":{\"data_source\":{\"id\":\"5328\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5475\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5476\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5478\",\"type\":\"CDSView\"}},\"id\":\"5477\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5591\",\"type\":\"Circle\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"5365\",\"type\":\"HoverTool\"},{\"id\":\"5387\",\"type\":\"WheelZoomTool\"},{\"id\":\"5388\",\"type\":\"BoxZoomTool\"},{\"id\":\"5389\",\"type\":\"ResetTool\"},{\"id\":\"5390\",\"type\":\"SaveTool\"},{\"id\":\"5391\",\"type\":\"PanTool\"}]},\"id\":\"5392\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"5351\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5590\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5591\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5593\",\"type\":\"CDSView\"}},\"id\":\"5592\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#365A8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#365A8C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5747\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5476\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5408\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"5343\",\"type\":\"ColumnDataSource\"}},\"id\":\"5800\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5333\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5747\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5748\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5750\",\"type\":\"CDSView\"}},\"id\":\"5749\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"5959\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"5383\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"5382\",\"type\":\"LinearAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5678\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5318\",\"type\":\"ColumnDataSource\"}},\"id\":\"5675\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5436\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5383\",\"type\":\"BasicTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#460E61\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#460E61\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5677\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5362\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5892\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5893\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5895\",\"type\":\"CDSView\"}},\"id\":\"5894\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"end\":1572953212689.3,\"start\":1568095196692.7},\"id\":\"5402\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"5328\",\"type\":\"ColumnDataSource\"}},\"id\":\"5478\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5351\",\"type\":\"ColumnDataSource\"}},\"id\":\"5593\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5753\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5319\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5677\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5678\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5680\",\"type\":\"CDSView\"}},\"id\":\"5679\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"5400\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"5333\",\"type\":\"ColumnDataSource\"}},\"id\":\"5750\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#3F4788\"},\"line_color\":{\"value\":\"#3F4788\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5480\",\"type\":\"Circle\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"5659\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"5659\",\"type\":\"RangeTool\"}]},\"id\":\"5415\",\"type\":\"Toolbar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5481\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"5338\",\"type\":\"ColumnDataSource\"}},\"id\":\"5528\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5596\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null},\"id\":\"5404\",\"type\":\"DataRange1d\"},{\"attributes\":{\"data_source\":{\"id\":\"5329\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5480\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5481\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5483\",\"type\":\"CDSView\"}},\"id\":\"5482\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5352\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5595\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5596\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5598\",\"type\":\"CDSView\"}},\"id\":\"5597\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#345F8D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#345F8D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5752\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5362\",\"type\":\"ColumnDataSource\"}},\"id\":\"5895\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"IPAddress\",\"@IPAddress\"],[\"AppResourceProvider\",\"@AppResourceProvider\"],[\"Operation\",\"@Operation\"]]},\"id\":\"5365\",\"type\":\"HoverTool\"},{\"attributes\":{\"ticker\":{\"id\":\"5411\",\"type\":\"DatetimeTicker\"}},\"id\":\"5414\",\"type\":\"Grid\"},{\"attributes\":{\"data_source\":{\"id\":\"5334\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5752\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5753\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5755\",\"type\":\"CDSView\"}},\"id\":\"5754\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5683\",\"type\":\"Diamond\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5387\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"5319\",\"type\":\"ColumnDataSource\"}},\"id\":\"5680\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5336\",\"type\":\"ColumnDataSource\"}},\"id\":\"5518\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5357\",\"type\":\"ColumnDataSource\"}},\"id\":\"5623\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5319\",\"type\":\"ColumnDataSource\"}},\"id\":\"5433\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#471466\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#471466\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5682\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5329\",\"type\":\"ColumnDataSource\"}},\"id\":\"5483\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5352\",\"type\":\"ColumnDataSource\"}},\"id\":\"5598\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5326\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5712\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5713\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5715\",\"type\":\"CDSView\"}},\"id\":\"5714\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5758\",\"type\":\"Diamond\"},{\"attributes\":{\"overlay\":{\"id\":\"6070\",\"type\":\"BoxAnnotation\"}},\"id\":\"5388\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#3D4C89\"},\"line_color\":{\"value\":\"#3D4C89\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5485\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2BB17D\"},\"line_color\":{\"value\":\"#2BB17D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5600\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5320\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5682\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5683\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5685\",\"type\":\"CDSView\"}},\"id\":\"5684\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5334\",\"type\":\"ColumnDataSource\"}},\"id\":\"5755\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"199.249.230.111\",\"199.249.230.111\",\"199.249.230.111\",\"199.249.230.111\",\"199.249.230.111\",\"199.249.230.111\",\"199.249.230.111\",\"199.249.230.111\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAD0Q6/UdkIAgLVDr9R2QgAA9EOv1HZCAIC1Q6/UdkIAgDJEr9R2QgAAcUSv1HZCAAD0Q6/UdkIAgLVDr9R2Qg==\",\"dtype\":\"float64\",\"shape\":[8]},\"index\":[599,600,621,622,627,632,634,647],\"y_index\":[29,29,29,29,29,29,29,29]},\"selected\":{\"id\":\"6021\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6020\",\"type\":\"UnionRenderers\"}},\"id\":\"5346\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5486\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5330\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5485\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5486\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5488\",\"type\":\"CDSView\"}},\"id\":\"5487\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5353\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5600\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5601\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5603\",\"type\":\"CDSView\"}},\"id\":\"5602\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5389\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5446\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#32638D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#32638D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5757\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"5390\",\"type\":\"SaveTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#25828E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#25828E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5792\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"5406\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"5325\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5707\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5708\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5710\",\"type\":\"CDSView\"}},\"id\":\"5709\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5335\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5757\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5758\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5760\",\"type\":\"CDSView\"}},\"id\":\"5759\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5688\",\"type\":\"Diamond\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5391\",\"type\":\"PanTool\"},{\"attributes\":{\"source\":{\"id\":\"5320\",\"type\":\"ColumnDataSource\"}},\"id\":\"5685\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5337\",\"type\":\"ColumnDataSource\"}},\"id\":\"5523\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5330\",\"type\":\"ColumnDataSource\"}},\"id\":\"5488\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5353\",\"type\":\"ColumnDataSource\"}},\"id\":\"5603\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#481A6C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#481A6C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5687\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5341\",\"type\":\"ColumnDataSource\"}},\"id\":\"5790\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#460E61\"},\"line_color\":{\"value\":\"#460E61\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5430\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#3B518A\"},\"line_color\":{\"value\":\"#3B518A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5490\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#32B57A\"},\"line_color\":{\"value\":\"#32B57A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5605\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5763\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5491\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5606\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5321\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5687\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5688\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5690\",\"type\":\"CDSView\"}},\"id\":\"5689\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5331\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5490\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5491\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5493\",\"type\":\"CDSView\"}},\"id\":\"5492\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5335\",\"type\":\"ColumnDataSource\"}},\"id\":\"5760\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#51C468\"},\"line_color\":{\"value\":\"#51C468\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5625\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5626\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#30688D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#30688D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5762\",\"type\":\"Diamond\"},{\"attributes\":{\"below\":[{\"id\":\"5377\",\"type\":\"DatetimeAxis\"}],\"center\":[{\"id\":\"5381\",\"type\":\"Grid\"},{\"id\":\"5386\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"5382\",\"type\":\"LinearAxis\"},{\"id\":\"5906\",\"type\":\"Legend\"}],\"min_border_left\":50,\"plot_height\":1200,\"plot_width\":900,\"renderers\":[{\"id\":\"5669\",\"type\":\"GlyphRenderer\"},{\"id\":\"5674\",\"type\":\"GlyphRenderer\"},{\"id\":\"5679\",\"type\":\"GlyphRenderer\"},{\"id\":\"5684\",\"type\":\"GlyphRenderer\"},{\"id\":\"5689\",\"type\":\"GlyphRenderer\"},{\"id\":\"5694\",\"type\":\"GlyphRenderer\"},{\"id\":\"5699\",\"type\":\"GlyphRenderer\"},{\"id\":\"5704\",\"type\":\"GlyphRenderer\"},{\"id\":\"5709\",\"type\":\"GlyphRenderer\"},{\"id\":\"5714\",\"type\":\"GlyphRenderer\"},{\"id\":\"5719\",\"type\":\"GlyphRenderer\"},{\"id\":\"5724\",\"type\":\"GlyphRenderer\"},{\"id\":\"5729\",\"type\":\"GlyphRenderer\"},{\"id\":\"5734\",\"type\":\"GlyphRenderer\"},{\"id\":\"5739\",\"type\":\"GlyphRenderer\"},{\"id\":\"5744\",\"type\":\"GlyphRenderer\"},{\"id\":\"5749\",\"type\":\"GlyphRenderer\"},{\"id\":\"5754\",\"type\":\"GlyphRenderer\"},{\"id\":\"5759\",\"type\":\"GlyphRenderer\"},{\"id\":\"5764\",\"type\":\"GlyphRenderer\"},{\"id\":\"5769\",\"type\":\"GlyphRenderer\"},{\"id\":\"5774\",\"type\":\"GlyphRenderer\"},{\"id\":\"5779\",\"type\":\"GlyphRenderer\"},{\"id\":\"5784\",\"type\":\"GlyphRenderer\"},{\"id\":\"5789\",\"type\":\"GlyphRenderer\"},{\"id\":\"5794\",\"type\":\"GlyphRenderer\"},{\"id\":\"5799\",\"type\":\"GlyphRenderer\"},{\"id\":\"5804\",\"type\":\"GlyphRenderer\"},{\"id\":\"5809\",\"type\":\"GlyphRenderer\"},{\"id\":\"5814\",\"type\":\"GlyphRenderer\"},{\"id\":\"5819\",\"type\":\"GlyphRenderer\"},{\"id\":\"5824\",\"type\":\"GlyphRenderer\"},{\"id\":\"5829\",\"type\":\"GlyphRenderer\"},{\"id\":\"5834\",\"type\":\"GlyphRenderer\"},{\"id\":\"5839\",\"type\":\"GlyphRenderer\"},{\"id\":\"5844\",\"type\":\"GlyphRenderer\"},{\"id\":\"5849\",\"type\":\"GlyphRenderer\"},{\"id\":\"5854\",\"type\":\"GlyphRenderer\"},{\"id\":\"5859\",\"type\":\"GlyphRenderer\"},{\"id\":\"5864\",\"type\":\"GlyphRenderer\"},{\"id\":\"5869\",\"type\":\"GlyphRenderer\"},{\"id\":\"5874\",\"type\":\"GlyphRenderer\"},{\"id\":\"5879\",\"type\":\"GlyphRenderer\"},{\"id\":\"5884\",\"type\":\"GlyphRenderer\"},{\"id\":\"5889\",\"type\":\"GlyphRenderer\"},{\"id\":\"5894\",\"type\":\"GlyphRenderer\"},{\"id\":\"5899\",\"type\":\"GlyphRenderer\"},{\"id\":\"5904\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"5367\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"5392\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"5369\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"5373\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"5371\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"5375\",\"type\":\"LinearScale\"}},\"id\":\"5366\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"data_source\":{\"id\":\"5357\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5620\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5621\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5623\",\"type\":\"CDSView\"}},\"id\":\"5622\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5358\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5625\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5626\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5628\",\"type\":\"CDSView\"}},\"id\":\"5627\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"5417\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"5411\",\"type\":\"DatetimeTicker\"}},\"id\":\"5410\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"fill_color\":{\"value\":\"#49C16D\"},\"line_color\":{\"value\":\"#49C16D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5620\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5336\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5762\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5763\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5765\",\"type\":\"CDSView\"}},\"id\":\"5764\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5959\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"source\":{\"id\":\"5321\",\"type\":\"ColumnDataSource\"}},\"id\":\"5690\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5331\",\"type\":\"ColumnDataSource\"}},\"id\":\"5493\",\"type\":\"CDSView\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"6071\",\"type\":\"AdaptiveTicker\"},{\"id\":\"6072\",\"type\":\"AdaptiveTicker\"},{\"id\":\"6073\",\"type\":\"AdaptiveTicker\"},{\"id\":\"6074\",\"type\":\"DaysTicker\"},{\"id\":\"6075\",\"type\":\"DaysTicker\"},{\"id\":\"6076\",\"type\":\"DaysTicker\"},{\"id\":\"6077\",\"type\":\"DaysTicker\"},{\"id\":\"6078\",\"type\":\"MonthsTicker\"},{\"id\":\"6079\",\"type\":\"MonthsTicker\"},{\"id\":\"6080\",\"type\":\"MonthsTicker\"},{\"id\":\"6081\",\"type\":\"MonthsTicker\"},{\"id\":\"6082\",\"type\":\"YearsTicker\"}]},\"id\":\"5411\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5713\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5693\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#38568B\"},\"line_color\":{\"value\":\"#38568B\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5495\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5417\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5496\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5317\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5420\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5421\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5423\",\"type\":\"CDSView\"}},\"id\":\"5422\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5332\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5495\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5496\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5498\",\"type\":\"CDSView\"}},\"id\":\"5497\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#482071\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#482071\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5692\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5768\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#453681\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#453681\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5712\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5336\",\"type\":\"ColumnDataSource\"}},\"id\":\"5765\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#482071\"},\"line_color\":{\"value\":\"#482071\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5445\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"5358\",\"type\":\"ColumnDataSource\"}},\"id\":\"5628\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5431\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#30688D\"},\"line_color\":{\"value\":\"#30688D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5515\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#5BC862\"},\"line_color\":{\"value\":\"#5BC862\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5630\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5322\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5692\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5693\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5695\",\"type\":\"CDSView\"}},\"id\":\"5694\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2E6D8E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2E6D8E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5767\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5421\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5631\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5336\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5515\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5516\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5518\",\"type\":\"CDSView\"}},\"id\":\"5517\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5359\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5630\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5631\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5633\",\"type\":\"CDSView\"}},\"id\":\"5632\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"185.4.132.135\",\"185.4.132.135\",\"185.4.132.135\",\"185.4.132.135\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ANDTlljWdkIA0NOWWNZ2QgAQ75dY1nZCABDvl1jWdkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[64,65,66,67],\"y_index\":[27,27,27,27]},\"selected\":{\"id\":\"6017\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6016\",\"type\":\"UnionRenderers\"}},\"id\":\"5344\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"5337\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5767\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5768\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5770\",\"type\":\"CDSView\"}},\"id\":\"5769\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#433C84\"},\"line_color\":{\"value\":\"#433C84\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5470\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"5332\",\"type\":\"ColumnDataSource\"}},\"id\":\"5498\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5325\",\"type\":\"ColumnDataSource\"}},\"id\":\"5710\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5420\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#365A8C\"},\"line_color\":{\"value\":\"#365A8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5500\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5319\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5430\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5431\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5433\",\"type\":\"CDSView\"}},\"id\":\"5432\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5327\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5470\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5471\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5473\",\"type\":\"CDSView\"}},\"id\":\"5472\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5322\",\"type\":\"ColumnDataSource\"}},\"id\":\"5695\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5501\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5333\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5500\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5501\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5503\",\"type\":\"CDSView\"}},\"id\":\"5502\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5698\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"23.129.64.193\",\"23.129.64.193\",\"23.129.64.193\",\"23.129.64.193\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AIBWKzzXdkIAEOUsPNd2QgCAVis813ZCABDlLDzXdkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[3,4,5,6],\"y_index\":[36,36,36,36]},\"selected\":{\"id\":\"6035\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6034\",\"type\":\"UnionRenderers\"}},\"id\":\"5353\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5359\",\"type\":\"ColumnDataSource\"}},\"id\":\"5633\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#472676\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#472676\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5697\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5773\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5337\",\"type\":\"ColumnDataSource\"}},\"id\":\"5770\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5471\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5516\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#64CB5D\"},\"line_color\":{\"value\":\"#64CB5D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5635\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"5317\",\"type\":\"ColumnDataSource\"}},\"id\":\"5423\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5636\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5360\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5635\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5636\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5638\",\"type\":\"CDSView\"}},\"id\":\"5637\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5718\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2C718E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2C718E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5772\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5341\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5787\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5788\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5790\",\"type\":\"CDSView\"}},\"id\":\"5789\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5326\",\"type\":\"ColumnDataSource\"}},\"id\":\"5715\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5506\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5521\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5343\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5797\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5798\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5800\",\"type\":\"CDSView\"}},\"id\":\"5799\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5333\",\"type\":\"ColumnDataSource\"}},\"id\":\"5503\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#70CE56\"},\"line_color\":{\"value\":\"#70CE56\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5640\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5338\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5772\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5773\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5775\",\"type\":\"CDSView\"}},\"id\":\"5774\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5337\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5520\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5521\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5523\",\"type\":\"CDSView\"}},\"id\":\"5522\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5324\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5702\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5703\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5705\",\"type\":\"CDSView\"}},\"id\":\"5704\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#414286\"},\"line_color\":{\"value\":\"#414286\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5475\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#345F8D\"},\"line_color\":{\"value\":\"#345F8D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5505\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5334\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5505\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5506\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5508\",\"type\":\"CDSView\"}},\"id\":\"5507\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5703\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#433C84\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#433C84\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5717\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5327\",\"type\":\"ColumnDataSource\"}},\"id\":\"5473\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5338\",\"type\":\"ColumnDataSource\"}},\"id\":\"5775\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5360\",\"type\":\"ColumnDataSource\"}},\"id\":\"5638\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ANAhqZPWdkIA0CGpk9Z2QgCgwKeT1nZCAKDAp5PWdkIAMCBw4dd2QgAwIHDh13ZC\",\"dtype\":\"float64\",\"shape\":[6]},\"index\":[58,59,60,61,68,69],\"y_index\":[2,2,2,2,2,2]},\"selected\":{\"id\":\"5967\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5966\",\"type\":\"UnionRenderers\"}},\"id\":\"5319\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\"],\"Operation\":[\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"ListCreated\",\"FileAccessed\",\"SearchQueryPerformed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\"],\"TimeGenerated\":{\"__ndarray__\":\"AACGp1XUdkIAAAmnVdR2QgAACadV1HZCAIBHp1XUdkIAgEenVdR2QgAACadV1HZCAIDKplXUdkIAgEenVdR2QgAACadV1HZCAIDKplXUdkIAgEGoVdR2QgCAR6dV1HZCAIDKplXUdkIAgEGoVdR2QgAACadV1HZCAIBHp1XUdkIAgE2mVdR2QgAA6y5V1HZCAAB/QFXUdkIAgEBAVdR2QgAACadV1HZCAIBHp1XUdkIAgMqmVdR2QgAAhqdV1HZCAAAJp1XUdkIAgMqmVdR2Qg==\",\"dtype\":\"float64\",\"shape\":[26]},\"index\":[335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,366,368,369,376,377,378,379,380,381],\"y_index\":[23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23]},\"selected\":{\"id\":\"6009\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6008\",\"type\":\"UnionRenderers\"}},\"id\":\"5340\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5531\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\"],\"IPAddress\":[\"131.107.160.205\",\"131.107.160.205\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AFByK7fddkIAkH6U+N12Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[42,44],\"y_index\":[10,10]},\"selected\":{\"id\":\"5983\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5982\",\"type\":\"UnionRenderers\"}},\"id\":\"5327\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"40.126.9.49\",\"40.126.9.49\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAtLVzddkIAAC0tXN12Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[314,316],\"y_index\":[38,38]},\"selected\":{\"id\":\"6039\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6038\",\"type\":\"UnionRenderers\"}},\"id\":\"5355\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"O365 Suite UX\",\"O365 Suite UX\",\"Office 365 SharePoint Online\",\"O365 Suite UX\",\"O365 Suite UX\",\"Office 365 SharePoint Online\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AFDxPa/UdkIAUPE9r9R2QgBQB1qv1HZCAGDnPq/UdkIAYOc+r9R2QgBQB1qv1HZCADAldf7UdkIAEIt2/tR2QgAQi3b+1HZCADAldf7UdkIAAL17/tR2QgAAvXv+1HZCAAC9e/7UdkIAAL17/tR2QgAAvXv+1HZCAAC9e/7UdkIAAL17/tR2Qg==\",\"dtype\":\"float64\",\"shape\":[17]},\"index\":[11,12,13,14,15,16,54,55,56,57,662,663,664,668,670,671,673],\"y_index\":[3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3]},\"selected\":{\"id\":\"5969\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5968\",\"type\":\"UnionRenderers\"}},\"id\":\"5320\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5461\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#46317E\"},\"line_color\":{\"value\":\"#46317E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5460\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"5318\",\"type\":\"ColumnDataSource\"}},\"id\":\"5428\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\"],\"IPAddress\":[\"131.107.160.181\"],\"Operation\":[\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AODHgZ7hdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[2],\"y_index\":[9]},\"selected\":{\"id\":\"5981\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5980\",\"type\":\"UnionRenderers\"}},\"id\":\"5326\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"40.126.9.50\",\"40.126.9.50\",\"40.126.9.50\",\"40.126.9.50\",\"40.126.9.50\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AICBsbLTdkIAAEmwstN2QgAASbCy03ZCAICBsbLTdkIAgIGxstN2Qg==\",\"dtype\":\"float64\",\"shape\":[5]},\"index\":[130,188,189,190,191],\"y_index\":[39,39,39,39,39]},\"selected\":{\"id\":\"6041\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6040\",\"type\":\"UnionRenderers\"}},\"id\":\"5356\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5778\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#79D151\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#79D151\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5892\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#208F8C\"},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5560\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2A768E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2A768E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5777\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5853\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5561\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5345\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5560\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5561\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5563\",\"type\":\"CDSView\"}},\"id\":\"5562\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5353\",\"type\":\"ColumnDataSource\"}},\"id\":\"5850\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5339\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5777\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5778\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5780\",\"type\":\"CDSView\"}},\"id\":\"5779\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#32B57A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#32B57A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5852\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#39B976\"},\"line_color\":{\"value\":\"#39B976\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5610\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#64CB5D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#64CB5D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5882\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5355\",\"type\":\"ColumnDataSource\"}},\"id\":\"5613\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5354\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5852\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5853\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5855\",\"type\":\"CDSView\"}},\"id\":\"5854\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"185.220.101.48\",\"185.220.101.48\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ACAkFebWdkIAICQV5tZ2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[7,10],\"y_index\":[24,24]},\"selected\":{\"id\":\"6011\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6010\",\"type\":\"UnionRenderers\"}},\"id\":\"5341\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5345\",\"type\":\"ColumnDataSource\"}},\"id\":\"5563\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5783\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5339\",\"type\":\"ColumnDataSource\"}},\"id\":\"5780\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1F948B\"},\"line_color\":{\"value\":\"#1F948B\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5565\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5566\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5346\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5565\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5566\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5568\",\"type\":\"CDSView\"}},\"id\":\"5567\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#287A8E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#287A8E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5782\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5858\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5344\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5802\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5803\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5805\",\"type\":\"CDSView\"}},\"id\":\"5804\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5354\",\"type\":\"ColumnDataSource\"}},\"id\":\"5855\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5340\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5782\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5783\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5785\",\"type\":\"CDSView\"}},\"id\":\"5784\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#39B976\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#39B976\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5857\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5359\",\"type\":\"ColumnDataSource\"}},\"id\":\"5880\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5611\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5355\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5857\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5858\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5860\",\"type\":\"CDSView\"}},\"id\":\"5859\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5346\",\"type\":\"ColumnDataSource\"}},\"id\":\"5568\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5788\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1E988A\"},\"line_color\":{\"value\":\"#1E988A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5570\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"5340\",\"type\":\"ColumnDataSource\"}},\"id\":\"5785\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5571\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5347\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5570\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5571\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5573\",\"type\":\"CDSView\"}},\"id\":\"5572\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5883\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#277E8E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#277E8E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5787\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5863\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5803\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5355\",\"type\":\"ColumnDataSource\"}},\"id\":\"5860\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5808\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#40BD72\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#40BD72\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5862\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5344\",\"type\":\"ColumnDataSource\"}},\"id\":\"5805\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5347\",\"type\":\"ColumnDataSource\"}},\"id\":\"5573\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5356\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5862\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5863\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5865\",\"type\":\"CDSView\"}},\"id\":\"5864\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1E9C89\"},\"line_color\":{\"value\":\"#1E9C89\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5575\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\",\"Azure Portal\"],\"IPAddress\":[\"131.107.159.205\",\"131.107.159.205\",\"131.107.159.205\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AMA7TqXddkIAIBRNpd12QgCg/DhB33ZC\",\"dtype\":\"float64\",\"shape\":[3]},\"index\":[29,33,51],\"y_index\":[8,8,8]},\"selected\":{\"id\":\"5979\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5978\",\"type\":\"UnionRenderers\"}},\"id\":\"5325\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#208F8C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5807\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5576\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5348\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5575\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5576\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5578\",\"type\":\"CDSView\"}},\"id\":\"5577\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5345\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5807\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5808\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5810\",\"type\":\"CDSView\"}},\"id\":\"5809\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5868\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Notebooks\",\"Azure Notebooks\",\"Azure Portal\",\"Azure Portal\",\"Azure Notebooks\",\"Azure Portal\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\"],\"IPAddress\":[\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Create Saved Search\",\"Create Saved Search\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\"],\"TimeGenerated\":{\"__ndarray__\":\"AKC/g8LcdkIAgMWEwtx2QgCwG37C3HZCAIDRfcLcdkIAsACEwtx2QgAAdH3C3HZCACCF5hHddkIAQGrmEd12QgAwS9kR3XZCADAy2RHddkIAoM/XEd12QgAwrtcR3XZCAPDR1hHddkIAsLLWEd12QgAQbtUR3XZCACAx1RHddkIAMAFCFd12QgAQ1kEV3XZCAOAvHRXddkIAMBMdFd12QgDQYgcV3XZCAPAoBxXddkIAkPQDFd12QgBwoQMV3XZCADBj0x3ddkIAoBvTHd12QgDA/fEd3XZCALDg8R3ddkIAMGeCHd12QgCAMIId3XZCAAATdx3ddkIAUPp2Hd12QgCgRXUd3XZCAPAOdR3ddkIAMPNsHd12QgAwvGwd3XZC\",\"dtype\":\"float64\",\"shape\":[36]},\"index\":[34,35,36,37,38,39,42,43,44,45,46,47,48,49,50,51,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93],\"y_index\":[4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4]},\"selected\":{\"id\":\"5971\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5970\",\"type\":\"UnionRenderers\"}},\"id\":\"5321\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5356\",\"type\":\"ColumnDataSource\"}},\"id\":\"5865\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5354\",\"type\":\"ColumnDataSource\"}},\"id\":\"5608\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#49C16D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#49C16D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5867\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5361\",\"type\":\"ColumnDataSource\"}},\"id\":\"5890\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5348\",\"type\":\"ColumnDataSource\"}},\"id\":\"5578\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5813\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5357\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5867\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5868\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5870\",\"type\":\"CDSView\"}},\"id\":\"5869\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5345\",\"type\":\"ColumnDataSource\"}},\"id\":\"5810\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1EA087\"},\"line_color\":{\"value\":\"#1EA087\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5580\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5581\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5349\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5580\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5581\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5583\",\"type\":\"CDSView\"}},\"id\":\"5582\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#1F948B\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#1F948B\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5812\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5354\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5605\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5606\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5608\",\"type\":\"CDSView\"}},\"id\":\"5607\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5346\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5812\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5813\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5815\",\"type\":\"CDSView\"}},\"id\":\"5814\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5873\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5357\",\"type\":\"ColumnDataSource\"}},\"id\":\"5870\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#51C468\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#51C468\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5872\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5349\",\"type\":\"ColumnDataSource\"}},\"id\":\"5583\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5359\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5877\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5878\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5880\",\"type\":\"CDSView\"}},\"id\":\"5879\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5818\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#20A585\"},\"line_color\":{\"value\":\"#20A585\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5585\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5358\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5872\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5873\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5875\",\"type\":\"CDSView\"}},\"id\":\"5874\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5346\",\"type\":\"ColumnDataSource\"}},\"id\":\"5815\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5586\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5350\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5585\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5586\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5588\",\"type\":\"CDSView\"}},\"id\":\"5587\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#1E988A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#1E988A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5817\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"198.98.58.135\",\"198.98.58.135\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ADAD7Y7XdkIAMAPtjtd2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[8,9],\"y_index\":[28,28]},\"selected\":{\"id\":\"6019\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6018\",\"type\":\"UnionRenderers\"}},\"id\":\"5345\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"5347\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5817\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5818\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5820\",\"type\":\"CDSView\"}},\"id\":\"5819\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5708\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5358\",\"type\":\"ColumnDataSource\"}},\"id\":\"5875\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#23A883\"},\"line_color\":{\"value\":\"#23A883\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5590\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#5BC862\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#5BC862\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5877\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5350\",\"type\":\"ColumnDataSource\"}},\"id\":\"5588\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5347\",\"type\":\"ColumnDataSource\"}},\"id\":\"5820\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5964\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"217.115.10.132\",\"217.115.10.132\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AFCCZ1jWdkIAUIJnWNZ2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[62,63],\"y_index\":[34,34]},\"selected\":{\"id\":\"6031\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6030\",\"type\":\"UnionRenderers\"}},\"id\":\"5351\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"5966\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"5327\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5717\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5718\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5720\",\"type\":\"CDSView\"}},\"id\":\"5719\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5641\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5361\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5640\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5641\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5643\",\"type\":\"CDSView\"}},\"id\":\"5642\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"[2a02:418:6017::148]:45644\"},\"renderers\":[{\"id\":\"5904\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5954\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"167.220.2.123\"},\"renderers\":[{\"id\":\"5749\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5923\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#228A8D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#228A8D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5802\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5893\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5723\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"176.10.104.240\"},\"renderers\":[{\"id\":\"5754\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5924\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5967\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"5327\",\"type\":\"ColumnDataSource\"}},\"id\":\"5720\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"176.10.99.200\"},\"renderers\":[{\"id\":\"5759\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5925\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#414286\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#414286\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5722\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5361\",\"type\":\"ColumnDataSource\"}},\"id\":\"5643\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5968\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"176.10.99.200:45866\"},\"renderers\":[{\"id\":\"5764\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5926\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5969\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"5325\",\"type\":\"ColumnDataSource\"}},\"id\":\"5463\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#79D151\"},\"line_color\":{\"value\":\"#79D151\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5645\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5328\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5722\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5723\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5725\",\"type\":\"CDSView\"}},\"id\":\"5724\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"185.207.139.2:30396\"},\"renderers\":[{\"id\":\"5769\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5927\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5646\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5362\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5645\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5646\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5648\",\"type\":\"CDSView\"}},\"id\":\"5647\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5970\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"185.207.139.2:7127\"},\"renderers\":[{\"id\":\"5774\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5928\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5971\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#472B7A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#472B7A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5702\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#23878D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#23878D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5797\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"185.220.101.1\"},\"renderers\":[{\"id\":\"5779\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5929\",\"type\":\"LegendItem\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\"],\"IPAddress\":[\"131.107.160.77\",\"131.107.160.77\",\"131.107.160.77\",\"131.107.160.77\",\"131.107.160.77\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AHCWiwHddkIAkOc8Zd12QgAw4VRl3XZCAFDiUmXddkIAsFe5l992Qg==\",\"dtype\":\"float64\",\"shape\":[5]},\"index\":[17,22,23,24,53],\"y_index\":[11,11,11,11,11]},\"selected\":{\"id\":\"5985\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5984\",\"type\":\"UnionRenderers\"}},\"id\":\"5328\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5728\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"5972\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"5328\",\"type\":\"ColumnDataSource\"}},\"id\":\"5725\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"185.220.101.31\"},\"renderers\":[{\"id\":\"5784\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5930\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5973\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"5362\",\"type\":\"ColumnDataSource\"}},\"id\":\"5648\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#3F4788\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#3F4788\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5727\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"185.220.101.48\"},\"renderers\":[{\"id\":\"5789\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5931\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5798\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#86D449\"},\"line_color\":{\"value\":\"#86D449\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5650\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5974\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"185.220.101.6\"},\"renderers\":[{\"id\":\"5794\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5932\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5651\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5975\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5329\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5727\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5728\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5730\",\"type\":\"CDSView\"}},\"id\":\"5729\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5363\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5650\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5651\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5653\",\"type\":\"CDSView\"}},\"id\":\"5652\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"185.220.102.8\"},\"renderers\":[{\"id\":\"5799\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5933\",\"type\":\"LegendItem\"},{\"attributes\":{\"overlay\":{\"id\":\"5660\",\"type\":\"BoxAnnotation\"},\"x_range\":{\"id\":\"5369\",\"type\":\"Range1d\"},\"y_range\":null},\"id\":\"5659\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"5976\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"185.4.132.135\"},\"renderers\":[{\"id\":\"5804\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5934\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"5323\",\"type\":\"ColumnDataSource\"}},\"id\":\"5453\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5977\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5325\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5460\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5461\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5463\",\"type\":\"CDSView\"}},\"id\":\"5462\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5323\",\"type\":\"ColumnDataSource\"}},\"id\":\"5700\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5342\",\"type\":\"ColumnDataSource\"}},\"id\":\"5795\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5733\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"198.98.58.135\"},\"renderers\":[{\"id\":\"5809\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5935\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"5329\",\"type\":\"ColumnDataSource\"}},\"id\":\"5730\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5363\",\"type\":\"ColumnDataSource\"}},\"id\":\"5653\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5978\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"199.249.230.111\"},\"renderers\":[{\"id\":\"5814\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5936\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5979\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#3D4C89\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#3D4C89\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5732\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#92D741\"},\"line_color\":{\"value\":\"#92D741\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5655\",\"type\":\"Circle\"},{\"attributes\":{\"label\":{\"value\":\"199.249.230.113\"},\"renderers\":[{\"id\":\"5819\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5937\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5656\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5364\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5655\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5656\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5658\",\"type\":\"CDSView\"}},\"id\":\"5657\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5980\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"5330\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5732\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5733\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5735\",\"type\":\"CDSView\"}},\"id\":\"5734\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"20.190.128.101\"},\"renderers\":[{\"id\":\"5824\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5938\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5981\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"20.190.128.103\"},\"renderers\":[{\"id\":\"5829\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5939\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5982\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"20.190.129.100\"},\"renderers\":[{\"id\":\"5834\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5940\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5983\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5323\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5450\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5451\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5453\",\"type\":\"CDSView\"}},\"id\":\"5452\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5738\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5364\",\"type\":\"ColumnDataSource\"}},\"id\":\"5658\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5330\",\"type\":\"ColumnDataSource\"}},\"id\":\"5735\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"217.115.10.132\"},\"renderers\":[{\"id\":\"5839\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5941\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5984\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#3B518A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#3B518A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5737\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"23.129.64.152\"},\"renderers\":[{\"id\":\"5844\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5942\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5985\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"5660\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data_source\":{\"id\":\"5323\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5697\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5698\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5700\",\"type\":\"CDSView\"}},\"id\":\"5699\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"23.129.64.193\"},\"renderers\":[{\"id\":\"5849\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5943\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"5331\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5737\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5738\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5740\",\"type\":\"CDSView\"}},\"id\":\"5739\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5986\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"40.117.152.107\"},\"renderers\":[{\"id\":\"5854\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5944\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5987\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5664\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5668\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"40.126.9.49\"},\"renderers\":[{\"id\":\"5859\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5945\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5988\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5667\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5743\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"40.126.9.50\"},\"renderers\":[{\"id\":\"5864\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5946\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5989\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5317\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5667\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5668\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5670\",\"type\":\"CDSView\"}},\"id\":\"5669\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5331\",\"type\":\"ColumnDataSource\"}},\"id\":\"5740\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"40.126.9.51\"},\"renderers\":[{\"id\":\"5869\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5947\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"5318\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5672\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5673\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5675\",\"type\":\"CDSView\"}},\"id\":\"5674\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#38568B\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#38568B\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5742\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"5990\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"50.35.65.178\"},\"renderers\":[{\"id\":\"5874\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5948\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5991\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5332\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5742\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5743\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5745\",\"type\":\"CDSView\"}},\"id\":\"5744\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5673\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"52.109.6.30\"},\"renderers\":[{\"id\":\"5879\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5949\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"5317\",\"type\":\"ColumnDataSource\"}},\"id\":\"5670\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5992\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5793\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"66.146.193.33\"},\"renderers\":[{\"id\":\"5884\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5950\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5993\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#45065A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#45065A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5672\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5342\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5792\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5793\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5795\",\"type\":\"CDSView\"}},\"id\":\"5794\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"77.247.181.163\"},\"renderers\":[{\"id\":\"5889\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5951\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5995\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"92.62.139.103\"},\"renderers\":[{\"id\":\"5899\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5953\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5994\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"5332\",\"type\":\"ColumnDataSource\"}},\"id\":\"5745\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"87.118.116.103\"},\"renderers\":[{\"id\":\"5894\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5952\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"5996\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2A768E\"},\"line_color\":{\"value\":\"#2A768E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5530\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\"],\"IPAddress\":[\"20.190.128.101\"],\"Operation\":[\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAAQq/UdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[593],\"y_index\":[31]},\"selected\":{\"id\":\"6025\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6024\",\"type\":\"UnionRenderers\"}},\"id\":\"5348\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#45065A\"},\"line_color\":{\"value\":\"#45065A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5425\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\"],\"Operation\":[\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\"],\"TimeGenerated\":{\"__ndarray__\":\"AADtX7TTdkIAAHBftNN2QgAAcF+003ZCAIAxX7TTdkIAAPNetNN2QgCAtF6003ZCAIC0XrTTdkIAAHZetNN2QgAAdl6003ZCAIBIcLTTdkIAgEhwtNN2QgCAy2+003ZCAAAKcLTTdkIAgEhwtNN2QgAACnC003ZC\",\"dtype\":\"float64\",\"shape\":[15]},\"index\":[92,93,94,95,96,97,98,99,100,119,120,121,122,159,160],\"y_index\":[25,25,25,25,25,25,25,25,25,25,25,25,25,25,25]},\"selected\":{\"id\":\"6013\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6012\",\"type\":\"UnionRenderers\"}},\"id\":\"5342\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"5318\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5425\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5426\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5428\",\"type\":\"CDSView\"}},\"id\":\"5427\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5373\",\"type\":\"LinearScale\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"5416\",\"type\":\"Title\"},{\"attributes\":{\"below\":[{\"id\":\"5410\",\"type\":\"DatetimeAxis\"},{\"id\":\"5416\",\"type\":\"Title\"}],\"center\":[{\"id\":\"5414\",\"type\":\"Grid\"}],\"plot_height\":240,\"plot_width\":900,\"renderers\":[{\"id\":\"5422\",\"type\":\"GlyphRenderer\"},{\"id\":\"5427\",\"type\":\"GlyphRenderer\"},{\"id\":\"5432\",\"type\":\"GlyphRenderer\"},{\"id\":\"5437\",\"type\":\"GlyphRenderer\"},{\"id\":\"5442\",\"type\":\"GlyphRenderer\"},{\"id\":\"5447\",\"type\":\"GlyphRenderer\"},{\"id\":\"5452\",\"type\":\"GlyphRenderer\"},{\"id\":\"5457\",\"type\":\"GlyphRenderer\"},{\"id\":\"5462\",\"type\":\"GlyphRenderer\"},{\"id\":\"5467\",\"type\":\"GlyphRenderer\"},{\"id\":\"5472\",\"type\":\"GlyphRenderer\"},{\"id\":\"5477\",\"type\":\"GlyphRenderer\"},{\"id\":\"5482\",\"type\":\"GlyphRenderer\"},{\"id\":\"5487\",\"type\":\"GlyphRenderer\"},{\"id\":\"5492\",\"type\":\"GlyphRenderer\"},{\"id\":\"5497\",\"type\":\"GlyphRenderer\"},{\"id\":\"5502\",\"type\":\"GlyphRenderer\"},{\"id\":\"5507\",\"type\":\"GlyphRenderer\"},{\"id\":\"5512\",\"type\":\"GlyphRenderer\"},{\"id\":\"5517\",\"type\":\"GlyphRenderer\"},{\"id\":\"5522\",\"type\":\"GlyphRenderer\"},{\"id\":\"5527\",\"type\":\"GlyphRenderer\"},{\"id\":\"5532\",\"type\":\"GlyphRenderer\"},{\"id\":\"5537\",\"type\":\"GlyphRenderer\"},{\"id\":\"5542\",\"type\":\"GlyphRenderer\"},{\"id\":\"5547\",\"type\":\"GlyphRenderer\"},{\"id\":\"5552\",\"type\":\"GlyphRenderer\"},{\"id\":\"5557\",\"type\":\"GlyphRenderer\"},{\"id\":\"5562\",\"type\":\"GlyphRenderer\"},{\"id\":\"5567\",\"type\":\"GlyphRenderer\"},{\"id\":\"5572\",\"type\":\"GlyphRenderer\"},{\"id\":\"5577\",\"type\":\"GlyphRenderer\"},{\"id\":\"5582\",\"type\":\"GlyphRenderer\"},{\"id\":\"5587\",\"type\":\"GlyphRenderer\"},{\"id\":\"5592\",\"type\":\"GlyphRenderer\"},{\"id\":\"5597\",\"type\":\"GlyphRenderer\"},{\"id\":\"5602\",\"type\":\"GlyphRenderer\"},{\"id\":\"5607\",\"type\":\"GlyphRenderer\"},{\"id\":\"5612\",\"type\":\"GlyphRenderer\"},{\"id\":\"5617\",\"type\":\"GlyphRenderer\"},{\"id\":\"5622\",\"type\":\"GlyphRenderer\"},{\"id\":\"5627\",\"type\":\"GlyphRenderer\"},{\"id\":\"5632\",\"type\":\"GlyphRenderer\"},{\"id\":\"5637\",\"type\":\"GlyphRenderer\"},{\"id\":\"5642\",\"type\":\"GlyphRenderer\"},{\"id\":\"5647\",\"type\":\"GlyphRenderer\"},{\"id\":\"5652\",\"type\":\"GlyphRenderer\"},{\"id\":\"5657\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"5400\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"5415\",\"type\":\"Toolbar\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"5402\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"5406\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"5404\",\"type\":\"DataRange1d\"},\"y_scale\":{\"id\":\"5408\",\"type\":\"LinearScale\"}},\"id\":\"5399\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"source\":{\"id\":\"5356\",\"type\":\"ColumnDataSource\"}},\"id\":\"5618\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"end\":1572766365920.2,\"start\":1568282043461.8},\"id\":\"5369\",\"type\":\"Range1d\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"20.190.128.103\",\"20.190.128.103\",\"20.190.128.103\",\"20.190.128.103\",\"20.190.128.103\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AACDQa/UdkIAAINBr9R2QgAAg0Gv1HZCAACDQa/UdkIAAINBr9R2Qg==\",\"dtype\":\"float64\",\"shape\":[5]},\"index\":[594,618,629,636,658],\"y_index\":[32,32,32,32,32]},\"selected\":{\"id\":\"6027\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6026\",\"type\":\"UnionRenderers\"}},\"id\":\"5349\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5451\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5375\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\"],\"Operation\":[\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FolderDeleted\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AICWXa/UdkIAgJBer9R2QgCAnFyv1HZCAABeXK/UdkIAAF5cr9R2QgCAnFyv1HZCAABeXK/UdkIAgA1fr9R2QgCAnFyv1HZCAIAlW6/UdkIAAIFrr9R2QgAAgWuv1HZCAIBCa6/UdkIAgEJrr9R2QgCANJev1HZCAABeXK/UdkIAAF5cr9R2QgAAXlyv1HZCAAD+a6/UdkIAAHtsr9R2QgCAPGyv1HZCAAD+a6/UdkIAAP5rr9R2QgCAv2uv1HZCAIC/a6/UdkIAAF5cr9R2QgAAXlyv1HZCAAD2lq/UdkIAANtcr9R2QgAA21yv1HZCAIATXq/UdkIAAF5cr9R2QgAARmCv1HZC\",\"dtype\":\"float64\",\"shape\":[33]},\"index\":[592,596,597,598,613,614,616,617,619,620,623,624,625,626,633,635,637,638,639,640,641,642,643,644,645,646,648,652,653,655,656,657,660],\"y_index\":[43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,43]},\"selected\":{\"id\":\"6049\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6048\",\"type\":\"UnionRenderers\"}},\"id\":\"5360\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"text\":\"Timeline: Azure Operations by Source IP\"},\"id\":\"5367\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"end\":47.020833333333336,\"start\":-0.020833333333333332},\"id\":\"5371\",\"type\":\"Range1d\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"6058\",\"type\":\"AdaptiveTicker\"},{\"id\":\"6059\",\"type\":\"AdaptiveTicker\"},{\"id\":\"6060\",\"type\":\"AdaptiveTicker\"},{\"id\":\"6061\",\"type\":\"DaysTicker\"},{\"id\":\"6062\",\"type\":\"DaysTicker\"},{\"id\":\"6063\",\"type\":\"DaysTicker\"},{\"id\":\"6064\",\"type\":\"DaysTicker\"},{\"id\":\"6065\",\"type\":\"MonthsTicker\"},{\"id\":\"6066\",\"type\":\"MonthsTicker\"},{\"id\":\"6067\",\"type\":\"MonthsTicker\"},{\"id\":\"6068\",\"type\":\"MonthsTicker\"},{\"id\":\"6069\",\"type\":\"YearsTicker\"}]},\"id\":\"5378\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"5378\",\"type\":\"DatetimeTicker\"}},\"id\":\"5381\",\"type\":\"Grid\"},{\"attributes\":{\"fill_color\":{\"value\":\"#472676\"},\"line_color\":{\"value\":\"#472676\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5450\",\"type\":\"Circle\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"5664\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"5378\",\"type\":\"DatetimeTicker\"}},\"id\":\"5377\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"6028\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5536\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5997\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6029\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"5334\",\"type\":\"ColumnDataSource\"}},\"id\":\"5508\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5998\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_color\":{\"value\":\"#32638D\"},\"line_color\":{\"value\":\"#32638D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5510\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5999\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6030\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"5322\",\"type\":\"ColumnDataSource\"}},\"id\":\"5448\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5511\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6031\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5335\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5510\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5511\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5513\",\"type\":\"CDSView\"}},\"id\":\"5512\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\",\"Azure Portal\"],\"IPAddress\":[\"131.107.174.205\",\"131.107.174.205\",\"131.107.174.205\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AEDbZa7ddkIAcFinrt12QgBQ+6Wu3XZC\",\"dtype\":\"float64\",\"shape\":[3]},\"index\":[40,41,43],\"y_index\":[14,14,14]},\"selected\":{\"id\":\"5991\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5990\",\"type\":\"UnionRenderers\"}},\"id\":\"5331\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6000\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6001\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6032\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6033\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"5324\",\"type\":\"ColumnDataSource\"}},\"id\":\"5458\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5340\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5535\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5536\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5538\",\"type\":\"CDSView\"}},\"id\":\"5537\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"6002\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"5335\",\"type\":\"ColumnDataSource\"}},\"id\":\"5513\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6003\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6034\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_color\":{\"value\":\"#287A8E\"},\"line_color\":{\"value\":\"#287A8E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5535\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6035\",\"type\":\"Selection\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\"],\"IPAddress\":[\"176.10.99.200\",\"176.10.99.200\",\"176.10.99.200\",\"176.10.99.200\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ACAFKVzddkIA4NEpXN12QgAgBSlc3XZCAODRKVzddkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[25,26,27,28],\"y_index\":[18,18,18,18]},\"selected\":{\"id\":\"5999\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5998\",\"type\":\"UnionRenderers\"}},\"id\":\"5335\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6004\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6005\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6036\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"5356\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5615\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5616\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5618\",\"type\":\"CDSView\"}},\"id\":\"5617\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\"],\"Operation\":[\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileDownloaded\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"FilePreviewed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessedExtended\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"PageViewed\",\"FilePreviewed\",\"FileDownloaded\",\"FilePreviewed\",\"FileAccessed\",\"FileDownloaded\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"FileDownloaded\",\"SearchQueryPerformed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"ClientViewSignaled\",\"PageViewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileDownloaded\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FolderModified\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\"],\"TimeGenerated\":{\"__ndarray__\":\"AIAXELTTdkIAAK4rtNN2QgCA+Cm003ZCAAATMLTTdkIAAD0ptNN2QgCAbyu003ZCAAB3SbTTdkIAAK4rtNN2QgAAriu003ZCAICsDLTTdkIAAMAotNN2QgAAriu003ZCAABuDLTTdkIAAG4MtNN2QgAAG4K003ZCAIDvabTTdkIAAK4rtNN2QgCAhGa003ZCAACuK7TTdkIAgKwMtNN2QgCAbyu003ZCAID+KLTTdkIAAOsMtNN2QgCArAy003ZCAABuDLTTdkIAAG4MtNN2QgCArAy003ZCAABuDLTTdkIAgLgKtNN2QgAAbgy003ZCAICsDLTTdkIAgNuWtNN2QgCA+Cm003ZCAACuK7TTdkIAgPtntNN2QgAAriu003ZCAAA9KbTTdkIAABMwtNN2QgCARa+003ZCAIDsqLTTdkIAgFGttNN2QgAA6bO003ZCAADvsrTTdkIAgPG8tNN2QgAA17a003ZCAADps7TTdkIAgKS0tNN2QgAA6bO003ZCAICqs7TTdkIAgNSstNN2QgAAQGe003ZCAACuK7TTdkIAgJt3tNN2QgAAriu003ZCAID4KbTTdkIAAMJ7tNN2QgAAFm6003ZCAIDsqLTTdkIAgASltNN2QgAAEzC003ZCAAA9KbTTdkIAAK4rtNN2QgAAgIa003ZCAIDvabTTdkIAgKqztNN2QgCAsLK003ZCAAB+sLTTdkIAAD2mtNN2QgAAriu003ZCAABmtLTTdkIAgJ61tNN2QgCA9H2003ZCAADdtbTTdkIAAOmztNN2QgCAsLK003ZCAIA/sLTTdkIAAGyztNN2QgCAP7C003ZCAAANrrTTdkIAgBu2tNN2QgCApLS003ZCAICqs7TTdkIAAEOltNN2QgAAxbm003ZCAICGubTTdkIAALqmtNN2QgAAYLW003ZCAICqs7TTdkIAgO9ptNN2QgAA8Yi003ZCAIDxvLTTdkIAgCG1tNN2QgCAqrO003ZCAABysrTTdkIAgKqztNN2QgCAsLK003ZCAIDvabTTdkIAAK4rtNN2QgCA72m003ZCAIDvabTTdkI=\",\"dtype\":\"float64\",\"shape\":[100]},\"index\":[101,102,103,104,105,106,107,108,109,110,112,115,116,118,123,126,127,128,129,133,134,135,136,138,139,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,161,163,165,166,167,168,170,171,172,173,174,175,176,177,179,180,181,182,183,184,185,194,195,196,197,198,199,200,201,202,203,204,205,207,208,209,210,211,212,213,214,215,216,218,219,220,233,234,236,237,238,240,241,242,243,245,246],\"y_index\":[46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46]},\"selected\":{\"id\":\"6055\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6054\",\"type\":\"UnionRenderers\"}},\"id\":\"5363\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6037\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5621\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6006\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6007\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6038\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"5340\",\"type\":\"ColumnDataSource\"}},\"id\":\"5538\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6039\",\"type\":\"Selection\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\"],\"Operation\":[\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\"],\"TimeGenerated\":{\"__ndarray__\":\"AIAZXa/UdkIAgBldr9R2QgAA1V2v1HZCAAD6Qq/UdkIAgBldr9R2QgAAUl6v1HZCAIB+e/7UdkI=\",\"dtype\":\"float64\",\"shape\":[7]},\"index\":[591,595,615,628,659,661,667],\"y_index\":[1,1,1,1,1,1,1]},\"selected\":{\"id\":\"5965\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5964\",\"type\":\"UnionRenderers\"}},\"id\":\"5318\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Exchange\"],\"IPAddress\":[\"185.207.139.2:30396\"],\"Operation\":[\"Remove-InboxRule\"],\"TimeGenerated\":{\"__ndarray__\":\"AADbp1jWdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[679],\"y_index\":[20]},\"selected\":{\"id\":\"6003\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6002\",\"type\":\"UnionRenderers\"}},\"id\":\"5337\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#277E8E\"},\"line_color\":{\"value\":\"#277E8E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5540\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6008\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"77.247.181.163\",\"77.247.181.163\",\"77.247.181.163\",\"77.247.181.163\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AID4srLTdkIAACu1stN2QgCA+LKy03ZCAID4srLTdkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[91,186,187,193],\"y_index\":[44,44,44,44]},\"selected\":{\"id\":\"6051\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6050\",\"type\":\"UnionRenderers\"}},\"id\":\"5361\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5541\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6009\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6040\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"5341\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5540\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5541\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5543\",\"type\":\"CDSView\"}},\"id\":\"5542\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"6041\",\"type\":\"Selection\"},{\"attributes\":{\"fill_color\":{\"value\":\"#40BD72\"},\"line_color\":{\"value\":\"#40BD72\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5615\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6010\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6011\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6042\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#46317E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#46317E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5707\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"6043\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"5341\",\"type\":\"ColumnDataSource\"}},\"id\":\"5543\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6012\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6013\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6044\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_color\":{\"value\":\"#25828E\"},\"line_color\":{\"value\":\"#25828E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5545\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6045\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5546\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5342\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5545\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5546\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5548\",\"type\":\"CDSView\"}},\"id\":\"5547\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"6014\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6015\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6046\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6047\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5616\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6016\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6082\",\"type\":\"YearsTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.101.1\",\"185.220.101.1\",\"185.220.101.1\",\"185.220.101.1\",\"185.220.101.1\",\"185.220.101.1\",\"185.220.101.1\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AIDoLVzddkIAgOgtXN12QgCAay1c3XZCAACqLVzddkIAAKotXN12QgAAqi1c3XZCAACqLVzddkI=\",\"dtype\":\"float64\",\"shape\":[7]},\"index\":[315,317,319,321,322,323,325],\"y_index\":[22,22,22,22,22,22,22]},\"selected\":{\"id\":\"6007\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6006\",\"type\":\"UnionRenderers\"}},\"id\":\"5339\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6017\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6048\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"5342\",\"type\":\"ColumnDataSource\"}},\"id\":\"5548\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6049\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5322\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5445\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5446\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5448\",\"type\":\"CDSView\"}},\"id\":\"5447\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\"],\"IPAddress\":[\"167.220.2.105\"],\"Operation\":[\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ADCbORHddkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[21],\"y_index\":[15]},\"selected\":{\"id\":\"5993\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5992\",\"type\":\"UnionRenderers\"}},\"id\":\"5332\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#23878D\"},\"line_color\":{\"value\":\"#23878D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5550\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6018\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5551\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6019\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6050\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"5343\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5550\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5551\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5553\",\"type\":\"CDSView\"}},\"id\":\"5552\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"6051\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6020\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\"],\"Operation\":[\"FileAccessed\",\"FileAccessed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"PageViewed\",\"FileAccessed\",\"SearchQueryPerformed\",\"FilePreviewed\",\"FileAccessed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"PageViewed\",\"SearchQueryPerformed\",\"FileAccessed\",\"PageViewed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAhJlXUdkIAgNU8VdR2QgCAajlV1HZCAAAhJlXUdkIAAKk5VdR2QgCA/zVV1HZCAIDVPFXUdkIAAME1VdR2QgCAcDhV1HZCAIDVPFXUdkIAACY6VdR2QgCA5zlV1HZCAIDtOFXUdkIAAK84VdR2QgCA0ChV1HZCAAAhJlXUdkIAAA8pVdR2QgCALy5V1HZCAIDoJFXUdkIAgF8mVdR2QgAAISZV1HZCAAAhJlXUdkIAAHosVdR2QgCARypV1HZCAIDWJ1XUdkIAgF8mVdR2QgAAISZV1HZCAAAhJlXUdkIAgF8mVdR2QgAAISZV1HZCAAAhJlXUdkIAACEmVdR2Qg==\",\"dtype\":\"float64\",\"shape\":[32]},\"index\":[327,328,329,331,333,334,354,356,359,360,362,363,364,365,367,370,373,374,375,382,383,384,385,386,388,389,390,391,392,393,395,397],\"y_index\":[35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35,35]},\"selected\":{\"id\":\"6033\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6032\",\"type\":\"UnionRenderers\"}},\"id\":\"5352\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6021\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6052\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6053\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5324\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5455\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5456\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5458\",\"type\":\"CDSView\"}},\"id\":\"5457\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AJCouQTVdkIAkKi5BNV2QgBgcrIE1XZCACCuvATVdkIAIK68BNV2Qg==\",\"dtype\":\"float64\",\"shape\":[5]},\"index\":[46,47,48,49,50],\"y_index\":[45,45,45,45,45]},\"selected\":{\"id\":\"6053\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6052\",\"type\":\"UnionRenderers\"}},\"id\":\"5362\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5343\",\"type\":\"ColumnDataSource\"}},\"id\":\"5553\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6022\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"5339\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5530\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5531\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5533\",\"type\":\"CDSView\"}},\"id\":\"5532\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\"],\"IPAddress\":[\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\"],\"Operation\":[\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Cases\",\"Update Cases\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Update Cases\",\"Update Cases\"],\"TimeGenerated\":{\"__ndarray__\":\"AEBwkq7ddkIAYDySrt12QgBAboCu3XZCAOBBgK7ddkIAELFvpd12QgBQgG+l3XZCANAXZ6XddkIAIPVmpd12QgCQ9WWl3XZCAJDNZaXddkIAIH9kpd12QgDgX2Sl3XZCAIAhY6XddkIAwApjpd12QgDgSlul3XZCAPArW6XddkIA4HqHpd12QgCwWoel3XZCAPBFh6XddkIA8AGHpd12QgAAhYal3XZCAEBAhqXddkIAQFCCpd12QgBwDIKl3XZCANBsdKXddkIAUEJ0pd12QgCAW3Kl3XZCAAA2cqXddkIA4GhXAt12QgDQOFcC3XZCAJAVVgLddkIAEOFVAt12QgCQ9lQC3XZCADDUVALddkIAEAlIAt12QgAA4kcC3XZCAIASlQLddkIAgPSUAt12QgBAEMeX33ZCAJAGx5ffdkI=\",\"dtype\":\"float64\",\"shape\":[40]},\"index\":[0,1,2,3,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,94,95],\"y_index\":[5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5]},\"selected\":{\"id\":\"5973\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5972\",\"type\":\"UnionRenderers\"}},\"id\":\"5322\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"52.109.6.30\",\"52.109.6.30\",\"52.109.6.30\",\"52.109.6.30\",\"52.109.6.30\",\"52.109.6.30\",\"52.109.6.30\"],\"Operation\":[\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAnLlzddkIAACcuXN12QgCAtUOv1HZCAIC1Q6/UdkIAAL17/tR2QgAAvXv+1HZCAID7e/7UdkI=\",\"dtype\":\"float64\",\"shape\":[7]},\"index\":[312,318,630,631,666,669,672],\"y_index\":[42,42,42,42,42,42,42]},\"selected\":{\"id\":\"6047\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6046\",\"type\":\"UnionRenderers\"}},\"id\":\"5359\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6023\",\"type\":\"Selection\"},{\"attributes\":{\"fill_color\":{\"value\":\"#228A8D\"},\"line_color\":{\"value\":\"#228A8D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5555\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6054\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6055\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5556\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5344\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5555\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5556\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5558\",\"type\":\"CDSView\"}},\"id\":\"5557\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"20.190.129.100\",\"20.190.129.100\",\"20.190.129.100\",\"20.190.129.100\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AADDev7UdkIAAEB7/tR2QgAAw3r+1HZCAABAe/7UdkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[665,674,675,676],\"y_index\":[33,33,33,33]},\"selected\":{\"id\":\"6029\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6028\",\"type\":\"UnionRenderers\"}},\"id\":\"5350\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6024\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"6025\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6056\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"40.126.9.51\",\"40.126.9.51\",\"40.126.9.51\",\"40.126.9.51\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AACwLFzddkIAALAsXN12QgAAsCxc3XZCAACwLFzddkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[311,313,320,324],\"y_index\":[40,40,40,40]},\"selected\":{\"id\":\"6043\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6042\",\"type\":\"UnionRenderers\"}},\"id\":\"5357\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"6027\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6057\",\"type\":\"Selection\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],\"Operation\":[\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\"],\"TimeGenerated\":{\"__ndarray__\":\"AADrDLTTdkIAALO8tNN2QgCABKW003ZCAIAVt7TTdkIAgPG8tNN2QgCA8by003ZCAACpOVXUdkIAAJc8VdR2QgAAISZV1HZCAACFP1XUdkIAAJc8VdR2QgAAhT9V1HZCAIDVPFXUdkIAgE0pVdR2QgAA21yv1HZC\",\"dtype\":\"float64\",\"shape\":[15]},\"index\":[137,162,164,178,235,239,326,330,332,352,355,357,361,387,654],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"5963\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5962\",\"type\":\"UnionRenderers\"}},\"id\":\"5317\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5344\",\"type\":\"ColumnDataSource\"}},\"id\":\"5558\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6026\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"6058\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\"],\"IPAddress\":[\"199.249.230.113\"],\"Operation\":[\"FileAccessed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAA3p7TTdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[169],\"y_index\":[30]},\"selected\":{\"id\":\"6023\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6022\",\"type\":\"UnionRenderers\"}},\"id\":\"5347\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5823\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5456\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#1E9C89\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#1E9C89\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5822\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5321\",\"type\":\"ColumnDataSource\"}},\"id\":\"5443\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5348\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5822\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5823\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5825\",\"type\":\"CDSView\"}},\"id\":\"5824\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5361\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5887\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5888\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5890\",\"type\":\"CDSView\"}},\"id\":\"5889\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\"],\"IPAddress\":[\"131.107.174.123\",\"131.107.174.123\",\"131.107.174.123\",\"131.107.174.123\"],\"Operation\":[\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\"],\"TimeGenerated\":{\"__ndarray__\":\"ANBZi6bddkIAACWLpt12QgBgP7em3XZCAFAOt6bddkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[4,5,6,7],\"y_index\":[12,12,12,12]},\"selected\":{\"id\":\"5987\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5986\",\"type\":\"UnionRenderers\"}},\"id\":\"5329\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5828\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5348\",\"type\":\"ColumnDataSource\"}},\"id\":\"5825\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#1EA087\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#1EA087\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5827\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5349\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5827\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5828\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5830\",\"type\":\"CDSView\"}},\"id\":\"5829\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#70CE56\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#70CE56\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5887\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#27AD80\"},\"line_color\":{\"value\":\"#27AD80\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5595\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5833\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5349\",\"type\":\"ColumnDataSource\"}},\"id\":\"5830\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#20A585\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#20A585\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5832\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5888\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2C718E\"},\"line_color\":{\"value\":\"#2C718E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5525\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5350\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5832\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5833\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5835\",\"type\":\"CDSView\"}},\"id\":\"5834\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#471466\"},\"line_color\":{\"value\":\"#471466\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5435\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"FileUploaded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PageViewed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FilePreviewed\",\"FileAccessed\",\"PageViewed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"AnonymousLinkCreated\",\"SharingInheritanceBroken\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"GroupAdded\",\"SearchQueryPerformed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileModified\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FolderCreated\",\"FilePreviewed\",\"FileModified\",\"PageViewed\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingInheritanceBroken\",\"AddedToGroup\",\"GroupAdded\",\"PageViewed\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"AnonymousLinkCreated\",\"SharingSet\",\"SharingSet\",\"AddedToGroup\",\"SharingSet\",\"GroupAdded\",\"SharingInheritanceBroken\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"FileUploaded\",\"FileUploaded\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileDownloaded\",\"FileDownloaded\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FilePreviewed\",\"FilePreviewed\",\"PageViewed\",\"FileAccessed\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FilePreviewed\",\"FileDownloaded\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"PageViewed\",\"FilePreviewed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FileAccessed\",\"FileAccessed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FolderCreated\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FolderDeleted\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileUploaded\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAkDL3TdkIAgOULvdN2QgCA5Qu903ZCAIDlC73TdkIAACoLvdN2QgCA6wq903ZCAAA2Cb3TdkIAADYJvdN2QgAAuQi903ZCAAC/B73TdkIAAEIHvdN2QgAAQge903ZCAABCB73TdkIAAEIHvdN2QgAAfv2803ZCAACE/LzTdkIAAAf8vNN2QgCAaAu903ZCAIDxCb3TdkIAADwIvdN2QgAAPAi903ZCAAA8CL3TdkIAgP0HvdN2QgCAbgq903ZCAAC/B73TdkIAgLfpvNN2QgAAeem803ZCAIA66bzTdkIAgDrpvNN2QgCAOum803ZCAIA66bzTdkIAgDrpvNN2QgCAOum803ZCAIA66bzTdkIAgLz9vNN2QgAAKgu903ZCAAAwCr3TdkIAALMJvdN2QgAAPAi903ZCAAA8CL3TdkIAAL8HvdN2QgCAdAm903ZCAIB0Cb3TdkIAALkIvdN2QgCA9wi903ZCAAAkDL3TdkIAgGgLvdN2QgAArQq903ZCAIB0Cb3TdkIAAH79vNN2QgAAuQi903ZCAIA//bzTdkIAgOD3vNN2QgCA4Pe803ZCAIDg97zTdkIAgOD3vNN2QgAAove803ZCAIDg97zTdkIAAKL3vNN2QgCAdfS803ZCAIB19LzTdkIAgHX0vNN2QgCAdfS803ZCAIB19LzTdkIAgHX0vNN2QgAAN/S803ZCAADS77zTdkIAgJPvvNN2QgCAk++803ZCAICT77zTdkIAgJPvvNN2QgCAk++803ZCAABV77zTdkIAgHbfvNN2QgAANgm903ZCAAA2Cb3TdkIAgAMHvdN2QgCAJwG903ZCAIADB73TdkIAAA37vNN2QgAADfu803ZCAAAN+7zTdkIAAA37vNN2QgAADfu803ZCAIDO+rzTdkIAAA37vNN2QgAAMuC803ZCAAAy4LzTdkIAADLgvNN2QgAAJAy903ZCAIBoC73TdkIAgOcFt9N2QgAAqQW303ZCAAAIC7fTdkIAAIsKt9N2QgAA9g2303ZCAAD2DbfTdkIAAPYNt9N2QgAA9g2303ZCAIC3DbfTdkIAAKkFt9N2QgCA4Qa303ZCAACjBrfTdkIAAKkFt9N2QgAACAu303ZCAIDJCrfTdkIAAIsKt9N2QgAAJga303ZCAIBMCrfTdkIAAKkFt9N2QgAAqQW303ZCAACpBbfTdkIAACYGt9N2QgAAJga303ZCAID5ArfTdkIAAKkFt9N2QgCA5iC203ZCAIBdIrbTdkIAAJYjttN2QgAA3he203ZCAICfF7bTdkIAAGEXttN2QgAAYRe203ZCAIAiF7bTdkIAgCIXttN2QgAA5Ba203ZCAABnFrbTdkIAgKUWttN2QgAADSW203ZCAAANJbbTdkIAAA0lttN2QgAADSW203ZCAIBvH7bTdkIAAD0dttN2QgAADgq303ZCAAAsBbfTdkIAAKkFt9N2QgAAqQW303ZCAAAOCrfTdkIAAKkFt9N2QgAALAW303ZCAAAXL7vTdkIAABcvu9N2QgAAFy+703ZCAAAXL7vTdkIAABcvu9N2QgCAHzi703ZCAIAlN7vTdkIAAPkzu9N2QgAA+TO703ZCAIAlN7vTdkIAgDc0u9N2QgCANzS703ZCAAC4KbvTdkIAADspu9N2QgAARye703ZCAAC4KbvTdkIAgKI3u9N2QgCAoje703ZCAABBKLvTdkIAgCU3u9N2QgAAdjS703ZCAIA3NLvTdkIAgEkxu9N2QgCAqDa703ZCAABqNrvTdkIAgK41u9N2QgAAuCm703ZC\",\"dtype\":\"float64\",\"shape\":[168]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,221,222,223,224,225,226,227,228,229,230,231,232,244,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310],\"y_index\":[26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26]},\"selected\":{\"id\":\"6015\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6014\",\"type\":\"UnionRenderers\"}},\"id\":\"5343\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5360\",\"type\":\"ColumnDataSource\"}},\"id\":\"5885\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5838\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\"],\"IPAddress\":[\"131.107.174.181\"],\"Operation\":[\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ADB9RZ7hdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[0],\"y_index\":[13]},\"selected\":{\"id\":\"5989\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5988\",\"type\":\"UnionRenderers\"}},\"id\":\"5330\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5350\",\"type\":\"ColumnDataSource\"}},\"id\":\"5835\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#23A883\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#23A883\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5837\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\"],\"Operation\":[\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\"],\"TimeGenerated\":{\"__ndarray__\":\"AIAvDLTTdkIAAOsMtNN2QgCArAy003ZCAADxC7TTdkIAgPVotNN2QgAAt2i003ZCAIAKsLLTdkIAAPELtNN2QgCACrCy03ZCAIAhtbTTdkIAgPVotNN2QgCA1idV1HZCAIB8NlXUdkIAgNYnVdR2QgCA1idV1HZCAIDQKFXUdkIAgNYnVdR2Qg==\",\"dtype\":\"float64\",\"shape\":[17]},\"index\":[111,113,114,117,124,125,131,140,192,206,217,353,358,371,372,394,396],\"y_index\":[37,37,37,37,37,37,37,37,37,37,37,37,37,37,37,37,37]},\"selected\":{\"id\":\"6037\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6036\",\"type\":\"UnionRenderers\"}},\"id\":\"5354\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"5351\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5837\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5838\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5840\",\"type\":\"CDSView\"}},\"id\":\"5839\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5962\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5843\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Exchange\"],\"IPAddress\":[\"185.207.139.2:7127\"],\"Operation\":[\"Remove-InboxRule\"],\"TimeGenerated\":{\"__ndarray__\":\"AIAfp1jWdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[678],\"y_index\":[21]},\"selected\":{\"id\":\"6005\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6004\",\"type\":\"UnionRenderers\"}},\"id\":\"5338\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5351\",\"type\":\"ColumnDataSource\"}},\"id\":\"5840\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#27AD80\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#27AD80\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5842\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"5360\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5882\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5883\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5885\",\"type\":\"CDSView\"}},\"id\":\"5884\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#472B7A\"},\"line_color\":{\"value\":\"#472B7A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5455\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5352\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5842\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5843\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5845\",\"type\":\"CDSView\"}},\"id\":\"5844\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5426\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5353\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5847\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5848\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5850\",\"type\":\"CDSView\"}},\"id\":\"5849\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"5352\",\"type\":\"ColumnDataSource\"}},\"id\":\"5845\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5848\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2BB17D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2BB17D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5847\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5878\",\"type\":\"Diamond\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"6059\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5466\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5898\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"5326\",\"type\":\"ColumnDataSource\"}},\"id\":\"5468\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"5339\",\"type\":\"ColumnDataSource\"}},\"id\":\"5533\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"6060\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\"],\"IPAddress\":[\"131.107.159.181\"],\"Operation\":[\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AGBrV57hdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[1],\"y_index\":[7]},\"selected\":{\"id\":\"5977\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5976\",\"type\":\"UnionRenderers\"}},\"id\":\"5324\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2E6D8E\"},\"line_color\":{\"value\":\"#2E6D8E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5520\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"6061\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Exchange\"],\"IPAddress\":[\"176.10.99.200:45866\"],\"Operation\":[\"New-InboxRule\"],\"TimeGenerated\":{\"__ndarray__\":\"AIBs1wTVdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[677],\"y_index\":[19]},\"selected\":{\"id\":\"6001\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6000\",\"type\":\"UnionRenderers\"}},\"id\":\"5336\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#86D449\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#86D449\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5897\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"6062\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5321\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5440\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5441\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5443\",\"type\":\"CDSView\"}},\"id\":\"5442\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5363\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5897\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5898\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5900\",\"type\":\"CDSView\"}},\"id\":\"5899\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"6063\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5601\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5963\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"5324\",\"type\":\"ColumnDataSource\"}},\"id\":\"5705\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5903\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"6064\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"5363\",\"type\":\"ColumnDataSource\"}},\"id\":\"5900\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"6065\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\"],\"IPAddress\":[\"131.107.159.143\"],\"Operation\":[\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AMDbvajddkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[32],\"y_index\":[6]},\"selected\":{\"id\":\"5975\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5974\",\"type\":\"UnionRenderers\"}},\"id\":\"5323\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\"],\"IPAddress\":[\"167.220.2.123\",\"167.220.2.123\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"AJAjrKXddkIAkIKqpd12Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[30,31],\"y_index\":[16,16]},\"selected\":{\"id\":\"5995\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5994\",\"type\":\"UnionRenderers\"}},\"id\":\"5333\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#92D741\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#92D741\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5902\",\"type\":\"Diamond\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"5907\",\"type\":\"LegendItem\"},{\"id\":\"5908\",\"type\":\"LegendItem\"},{\"id\":\"5909\",\"type\":\"LegendItem\"},{\"id\":\"5910\",\"type\":\"LegendItem\"},{\"id\":\"5911\",\"type\":\"LegendItem\"},{\"id\":\"5912\",\"type\":\"LegendItem\"},{\"id\":\"5913\",\"type\":\"LegendItem\"},{\"id\":\"5914\",\"type\":\"LegendItem\"},{\"id\":\"5915\",\"type\":\"LegendItem\"},{\"id\":\"5916\",\"type\":\"LegendItem\"},{\"id\":\"5917\",\"type\":\"LegendItem\"},{\"id\":\"5918\",\"type\":\"LegendItem\"},{\"id\":\"5919\",\"type\":\"LegendItem\"},{\"id\":\"5920\",\"type\":\"LegendItem\"},{\"id\":\"5921\",\"type\":\"LegendItem\"},{\"id\":\"5922\",\"type\":\"LegendItem\"},{\"id\":\"5923\",\"type\":\"LegendItem\"},{\"id\":\"5924\",\"type\":\"LegendItem\"},{\"id\":\"5925\",\"type\":\"LegendItem\"},{\"id\":\"5926\",\"type\":\"LegendItem\"},{\"id\":\"5927\",\"type\":\"LegendItem\"},{\"id\":\"5928\",\"type\":\"LegendItem\"},{\"id\":\"5929\",\"type\":\"LegendItem\"},{\"id\":\"5930\",\"type\":\"LegendItem\"},{\"id\":\"5931\",\"type\":\"LegendItem\"},{\"id\":\"5932\",\"type\":\"LegendItem\"},{\"id\":\"5933\",\"type\":\"LegendItem\"},{\"id\":\"5934\",\"type\":\"LegendItem\"},{\"id\":\"5935\",\"type\":\"LegendItem\"},{\"id\":\"5936\",\"type\":\"LegendItem\"},{\"id\":\"5937\",\"type\":\"LegendItem\"},{\"id\":\"5938\",\"type\":\"LegendItem\"},{\"id\":\"5939\",\"type\":\"LegendItem\"},{\"id\":\"5940\",\"type\":\"LegendItem\"},{\"id\":\"5941\",\"type\":\"LegendItem\"},{\"id\":\"5942\",\"type\":\"LegendItem\"},{\"id\":\"5943\",\"type\":\"LegendItem\"},{\"id\":\"5944\",\"type\":\"LegendItem\"},{\"id\":\"5945\",\"type\":\"LegendItem\"},{\"id\":\"5946\",\"type\":\"LegendItem\"},{\"id\":\"5947\",\"type\":\"LegendItem\"},{\"id\":\"5948\",\"type\":\"LegendItem\"},{\"id\":\"5949\",\"type\":\"LegendItem\"},{\"id\":\"5950\",\"type\":\"LegendItem\"},{\"id\":\"5951\",\"type\":\"LegendItem\"},{\"id\":\"5952\",\"type\":\"LegendItem\"},{\"id\":\"5953\",\"type\":\"LegendItem\"},{\"id\":\"5954\",\"type\":\"LegendItem\"}],\"label_text_font_size\":{\"value\":\"8pt\"},\"location\":\"center\"},\"id\":\"5906\",\"type\":\"Legend\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"6066\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5526\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"5364\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5902\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5903\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"5905\",\"type\":\"CDSView\"}},\"id\":\"5904\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"6067\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"6068\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"5364\",\"type\":\"ColumnDataSource\"}},\"id\":\"5905\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5965\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6069\",\"type\":\"YearsTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"6070\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"label\":{\"value\":\"\"},\"renderers\":[{\"id\":\"5669\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5907\",\"type\":\"LegendItem\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"6071\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5326\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5465\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5466\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5468\",\"type\":\"CDSView\"}},\"id\":\"5467\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\"],\"Operation\":[\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileModifiedExtended\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileUploaded\",\"FileModifiedExtended\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModifiedExtended\",\"FileAccessed\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileUploaded\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModifiedExtended\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModifiedExtended\",\"FileModified\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileModifiedExtended\",\"FileUploaded\",\"FileModified\",\"FileModifiedExtended\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileModifiedExtended\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileAccessed\",\"FileUploaded\",\"FileAccessed\",\"FileUploaded\",\"FileModified\",\"FileModified\",\"FileAccessed\"],\"TimeGenerated\":{\"__ndarray__\":\"AIDlI7PUdkIAAA0Ts9R2QgAAZS6z1HZCAABlLrPUdkIAgK8ss9R2QgAA9Cuz1HZCAAD6KrPUdkIAAAYps9R2QgAAiSiz1HZCAIBQJ7PUdkIAABgms9R2QgAAGCaz1HZCAIDfJLPUdkIAgN8ks9R2QgAASQmz1HZCAADqA7PUdkIAgEAAs9R2QgAAgj6z1HZCAIDSO7PUdkIAgCEas9R2QgCAIRqz1HZCAICO87LUdkIAgBfystR2QgAA3/Cy1HZCAADf8LLUdkIAACUPs9R2QgAAJQ+z1HZCAAAlD7PUdkIAACUPs9R2QgCA5g6z1HZCAIDmDrPUdkIAgOYOs9R2QgCA5g6z1HZCAACoDrPUdkIAgGkOs9R2QgAAKw6z1HZCAAArDrPUdkIAACsOs9R2QgCA7A2z1HZCAIDsDbPUdkIAgOwNs9R2QgAArg2z1HZCAACuDbPUdkIAgG8Ns9R2QgCAbw2z1HZCAIBvDbPUdkIAADENs9R2QgAAMQ2z1HZCAAAxDbPUdkIAgPIMs9R2QgCA8gyz1HZCAABtA7PUdkIAAG0Ds9R2QgCAqwOz1HZCAICrA7PUdkIAACD7stR2QgCA5/my1HZCAIDt+LLUdkIAgO34stR2QgCAcPiy1HZCAIBw+LLUdkIAADj3stR2QgCAgvWy1HZCAICC9bLUdkIAAMf0stR2QgAAx/Sy1HZCAADN87LUdkIAgBHzstR2QgCAlPKy1HZCAICU8rLUdkIAAFzxstR2QgAAXPGy1HZCAIDOErPUdkIAgM4Ss9R2QgAAo/qy1HZCAACp+bLUdkIAADL4stR2QgCAdvey1HZCAIB297LUdkIAgIL1stR2QgCAZPqy1HZCAIBk+rLUdkIAgGr5stR2QgCAavmy1HZCAACv+LLUdkIAALX3stR2QgAAtfey1HZCAAA+9rLUdkIAAD72stR2QgCABfWy1HZCAADZ8bLUdkIAgOf5stR2QgAALPmy1HZCAIB297LUdkIAgHz2stR2QgCAfPay1HZCAICI9LLUdkIAANPystR2QgAA0/Ky1HZCAICU8rLUdkIAAFzxstR2QgCAHfGy1HZCAAAxDbPUdkIAACb6stR2QgAACP+y1HZCAIDJ/rLUdkIAgOH6stR2QgCA4fqy1HZCAAA+9rLUdkIAAM3zstR2QgAArg2z1HZCAACuDbPUdkIAgCEas9R2QgCAIRqz1HZCAIDfJLPUdkIAgN8ks9R2QgCA5SOz1HZCAABJCbPUdkIAAOoDs9R2QgCAQACz1HZCAABHM7PUdkIAAMoys9R2QgAA7iyz1HZCAAB3K7PUdkIAAIMps9R2QgCASiiz1HZCAIAIM7PUdkIAAE0ys9R2QgAA3C+z1HZCAIAVHLPUdkIAAGAas9R2QgCAIRqz1HZCAICO87LUdkIAgBfystR2QgAA3/Cy1HZCAADf8LLUdkIAAE0ys9R2QgAATTKz1HZCAABTMbPUdkIAAFkws9R2QgCAIC+z1HZCAABxLLPUdkIAAIMps9R2QgAAgymz1HZCAIBWJrPUdkIAgFYms9R2QgCAMxez1HZCAAB3K7PUdkIAgLsqs9R2QgCAPiqz1HZCAIDNJ7PUdkIAAJsls9R2QgAApyOz1HZCAACnI7PUdkIAgOsis9R2QgCA5SOz1HZCAIAZRbPUdkIAgPIMs9R2QgCA8gyz1HZCAIDyDLPUdkIAgPIMs9R2QgCAbTez1HZCAACmOLPUdkIAAE0ys9R2QgAA0DGz1HZCAABZMLPUdkIAANwvs9R2QgAADROz1HZCAIDHKLPUdkIAAAwos9R2QgAAjyez1HZCAIDTJrPUdkIAgFYms9R2QgAAoSSz1HZCAAAqI7PUdkIAACojs9R2QgAAMCKz1HZCAAAwIrPUdkIAADAis9R2QgCA8Daz1HZCAABHM7PUdkIAgJExs9R2QgCAlzCz1HZCAADcL7PUdkIAAGUus9R2QgCAMiyz1HZCAAD0K7PUdkIAgDgrs9R2QgAAfSqz1HZCAAAAKrPUdkIAgMA+s9R2QgAAY+2v1HZCAADm7K/UdkIAgJvur9R2QgCAm+6v1HZCAADg7a/UdkIAgPrzr9R2QgCAifGv1HZCAICb7q/UdkIAAF3ur9R2QgAA4O2v1HZCAIAk7a/UdkIAgCTtr9R2QgCAp+yv1HZCAICn7K/UdkIAAMLyr9R2QgCAHu6v1HZCAICh7a/UdkI=\",\"dtype\":\"float64\",\"shape\":[208]},\"index\":[398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,601,602,603,604,605,606,607,608,609,610,611,612,649,650,651],\"y_index\":[17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17]},\"selected\":{\"id\":\"5997\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"5996\",\"type\":\"UnionRenderers\"}},\"id\":\"5334\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"6072\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#481A6C\"},\"line_color\":{\"value\":\"#481A6C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5440\",\"type\":\"Circle\"},{\"attributes\":{\"label\":{\"value\":\"104.41.146.53\"},\"renderers\":[{\"id\":\"5674\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5908\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"5355\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5610\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5611\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5613\",\"type\":\"CDSView\"}},\"id\":\"5612\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"6073\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"label\":{\"value\":\"109.70.100.24\"},\"renderers\":[{\"id\":\"5679\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5909\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"6074\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"5320\",\"type\":\"ColumnDataSource\"}},\"id\":\"5438\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"109.70.100.26\"},\"renderers\":[{\"id\":\"5684\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5910\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5441\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"6075\",\"type\":\"DaysTicker\"},{\"attributes\":{\"label\":{\"value\":\"131.107.147.105\"},\"renderers\":[{\"id\":\"5689\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5911\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"131.107.147.205\"},\"renderers\":[{\"id\":\"5694\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5912\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"131.107.160.181\"},\"renderers\":[{\"id\":\"5714\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5916\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"5320\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5435\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5436\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5438\",\"type\":\"CDSView\"}},\"id\":\"5437\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"6076\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5338\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"5525\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5526\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"5528\",\"type\":\"CDSView\"}},\"id\":\"5527\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#453681\"},\"line_color\":{\"value\":\"#453681\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"5465\",\"type\":\"Circle\"},{\"attributes\":{\"label\":{\"value\":\"131.107.159.143\"},\"renderers\":[{\"id\":\"5699\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5913\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"6077\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"6078\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"label\":{\"value\":\"131.107.159.181\"},\"renderers\":[{\"id\":\"5704\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5914\",\"type\":\"LegendItem\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Exchange\"],\"IPAddress\":[\"[2a02:418:6017::148]:45644\"],\"Operation\":[\"New-InboxRule\"],\"TimeGenerated\":{\"__ndarray__\":\"AABUw7LTdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[132],\"y_index\":[47]},\"selected\":{\"id\":\"6057\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6056\",\"type\":\"UnionRenderers\"}},\"id\":\"5364\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"131.107.159.205\"},\"renderers\":[{\"id\":\"5709\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5915\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"6079\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"label\":{\"value\":\"131.107.160.205\"},\"renderers\":[{\"id\":\"5719\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5917\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"6080\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\"],\"IPAddress\":[\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\"],\"TimeGenerated\":{\"__ndarray__\":\"AJB1qfbcdkIAAMKn9tx2QgDgALb13HZCAJCHFgHgdkIA8IPjad92QgDwtVX23HZCAMCaVfbcdkIAEMtJ9tx2QgCgr0n23HZCAED9lfbcdkIA0OqV9tx2QgAQ95T23HZCACDnlPbcdkIAQBOS9tx2QgBACZL23HZCAFAqkfbcdkIAsAaR9tx2QgAwc4/23HZCAKBTj/bcdkIA4N2J9tx2QgAQvIn23HZCAOC/2PXcdkIAoIfY9dx2QgCAmtL13HZCAPB/0vXcdkIAENnP9dx2QgBQsc/13HZC\",\"dtype\":\"float64\",\"shape\":[27]},\"index\":[18,19,20,45,52,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73],\"y_index\":[41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41]},\"selected\":{\"id\":\"6045\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"6044\",\"type\":\"UnionRenderers\"}},\"id\":\"5358\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"131.107.160.77\"},\"renderers\":[{\"id\":\"5724\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5918\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"6081\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"label\":{\"value\":\"131.107.174.123\"},\"renderers\":[{\"id\":\"5729\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5919\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"167.220.2.105\"},\"renderers\":[{\"id\":\"5744\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5922\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"131.107.174.181\"},\"renderers\":[{\"id\":\"5734\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5920\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"131.107.174.205\"},\"renderers\":[{\"id\":\"5739\",\"type\":\"GlyphRenderer\"}]},\"id\":\"5921\",\"type\":\"LegendItem\"}],\"root_ids\":[\"5955\"]},\"title\":\"Bokeh Application\",\"version\":\"1.3.4\"}};\n",
       "  var render_items = [{\"docid\":\"2fedad96-5d65-49ab-9fde-0178587cc094\",\"roots\":{\"5955\":\"17b77c10-0ad5-4883-bfd9-d8647a0044a3\"}}];\n",
       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
       "\n",
       "  }\n",
       "  if (root.Bokeh !== undefined) {\n",
       "    embed_document(root);\n",
       "  } else {\n",
       "    var attempts = 0;\n",
       "    var timer = setInterval(function(root) {\n",
       "      if (root.Bokeh !== undefined) {\n",
       "        embed_document(root);\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "      attempts++;\n",
       "      if (attempts > 100) {\n",
       "        console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "    }, 10, root)\n",
       "  }\n",
       "})(window);"
      ],
      "application/vnd.bokehjs_exec.v0+json": ""
     },
     "metadata": {
      "application/vnd.bokehjs_exec.v0+json": {
       "id": "5955"
      }
     },
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "    <div class=\"bk-root\">\n",
       "        <a href=\"https://bokeh.pydata.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
       "        <span id=\"6948\">Loading BokehJS ...</span>\n",
       "    </div>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "\n",
       "(function(root) {\n",
       "  function now() {\n",
       "    return new Date();\n",
       "  }\n",
       "\n",
       "  var force = true;\n",
       "\n",
       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
       "    root._bokeh_onload_callbacks = [];\n",
       "    root._bokeh_is_loading = undefined;\n",
       "  }\n",
       "\n",
       "  var JS_MIME_TYPE = 'application/javascript';\n",
       "  var HTML_MIME_TYPE = 'text/html';\n",
       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
       "\n",
       "  /**\n",
       "   * Render data to the DOM node\n",
       "   */\n",
       "  function render(props, node) {\n",
       "    var script = document.createElement(\"script\");\n",
       "    node.appendChild(script);\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when an output is cleared or removed\n",
       "   */\n",
       "  function handleClearOutput(event, handle) {\n",
       "    var cell = handle.cell;\n",
       "\n",
       "    var id = cell.output_area._bokeh_element_id;\n",
       "    var server_id = cell.output_area._bokeh_server_id;\n",
       "    // Clean up Bokeh references\n",
       "    if (id != null && id in Bokeh.index) {\n",
       "      Bokeh.index[id].model.document.clear();\n",
       "      delete Bokeh.index[id];\n",
       "    }\n",
       "\n",
       "    if (server_id !== undefined) {\n",
       "      // Clean up Bokeh references\n",
       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
       "      cell.notebook.kernel.execute(cmd, {\n",
       "        iopub: {\n",
       "          output: function(msg) {\n",
       "            var id = msg.content.text.trim();\n",
       "            if (id in Bokeh.index) {\n",
       "              Bokeh.index[id].model.document.clear();\n",
       "              delete Bokeh.index[id];\n",
       "            }\n",
       "          }\n",
       "        }\n",
       "      });\n",
       "      // Destroy server and session\n",
       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
       "      cell.notebook.kernel.execute(cmd);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  /**\n",
       "   * Handle when a new output is added\n",
       "   */\n",
       "  function handleAddOutput(event, handle) {\n",
       "    var output_area = handle.output_area;\n",
       "    var output = handle.output;\n",
       "\n",
       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
       "      return\n",
       "    }\n",
       "\n",
       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
       "\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
       "      // store reference to embed id on output_area\n",
       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
       "    }\n",
       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
       "      var bk_div = document.createElement(\"div\");\n",
       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
       "      var script_attrs = bk_div.children[0].attributes;\n",
       "      for (var i = 0; i < script_attrs.length; i++) {\n",
       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
       "      }\n",
       "      // store reference to server id on output_area\n",
       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
       "    }\n",
       "  }\n",
       "\n",
       "  function register_renderer(events, OutputArea) {\n",
       "\n",
       "    function append_mime(data, metadata, element) {\n",
       "      // create a DOM node to render to\n",
       "      var toinsert = this.create_output_subarea(\n",
       "        metadata,\n",
       "        CLASS_NAME,\n",
       "        EXEC_MIME_TYPE\n",
       "      );\n",
       "      this.keyboard_manager.register_events(toinsert);\n",
       "      // Render to node\n",
       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
       "      render(props, toinsert[toinsert.length - 1]);\n",
       "      element.append(toinsert);\n",
       "      return toinsert\n",
       "    }\n",
       "\n",
       "    /* Handle when an output is cleared or removed */\n",
       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
       "    events.on('delete.Cell', handleClearOutput);\n",
       "\n",
       "    /* Handle when a new output is added */\n",
       "    events.on('output_added.OutputArea', handleAddOutput);\n",
       "\n",
       "    /**\n",
       "     * Register the mime type and append_mime function with output_area\n",
       "     */\n",
       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
       "      /* Is output safe? */\n",
       "      safe: true,\n",
       "      /* Index of renderer in `output_area.display_order` */\n",
       "      index: 0\n",
       "    });\n",
       "  }\n",
       "\n",
       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
       "  if (root.Jupyter !== undefined) {\n",
       "    var events = require('base/js/events');\n",
       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
       "\n",
       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
       "      register_renderer(events, OutputArea);\n",
       "    }\n",
       "  }\n",
       "\n",
       "  \n",
       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
       "    root._bokeh_timeout = Date.now() + 5000;\n",
       "    root._bokeh_failed_load = false;\n",
       "  }\n",
       "\n",
       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
       "     \"<div style='background-color: #fdd'>\\n\"+\n",
       "     \"<p>\\n\"+\n",
       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
       "     \"</p>\\n\"+\n",
       "     \"<ul>\\n\"+\n",
       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
       "     \"</ul>\\n\"+\n",
       "     \"<code>\\n\"+\n",
       "     \"from bokeh.resources import INLINE\\n\"+\n",
       "     \"output_notebook(resources=INLINE)\\n\"+\n",
       "     \"</code>\\n\"+\n",
       "     \"</div>\"}};\n",
       "\n",
       "  function display_loaded() {\n",
       "    var el = document.getElementById(\"6948\");\n",
       "    if (el != null) {\n",
       "      el.textContent = \"BokehJS is loading...\";\n",
       "    }\n",
       "    if (root.Bokeh !== undefined) {\n",
       "      if (el != null) {\n",
       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
       "      }\n",
       "    } else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(display_loaded, 100)\n",
       "    }\n",
       "  }\n",
       "\n",
       "\n",
       "  function run_callbacks() {\n",
       "    try {\n",
       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
       "        if (callback != null)\n",
       "          callback();\n",
       "      });\n",
       "    } finally {\n",
       "      delete root._bokeh_onload_callbacks\n",
       "    }\n",
       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
       "  }\n",
       "\n",
       "  function load_libs(css_urls, js_urls, callback) {\n",
       "    if (css_urls == null) css_urls = [];\n",
       "    if (js_urls == null) js_urls = [];\n",
       "\n",
       "    root._bokeh_onload_callbacks.push(callback);\n",
       "    if (root._bokeh_is_loading > 0) {\n",
       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
       "      return null;\n",
       "    }\n",
       "    if (js_urls == null || js_urls.length === 0) {\n",
       "      run_callbacks();\n",
       "      return null;\n",
       "    }\n",
       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
       "\n",
       "    function on_load() {\n",
       "      root._bokeh_is_loading--;\n",
       "      if (root._bokeh_is_loading === 0) {\n",
       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
       "        run_callbacks()\n",
       "      }\n",
       "    }\n",
       "\n",
       "    function on_error() {\n",
       "      console.error(\"failed to load \" + url);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < css_urls.length; i++) {\n",
       "      var url = css_urls[i];\n",
       "      const element = document.createElement(\"link\");\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.rel = \"stylesheet\";\n",
       "      element.type = \"text/css\";\n",
       "      element.href = url;\n",
       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
       "      document.body.appendChild(element);\n",
       "    }\n",
       "\n",
       "    for (var i = 0; i < js_urls.length; i++) {\n",
       "      var url = js_urls[i];\n",
       "      var element = document.createElement('script');\n",
       "      element.onload = on_load;\n",
       "      element.onerror = on_error;\n",
       "      element.async = false;\n",
       "      element.src = url;\n",
       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
       "      document.head.appendChild(element);\n",
       "    }\n",
       "  };var element = document.getElementById(\"6948\");\n",
       "  if (element == null) {\n",
       "    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '6948' but no matching script tag was found. \")\n",
       "    return false;\n",
       "  }\n",
       "\n",
       "  function inject_raw_css(css) {\n",
       "    const element = document.createElement(\"style\");\n",
       "    element.appendChild(document.createTextNode(css));\n",
       "    document.body.appendChild(element);\n",
       "  }\n",
       "\n",
       "  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n",
       "  var css_urls = [];\n",
       "\n",
       "  var inline_js = [\n",
       "    function(Bokeh) {\n",
       "      Bokeh.set_log_level(\"info\");\n",
       "    },\n",
       "    \n",
       "    function(Bokeh) {\n",
       "      \n",
       "    },\n",
       "    function(Bokeh) {} // ensure no trailing comma for IE\n",
       "  ];\n",
       "\n",
       "  function run_inline_js() {\n",
       "    \n",
       "    if ((root.Bokeh !== undefined) || (force === true)) {\n",
       "      for (var i = 0; i < inline_js.length; i++) {\n",
       "        inline_js[i].call(root, root.Bokeh);\n",
       "      }if (force === true) {\n",
       "        display_loaded();\n",
       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
       "      setTimeout(run_inline_js, 100);\n",
       "    } else if (!root._bokeh_failed_load) {\n",
       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
       "      root._bokeh_failed_load = true;\n",
       "    } else if (force !== true) {\n",
       "      var cell = $(document.getElementById(\"6948\")).parents('.cell').data().cell;\n",
       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
       "    }\n",
       "\n",
       "  }\n",
       "\n",
       "  if (root._bokeh_is_loading === 0) {\n",
       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
       "    run_inline_js();\n",
       "  } else {\n",
       "    load_libs(css_urls, js_urls, function() {\n",
       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
       "      run_inline_js();\n",
       "    });\n",
       "  }\n",
       "}(window));"
      ],
      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"6948\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"6948\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '6948' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"6948\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "\n",
       "  <div class=\"bk-root\" id=\"45034f26-d5bd-4162-bf12-a9b4d89a1627\" data-root-id=\"7347\"></div>\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "application/javascript": [
       "(function(root) {\n",
       "  function embed_document(root) {\n",
       "    \n",
       "  var docs_json = {\"2226748e-6ebf-42ee-9514-1674d3486b5c\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"6978\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"7011\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"7347\",\"type\":\"Column\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"FolderCreated\",\"FolderCreated\"],\"TimeGenerated\":{\"__ndarray__\":\"AIB0Cb3TdkIAAEcnu9N2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[48,298],\"y_index\":[12,12]},\"selected\":{\"id\":\"7379\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7378\",\"type\":\"UnionRenderers\"}},\"id\":\"6961\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#81D34C\"},\"line_color\":{\"value\":\"#81D34C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7162\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6963\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7102\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7103\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7105\",\"type\":\"CDSView\"}},\"id\":\"7104\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6965\",\"type\":\"ColumnDataSource\"}},\"id\":\"7262\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6963\",\"type\":\"ColumnDataSource\"}},\"id\":\"7105\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#23888D\"},\"line_color\":{\"value\":\"#23888D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7107\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7108\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6964\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7107\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7108\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7110\",\"type\":\"CDSView\"}},\"id\":\"7109\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6974\",\"type\":\"ColumnDataSource\"}},\"id\":\"7160\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6964\",\"type\":\"ColumnDataSource\"}},\"id\":\"7110\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#208F8C\"},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7112\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7113\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6965\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7112\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7113\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7115\",\"type\":\"CDSView\"}},\"id\":\"7114\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6965\",\"type\":\"ColumnDataSource\"}},\"id\":\"7115\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1E978A\"},\"line_color\":{\"value\":\"#1E978A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7117\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7118\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6966\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7117\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7118\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7120\",\"type\":\"CDSView\"}},\"id\":\"7119\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6965\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7259\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7260\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7262\",\"type\":\"CDSView\"}},\"id\":\"7261\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\",\"PermissionLevelAdded\"],\"TimeGenerated\":{\"__ndarray__\":\"AIDlC73TdkIAgOULvdN2QgCA5Qu903ZCAAAy4LzTdkIAADLgvNN2QgAAMuC803ZC\",\"dtype\":\"float64\",\"shape\":[6]},\"index\":[1,2,3,86,87,88],\"y_index\":[20,20,20,20,20,20]},\"selected\":{\"id\":\"7395\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7394\",\"type\":\"UnionRenderers\"}},\"id\":\"6969\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"6966\",\"type\":\"ColumnDataSource\"}},\"id\":\"7120\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"6950\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7184\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7185\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7187\",\"type\":\"CDSView\"}},\"id\":\"7186\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1E9E88\"},\"line_color\":{\"value\":\"#1E9E88\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7122\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7123\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6967\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7122\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7123\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7125\",\"type\":\"CDSView\"}},\"id\":\"7124\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#6DCE58\"},\"line_color\":{\"value\":\"#6DCE58\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7157\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6974\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7157\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7158\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7160\",\"type\":\"CDSView\"}},\"id\":\"7159\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6967\",\"type\":\"ColumnDataSource\"}},\"id\":\"7125\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#21A685\"},\"line_color\":{\"value\":\"#21A685\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7127\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7128\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6968\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7127\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7128\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7130\",\"type\":\"CDSView\"}},\"id\":\"7129\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7158\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\"],\"Operation\":[\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\",\"FileModified\"],\"TimeGenerated\":{\"__ndarray__\":\"AAC5CL3TdkIAAL8HvdN2QgCA8Qm903ZCAIBuCr3TdkIAAL8HvdN2QgAAswm903ZCAAC/B73TdkIAgPcIvdN2QgAAuQi903ZCAIAfOLvTdkIAgCU3u9N2QgCAJTe703ZCAIAlN7vTdkIAgK41u9N2QgCA5SOz1HZCAAANE7PUdkIAgFAns9R2QgAASQmz1HZCAADqA7PUdkIAgEAAs9R2QgCAF/Ky1HZCAAAg+7LUdkIAADj3stR2QgAAzfOy1HZCAACj+rLUdkIAAKn5stR2QgAAMviy1HZCAICC9bLUdkIAAK/4stR2QgCABfWy1HZCAADZ8bLUdkIAACz5stR2QgCAdvey1HZCAICI9LLUdkIAgJTystR2QgAAMQ2z1HZCAAAm+rLUdkIAAD72stR2QgCA5SOz1HZCAABJCbPUdkIAAOoDs9R2QgCAQACz1HZCAIAVHLPUdkIAgBfystR2QgCAMxez1HZCAAB3K7PUdkIAAJsls9R2QgCA6yKz1HZCAIDlI7PUdkIAAA0Ts9R2QgCA0yaz1HZCAIBWJrPUdkIAAKEks9R2QgAAMCKz1HZCAABHM7PUdkIAANwvs9R2QgAAfSqz1HZCAAAAKrPUdkIAAODtr9R2QgCA+vOv1HZCAADg7a/UdkIAAMLyr9R2QgCAHu6v1HZC\",\"dtype\":\"float64\",\"shape\":[63]},\"index\":[8,9,18,23,24,37,40,44,50,289,290,293,303,309,398,399,407,412,413,414,420,453,459,464,472,473,474,477,482,487,488,490,491,494,497,500,501,506,514,515,516,517,527,531,544,545,549,552,553,565,569,570,571,574,578,581,586,587,603,604,608,649,650],\"y_index\":[8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8]},\"selected\":{\"id\":\"7371\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7370\",\"type\":\"UnionRenderers\"}},\"id\":\"6957\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"6968\",\"type\":\"ColumnDataSource\"}},\"id\":\"7130\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#27AD80\"},\"line_color\":{\"value\":\"#27AD80\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7132\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7133\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"6969\",\"type\":\"ColumnDataSource\"}},\"id\":\"7135\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"6969\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7132\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7133\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7135\",\"type\":\"CDSView\"}},\"id\":\"7134\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7215\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#33618D\"},\"line_color\":{\"value\":\"#33618D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7082\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Exchange\",\"Exchange\"],\"IPAddress\":[\"185.207.139.2:7127\",\"185.207.139.2:30396\"],\"Operation\":[\"Remove-InboxRule\",\"Remove-InboxRule\"],\"TimeGenerated\":{\"__ndarray__\":\"AIAfp1jWdkIAANunWNZ2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[678,679],\"y_index\":[21,21]},\"selected\":{\"id\":\"7397\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7396\",\"type\":\"UnionRenderers\"}},\"id\":\"6970\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"6956\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7214\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7215\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7217\",\"type\":\"CDSView\"}},\"id\":\"7216\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"GroupAdded\",\"GroupAdded\",\"GroupAdded\",\"GroupAdded\",\"GroupAdded\",\"GroupAdded\"],\"TimeGenerated\":{\"__ndarray__\":\"AIA66bzTdkIAgDrpvNN2QgAAove803ZCAAA39LzTdkIAAFXvvNN2QgCAzvq803ZC\",\"dtype\":\"float64\",\"shape\":[6]},\"index\":[32,33,58,65,72,84],\"y_index\":[16,16,16,16,16,16]},\"selected\":{\"id\":\"7387\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7386\",\"type\":\"UnionRenderers\"}},\"id\":\"6965\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"7397\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"6976\",\"type\":\"ColumnDataSource\"}},\"id\":\"7317\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7398\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"6963\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7249\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7250\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7252\",\"type\":\"CDSView\"}},\"id\":\"7251\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6956\",\"type\":\"ColumnDataSource\"}},\"id\":\"7070\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7354\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"7399\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7220\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6956\",\"type\":\"ColumnDataSource\"}},\"id\":\"7217\",\"type\":\"CDSView\"},{\"attributes\":{\"below\":[{\"id\":\"7022\",\"type\":\"DatetimeAxis\"},{\"id\":\"7028\",\"type\":\"Title\"}],\"center\":[{\"id\":\"7026\",\"type\":\"Grid\"}],\"plot_height\":140,\"plot_width\":900,\"renderers\":[{\"id\":\"7034\",\"type\":\"GlyphRenderer\"},{\"id\":\"7039\",\"type\":\"GlyphRenderer\"},{\"id\":\"7044\",\"type\":\"GlyphRenderer\"},{\"id\":\"7049\",\"type\":\"GlyphRenderer\"},{\"id\":\"7054\",\"type\":\"GlyphRenderer\"},{\"id\":\"7059\",\"type\":\"GlyphRenderer\"},{\"id\":\"7064\",\"type\":\"GlyphRenderer\"},{\"id\":\"7069\",\"type\":\"GlyphRenderer\"},{\"id\":\"7074\",\"type\":\"GlyphRenderer\"},{\"id\":\"7079\",\"type\":\"GlyphRenderer\"},{\"id\":\"7084\",\"type\":\"GlyphRenderer\"},{\"id\":\"7089\",\"type\":\"GlyphRenderer\"},{\"id\":\"7094\",\"type\":\"GlyphRenderer\"},{\"id\":\"7099\",\"type\":\"GlyphRenderer\"},{\"id\":\"7104\",\"type\":\"GlyphRenderer\"},{\"id\":\"7109\",\"type\":\"GlyphRenderer\"},{\"id\":\"7114\",\"type\":\"GlyphRenderer\"},{\"id\":\"7119\",\"type\":\"GlyphRenderer\"},{\"id\":\"7124\",\"type\":\"GlyphRenderer\"},{\"id\":\"7129\",\"type\":\"GlyphRenderer\"},{\"id\":\"7134\",\"type\":\"GlyphRenderer\"},{\"id\":\"7139\",\"type\":\"GlyphRenderer\"},{\"id\":\"7144\",\"type\":\"GlyphRenderer\"},{\"id\":\"7149\",\"type\":\"GlyphRenderer\"},{\"id\":\"7154\",\"type\":\"GlyphRenderer\"},{\"id\":\"7159\",\"type\":\"GlyphRenderer\"},{\"id\":\"7164\",\"type\":\"GlyphRenderer\"},{\"id\":\"7169\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"7012\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"7027\",\"type\":\"Toolbar\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"7014\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"7018\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"7016\",\"type\":\"DataRange1d\"},\"y_scale\":{\"id\":\"7020\",\"type\":\"LinearScale\"}},\"id\":\"7011\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"7400\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"6956\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7067\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7068\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7070\",\"type\":\"CDSView\"}},\"id\":\"7069\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#3B518A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#3B518A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7219\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7401\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"AddedToGroup\"},\"renderers\":[{\"id\":\"7181\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7319\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"6957\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7219\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7220\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7222\",\"type\":\"CDSView\"}},\"id\":\"7221\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7402\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"7403\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"AnonymousLinkCreated\"},\"renderers\":[{\"id\":\"7186\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7320\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"ClientViewSignaled\"},\"renderers\":[{\"id\":\"7191\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7321\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"7404\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#37598C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#37598C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7224\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7405\",\"type\":\"Selection\"},{\"attributes\":{\"text\":\"Timeline: Azure Operations by Operation\"},\"id\":\"6979\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"6957\",\"type\":\"ColumnDataSource\"}},\"id\":\"7222\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"Create Saved Search\"},\"renderers\":[{\"id\":\"7196\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7322\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7225\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"FileAccessed\"},\"renderers\":[{\"id\":\"7201\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7323\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"7406\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"6958\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7224\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7225\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7227\",\"type\":\"CDSView\"}},\"id\":\"7226\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"FileAccessedExtended\"},\"renderers\":[{\"id\":\"7206\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7324\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"6975\",\"type\":\"ColumnDataSource\"}},\"id\":\"7165\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7407\",\"type\":\"Selection\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"7012\",\"type\":\"Title\"},{\"attributes\":{\"label\":{\"value\":\"FileModifiedExtended\"},\"renderers\":[{\"id\":\"7226\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7328\",\"type\":\"LegendItem\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"6995\",\"type\":\"BasicTicker\"}},\"id\":\"6998\",\"type\":\"Grid\"},{\"attributes\":{\"formatter\":{\"id\":\"7351\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"6995\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"6994\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"7408\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"FileDeleted\"},\"renderers\":[{\"id\":\"7211\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7325\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"7409\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7230\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6958\",\"type\":\"ColumnDataSource\"}},\"id\":\"7227\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"FileDownloaded\"},\"renderers\":[{\"id\":\"7216\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7326\",\"type\":\"LegendItem\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"7410\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"callback\":null,\"end\":1572953212689.3,\"start\":1568095196692.7},\"id\":\"7014\",\"type\":\"Range1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#33618D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#33618D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7229\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"FileModified\"},\"renderers\":[{\"id\":\"7221\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7327\",\"type\":\"LegendItem\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"7411\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"6987\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#26808E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#26808E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7249\",\"type\":\"Diamond\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"7176\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"6990\",\"type\":\"DatetimeTicker\"}},\"id\":\"6989\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"data_source\":{\"id\":\"6959\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7229\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7230\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7232\",\"type\":\"CDSView\"}},\"id\":\"7231\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"FilePreviewed\"},\"renderers\":[{\"id\":\"7231\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7329\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"7355\",\"type\":\"Selection\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"7412\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"label\":{\"value\":\"FileUploaded\"},\"renderers\":[{\"id\":\"7236\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7330\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"7413\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"92.62.139.103\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"40.117.152.107\",\"92.62.139.103\",\"185.220.102.8\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.101.31\",\"185.220.101.31\",\"40.117.152.107\",\"23.129.64.152\",\"40.117.152.107\",\"40.117.152.107\",\"40.117.152.107\",\"23.129.64.152\",\"23.129.64.152\",\"40.117.152.107\",\"40.117.152.107\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\",\"104.41.146.53\"],\"Operation\":[\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\",\"SearchQueryPerformed\"],\"TimeGenerated\":{\"__ndarray__\":\"AIC8/bzTdkIAgG8rtNN2QgCALwy003ZCAADrDLTTdkIAgKwMtNN2QgAA8Qu003ZCAID1aLTTdkIAALdotNN2QgCACrCy03ZCAADxC7TTdkIAgEWvtNN2QgCA7Ki003ZCAIBRrbTTdkIAgOyotNN2QgCA72m003ZCAIAKsLLTdkIAAGa0tNN2QgCAIbW003ZCAIA/sLTTdkIAgKqztNN2QgAAuqa003ZCAID1aLTTdkIAgO9ptNN2QgCA5wW303ZCAIDvabTTdkIAgO9ptNN2QgCA72m003ZCAAAsBbfTdkIAAKkFt9N2QgAAqQW303ZCAAAsBbfTdkIAgEGoVdR2QgCAR6dV1HZCAIDWJ1XUdkIAAME1VdR2QgCAfDZV1HZCAIDWJ1XUdkIAgNYnVdR2QgCALy5V1HZCAAB6LFXUdkIAgNAoVdR2QgCA1idV1HZCAIAZXa/UdkIAgBldr9R2QgAA1V2v1HZCAAD6Qq/UdkIAgBldr9R2QgAAUl6v1HZCAIB+e/7UdkI=\",\"dtype\":\"float64\",\"shape\":[49]},\"index\":[34,106,111,113,114,117,124,125,131,140,154,155,156,179,185,192,199,206,208,212,216,217,220,221,242,245,246,278,279,282,283,348,350,353,356,358,371,372,374,385,394,396,591,595,615,628,659,661,667],\"y_index\":[22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22]},\"selected\":{\"id\":\"7399\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7398\",\"type\":\"UnionRenderers\"}},\"id\":\"6971\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"FolderCreated\"},\"renderers\":[{\"id\":\"7241\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7331\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7235\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"Update Cases\"},\"renderers\":[{\"id\":\"7316\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7346\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_color\":{\"value\":\"#37598C\"},\"line_color\":{\"value\":\"#37598C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7077\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"7414\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"6959\",\"type\":\"ColumnDataSource\"}},\"id\":\"7232\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\"],\"IPAddress\":[\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\"],\"Operation\":[\"Update Cases\",\"Update Cases\",\"Update Cases\",\"Update Cases\"],\"TimeGenerated\":{\"__ndarray__\":\"AOBKW6XddkIA8Ctbpd12QgBAEMeX33ZCAJAGx5ffdkI=\",\"dtype\":\"float64\",\"shape\":[4]},\"index\":[18,19,94,95],\"y_index\":[27,27,27,27]},\"selected\":{\"id\":\"7409\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7408\",\"type\":\"UnionRenderers\"}},\"id\":\"6976\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2F698D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2F698D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7234\",\"type\":\"Diamond\"},{\"attributes\":{\"below\":[{\"id\":\"6989\",\"type\":\"DatetimeAxis\"}],\"center\":[{\"id\":\"6993\",\"type\":\"Grid\"},{\"id\":\"6998\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"6994\",\"type\":\"LinearAxis\"},{\"id\":\"7318\",\"type\":\"Legend\"}],\"min_border_left\":50,\"plot_height\":700,\"plot_width\":900,\"renderers\":[{\"id\":\"7181\",\"type\":\"GlyphRenderer\"},{\"id\":\"7186\",\"type\":\"GlyphRenderer\"},{\"id\":\"7191\",\"type\":\"GlyphRenderer\"},{\"id\":\"7196\",\"type\":\"GlyphRenderer\"},{\"id\":\"7201\",\"type\":\"GlyphRenderer\"},{\"id\":\"7206\",\"type\":\"GlyphRenderer\"},{\"id\":\"7211\",\"type\":\"GlyphRenderer\"},{\"id\":\"7216\",\"type\":\"GlyphRenderer\"},{\"id\":\"7221\",\"type\":\"GlyphRenderer\"},{\"id\":\"7226\",\"type\":\"GlyphRenderer\"},{\"id\":\"7231\",\"type\":\"GlyphRenderer\"},{\"id\":\"7236\",\"type\":\"GlyphRenderer\"},{\"id\":\"7241\",\"type\":\"GlyphRenderer\"},{\"id\":\"7246\",\"type\":\"GlyphRenderer\"},{\"id\":\"7251\",\"type\":\"GlyphRenderer\"},{\"id\":\"7256\",\"type\":\"GlyphRenderer\"},{\"id\":\"7261\",\"type\":\"GlyphRenderer\"},{\"id\":\"7266\",\"type\":\"GlyphRenderer\"},{\"id\":\"7271\",\"type\":\"GlyphRenderer\"},{\"id\":\"7276\",\"type\":\"GlyphRenderer\"},{\"id\":\"7281\",\"type\":\"GlyphRenderer\"},{\"id\":\"7286\",\"type\":\"GlyphRenderer\"},{\"id\":\"7291\",\"type\":\"GlyphRenderer\"},{\"id\":\"7296\",\"type\":\"GlyphRenderer\"},{\"id\":\"7301\",\"type\":\"GlyphRenderer\"},{\"id\":\"7306\",\"type\":\"GlyphRenderer\"},{\"id\":\"7311\",\"type\":\"GlyphRenderer\"},{\"id\":\"7316\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"6979\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"7004\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"6981\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"6985\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"6983\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"6987\",\"type\":\"LinearScale\"}},\"id\":\"6978\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7250\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"7415\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"IPAddress\",\"@IPAddress\"],[\"AppResourceProvider\",\"@AppResourceProvider\"],[\"Operation\",\"@Operation\"]]},\"id\":\"6977\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"7351\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"6960\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7234\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7235\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7237\",\"type\":\"CDSView\"}},\"id\":\"7236\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"7416\",\"type\":\"DaysTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"7410\",\"type\":\"AdaptiveTicker\"},{\"id\":\"7411\",\"type\":\"AdaptiveTicker\"},{\"id\":\"7412\",\"type\":\"AdaptiveTicker\"},{\"id\":\"7413\",\"type\":\"DaysTicker\"},{\"id\":\"7414\",\"type\":\"DaysTicker\"},{\"id\":\"7415\",\"type\":\"DaysTicker\"},{\"id\":\"7416\",\"type\":\"DaysTicker\"},{\"id\":\"7417\",\"type\":\"MonthsTicker\"},{\"id\":\"7418\",\"type\":\"MonthsTicker\"},{\"id\":\"7419\",\"type\":\"MonthsTicker\"},{\"id\":\"7420\",\"type\":\"MonthsTicker\"},{\"id\":\"7421\",\"type\":\"YearsTicker\"}]},\"id\":\"6990\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#95D73F\"},\"line_color\":{\"value\":\"#95D73F\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7167\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"7417\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7073\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"7356\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"end\":27.035714285714285,\"start\":-0.03571428571428571},\"id\":\"6983\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"7357\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"7418\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7240\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"end\":1572766365920.2,\"start\":1568282043461.8},\"id\":\"6981\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"6960\",\"type\":\"ColumnDataSource\"}},\"id\":\"7237\",\"type\":\"CDSView\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"7028\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"7358\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"7419\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#2C718E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#2C718E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7239\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7359\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6995\",\"type\":\"BasicTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"7420\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"6961\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7239\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7240\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7242\",\"type\":\"CDSView\"}},\"id\":\"7241\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7360\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"6957\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7072\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7073\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7075\",\"type\":\"CDSView\"}},\"id\":\"7074\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7361\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"7421\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"7362\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"7424\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"6990\",\"type\":\"DatetimeTicker\"}},\"id\":\"6993\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#29798E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#29798E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7244\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"92.62.139.103\",\"185.220.102.8\",\"23.129.64.152\",\"185.220.101.31\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\"],\"Operation\":[\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\",\"PageViewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAqC73TdkIAAAf8vNN2QgCAP/2803ZCAIB237zTdkIAAHdJtNN2QgAAwCi003ZCAIDvabTTdkIAAK4rtNN2QgCAhGa003ZCAICsDLTTdkIAgLgKtNN2QgCA+2e003ZCAADps7TTdkIAgNSstNN2QgAAQGe003ZCAIAEpbTTdkIAAK4rtNN2QgAAriu003ZCAICktLTTdkIAAKMGt9N2QgAAriu003ZCAID5ArfTdkIAgP81VdR2QgCATaZV1HZCAIDoJFXUdkIAACEmVdR2QgCA1idV1HZCAICWXa/UdkIAAF5cr9R2QgCAJVuv1HZCAABGYK/UdkI=\",\"dtype\":\"float64\",\"shape\":[31]},\"index\":[4,16,51,73,107,112,126,127,128,133,144,150,165,170,171,180,183,198,211,232,243,257,334,351,375,384,388,592,613,620,660],\"y_index\":[19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19,19]},\"selected\":{\"id\":\"7393\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7392\",\"type\":\"UnionRenderers\"}},\"id\":\"6968\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"7363\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6985\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"6961\",\"type\":\"ColumnDataSource\"}},\"id\":\"7242\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7365\",\"type\":\"Selection\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"7422\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"label\":{\"value\":\"Sign-in activity\"},\"renderers\":[{\"id\":\"7306\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7344\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"7364\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"7423\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"\",\"\",\"92.62.139.103\",\"199.249.230.113\",\"92.62.139.103\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"52.109.6.30\",\"52.109.6.30\",\"\",\"23.129.64.152\",\"23.129.64.152\",\"\",\"23.129.64.152\",\"\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"\",\"23.129.64.152\",\"\",\"\",\"23.129.64.152\",\"\",\"185.220.101.31\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"52.109.6.30\",\"52.109.6.30\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"176.10.104.240\",\"66.146.193.33\",\"\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"52.109.6.30\",\"52.109.6.30\",\"52.109.6.30\"],\"Operation\":[\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\",\"FileAccessed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAA2Cb3TdkIAAEIHvdN2QgAAQge903ZCAACE/LzTdkIAADwIvdN2QgAAPAi903ZCAAA8CL3TdkIAgHQJvdN2QgAAuQi903ZCAAA2Cb3TdkIAgAMHvdN2QgCAJwG903ZCAIAXELTTdkIAgPgptNN2QgAAEzC003ZCAAA9KbTTdkIAgKwMtNN2QgAAbgy003ZCAABuDLTTdkIAgP4otNN2QgAA6wy003ZCAADrDLTTdkIAgKwMtNN2QgAAbgy003ZCAABuDLTTdkIAgKwMtNN2QgAAbgy003ZCAABuDLTTdkIAgKwMtNN2QgCA+Cm003ZCAAA9KbTTdkIAABMwtNN2QgCA8by003ZCAACzvLTTdkIAgASltNN2QgAA6bO003ZCAAA3p7TTdkIAgPgptNN2QgAAFm6003ZCAIAVt7TTdkIAABMwtNN2QgAAPSm003ZCAICqs7TTdkIAgJ61tNN2QgAA6bO003ZCAAANrrTTdkIAAEOltNN2QgCAqrO003ZCAACpBbfTdkIAgPG8tNN2QgCA8by003ZCAICqs7TTdkIAgPG8tNN2QgCAqrO003ZCAICwsrTTdkIAAKkFt9N2QgAADgq303ZCAACpBbfTdkIAAA4Kt9N2QgAA+TO703ZCAIA3NLvTdkIAgKI3u9N2QgAAdjS703ZCAICoNrvTdkIAACcuXN12QgAAJy5c3XZCAACpOVXUdkIAACEmVdR2QgCA1TxV1HZCAACXPFXUdkIAACEmVdR2QgAAISZV1HZCAAAJp1XUdkIAAAmnVdR2QgCAR6dV1HZCAAAJp1XUdkIAgMqmVdR2QgAACadV1HZCAIDKplXUdkIAgEGoVdR2QgCAyqZV1HZCAAAJp1XUdkIAAIU/VdR2QgCA1TxV1HZCAACXPFXUdkIAAIU/VdR2QgCA1TxV1HZCAIDVPFXUdkIAAOsuVdR2QgCA0ChV1HZCAAAhJlXUdkIAAA8pVdR2QgAACadV1HZCAIDKplXUdkIAAAmnVdR2QgCAyqZV1HZCAIBfJlXUdkIAACEmVdR2QgCARypV1HZCAIBNKVXUdkIAgF8mVdR2QgAAISZV1HZCAAAhJlXUdkIAgF8mVdR2QgAAISZV1HZCAAAhJlXUdkIAACEmVdR2QgAAZS6z1HZCAAAYJrPUdkIAgN8ks9R2QgCAIRqz1HZCAADf8LLUdkIAAG0Ds9R2QgCAqwOz1HZCAIDn+bLUdkIAgO34stR2QgCAcPiy1HZCAICC9bLUdkIAAMf0stR2QgCAEfOy1HZCAICU8rLUdkIAAFzxstR2QgCAzhKz1HZCAIB297LUdkIAgGT6stR2QgCAavmy1HZCAAC197LUdkIAAD72stR2QgCAfPay1HZCAADT8rLUdkIAAFzxstR2QgAACP+y1HZCAIDh+rLUdkIAAM3zstR2QgAArg2z1HZCAIAhGrPUdkIAgN8ks9R2QgAAyjKz1HZCAABgGrPUdkIAAN/wstR2QgAATTKz1HZCAACDKbPUdkIAgFYms9R2QgAApyOz1HZCAIDyDLPUdkIAgPIMs9R2QgAAKiOz1HZCAAAwIrPUdkIAAGPtr9R2QgCAkF6v1HZCAICcXK/UdkIAAF5cr9R2QgCAm+6v1HZCAICJ8a/UdkIAgJvur9R2QgCAJO2v1HZCAICn7K/UdkIAgJxcr9R2QgAAXlyv1HZCAIANX6/UdkIAgJxcr9R2QgCAtUOv1HZCAIC1Q6/UdkIAAF5cr9R2QgAAXlyv1HZCAABeXK/UdkIAAP5rr9R2QgAAXlyv1HZCAABeXK/UdkIAgKHtr9R2QgAA21yv1HZCAADbXK/UdkIAANtcr9R2QgCAE16v1HZCAABeXK/UdkIAAL17/tR2QgAAvXv+1HZCAID7e/7UdkI=\",\"dtype\":\"float64\",\"shape\":[178]},\"index\":[6,10,12,15,19,21,38,41,43,74,76,77,101,103,104,105,110,116,118,135,136,137,138,139,141,142,143,145,146,148,152,153,161,162,164,167,169,175,177,178,181,182,194,200,203,209,213,219,222,234,235,237,239,240,241,244,277,280,281,291,294,300,304,307,312,318,326,327,328,330,331,332,336,337,338,340,341,343,344,345,347,349,352,354,355,357,360,361,366,367,370,373,376,378,380,381,382,383,386,387,389,390,391,392,393,395,397,400,408,410,417,421,449,451,454,455,457,460,462,465,466,469,471,475,478,480,483,485,492,495,498,502,504,507,509,510,512,519,528,533,534,540,542,550,555,558,572,575,589,596,597,598,601,605,606,609,611,614,616,617,619,630,631,635,637,638,639,646,648,651,653,654,655,656,657,666,669,672],\"y_index\":[4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4]},\"selected\":{\"id\":\"7363\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7362\",\"type\":\"UnionRenderers\"}},\"id\":\"6953\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"AddedToGroup\",\"AddedToGroup\",\"AddedToGroup\",\"AddedToGroup\",\"AddedToGroup\"],\"TimeGenerated\":{\"__ndarray__\":\"AIA66bzTdkIAgOD3vNN2QgCAdfS803ZCAICT77zTdkIAAA37vNN2Qg==\",\"dtype\":\"float64\",\"shape\":[5]},\"index\":[31,57,64,71,82],\"y_index\":[0,0,0,0,0]},\"selected\":{\"id\":\"7355\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7354\",\"type\":\"UnionRenderers\"}},\"id\":\"6949\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\",\"66.146.193.33\"],\"Operation\":[\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\",\"FileDeleted\"],\"TimeGenerated\":{\"__ndarray__\":\"AAD2DbfTdkIAAPYNt9N2QgAA9g2303ZCAAD2DbfTdkIAgLcNt9N2QgCA5iC203ZCAIBdIrbTdkIAAJYjttN2QgAADSW203ZCAAANJbbTdkIAAA0lttN2QgAADSW203ZCAIBvH7bTdkIAAD0dttN2QgAAFy+703ZCAAAXL7vTdkIAABcvu9N2QgAAFy+703ZCAAAXL7vTdkIAACUPs9R2QgAAJQ+z1HZCAAAlD7PUdkIAACUPs9R2QgCA5g6z1HZCAIDmDrPUdkIAgOYOs9R2QgCA5g6z1HZCAACoDrPUdkIAgGkOs9R2QgAAKw6z1HZCAAArDrPUdkIAACsOs9R2QgCA7A2z1HZCAIDsDbPUdkIAgOwNs9R2QgAArg2z1HZCAACuDbPUdkIAgG8Ns9R2QgCAbw2z1HZCAIBvDbPUdkIAADENs9R2QgAAMQ2z1HZCAAAxDbPUdkIAgPIMs9R2QgCA8gyz1HZCAACBa6/UdkIAAIFrr9R2QgCAQmuv1HZCAAB7bK/UdkIAgDxsr9R2QgAA/muv1HZCAAD+a6/UdkIAgL9rr9R2QgCAv2uv1HZC\",\"dtype\":\"float64\",\"shape\":[54]},\"index\":[225,226,227,228,229,259,260,261,271,272,273,274,275,276,284,285,286,287,288,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,623,624,625,640,641,642,643,644,645],\"y_index\":[6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6]},\"selected\":{\"id\":\"7367\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7366\",\"type\":\"UnionRenderers\"}},\"id\":\"6955\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\"],\"IPAddress\":[\"92.62.139.103\"],\"Operation\":[\"FileAccessedExtended\"],\"TimeGenerated\":{\"__ndarray__\":\"AIDblrTTdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[147],\"y_index\":[5]},\"selected\":{\"id\":\"7365\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7364\",\"type\":\"UnionRenderers\"}},\"id\":\"6954\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#26808E\"},\"line_color\":{\"value\":\"#26808E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7102\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"6958\",\"type\":\"ColumnDataSource\"}},\"id\":\"7080\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7078\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\",\"Microsoft.SecurityInsights\"],\"IPAddress\":[\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.174.123\",\"131.107.174.123\",\"131.107.174.123\",\"131.107.174.123\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"131.107.147.205\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\"],\"Operation\":[\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\",\"Update Case Investigation\"],\"TimeGenerated\":{\"__ndarray__\":\"AEBwkq7ddkIAYDySrt12QgBAboCu3XZCAOBBgK7ddkIA0FmLpt12QgAAJYum3XZCAGA/t6bddkIAUA63pt12QgAQsW+l3XZCAFCAb6XddkIA0Bdnpd12QgAg9Wal3XZCAJD1ZaXddkIAkM1lpd12QgAgf2Sl3XZCAOBfZKXddkIAgCFjpd12QgDACmOl3XZCAOB6h6XddkIAsFqHpd12QgDwRYel3XZCAPABh6XddkIAAIWGpd12QgBAQIal3XZCAEBQgqXddkIAcAyCpd12QgDQbHSl3XZCAFBCdKXddkIAgFtypd12QgAANnKl3XZCAOBoVwLddkIA0DhXAt12QgCQFVYC3XZCABDhVQLddkIAkPZUAt12QgAw1FQC3XZCABAJSALddkIAAOJHAt12QgDgv9j13HZCAKCH2PXcdkIAgJrS9dx2QgDwf9L13HZCABDZz/XcdkIAULHP9dx2QgDQYgcV3XZCAPAoBxXddkIAkPQDFd12QgBwoQMV3XZCADBngh3ddkIAgDCCHd12QgAAE3cd3XZCAFD6dh3ddkIAoEV1Hd12QgDwDnUd3XZCADDzbB3ddkIAMLxsHd12Qg==\",\"dtype\":\"float64\",\"shape\":[56]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,68,69,70,71,72,73,78,79,80,81,86,87,88,89,90,91,92,93],\"y_index\":[26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26,26]},\"selected\":{\"id\":\"7407\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7406\",\"type\":\"UnionRenderers\"}},\"id\":\"6975\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7168\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"6976\",\"type\":\"ColumnDataSource\"}},\"id\":\"7170\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#3B518A\"},\"line_color\":{\"value\":\"#3B518A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7072\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\"],\"IPAddress\":[\"92.62.139.103\"],\"Operation\":[\"FolderModified\"],\"TimeGenerated\":{\"__ndarray__\":\"AADxiLTTdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[233],\"y_index\":[14]},\"selected\":{\"id\":\"7383\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7382\",\"type\":\"UnionRenderers\"}},\"id\":\"6963\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"SharingInheritanceBroken\",\"SharingInheritanceBroken\",\"SharingInheritanceBroken\",\"SharingInheritanceBroken\",\"SharingInheritanceBroken\",\"SharingInheritanceBroken\"],\"TimeGenerated\":{\"__ndarray__\":\"AAB56bzTdkIAgDrpvNN2QgAAove803ZCAIB19LzTdkIAgJPvvNN2QgAADfu803ZC\",\"dtype\":\"float64\",\"shape\":[6]},\"index\":[26,30,56,63,70,85],\"y_index\":[23,23,23,23,23,23]},\"selected\":{\"id\":\"7401\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7400\",\"type\":\"UnionRenderers\"}},\"id\":\"6972\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"ListCreated\"},\"renderers\":[{\"id\":\"7266\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7336\",\"type\":\"LegendItem\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Exchange\",\"Exchange\"],\"IPAddress\":[\"[2a02:418:6017::148]:45644\",\"176.10.99.200:45866\"],\"Operation\":[\"New-InboxRule\",\"New-InboxRule\"],\"TimeGenerated\":{\"__ndarray__\":\"AABUw7LTdkIAgGzXBNV2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[132,677],\"y_index\":[18,18]},\"selected\":{\"id\":\"7391\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7390\",\"type\":\"UnionRenderers\"}},\"id\":\"6967\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7190\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7290\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\"],\"Operation\":[\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\",\"FileModifiedExtended\"],\"TimeGenerated\":{\"__ndarray__\":\"AICvLLPUdkIAAPQrs9R2QgAAiSiz1HZCAIDSO7PUdkIAAEczs9R2QgAA7iyz1HZCAAB3K7PUdkIAgEoos9R2QgAATTKz1HZCAABZMLPUdkIAgD4qs9R2QgCAGUWz1HZCAACmOLPUdkIAANAxs9R2QgAA3C+z1HZCAIDHKLPUdkIAgJExs9R2QgAAZS6z1HZCAIDAPrPUdkI=\",\"dtype\":\"float64\",\"shape\":[19]},\"index\":[402,403,406,416,518,520,521,523,525,537,547,554,560,562,564,566,579,582,588],\"y_index\":[9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9]},\"selected\":{\"id\":\"7373\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7372\",\"type\":\"UnionRenderers\"}},\"id\":\"6958\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#3DBB74\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#3DBB74\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7289\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#471669\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#471669\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7189\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"New-InboxRule\"},\"renderers\":[{\"id\":\"7271\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7337\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"6971\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7289\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7290\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7292\",\"type\":\"CDSView\"}},\"id\":\"7291\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6951\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7189\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7190\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7192\",\"type\":\"CDSView\"}},\"id\":\"7191\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"GroupAdded\"},\"renderers\":[{\"id\":\"7261\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7335\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"6964\",\"type\":\"ColumnDataSource\"}},\"id\":\"7257\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7295\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7195\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6971\",\"type\":\"ColumnDataSource\"}},\"id\":\"7292\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6951\",\"type\":\"ColumnDataSource\"}},\"id\":\"7192\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#4BC26C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#4BC26C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7294\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#482172\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#482172\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7194\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6964\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7254\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7255\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7257\",\"type\":\"CDSView\"}},\"id\":\"7256\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6972\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7294\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7295\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7297\",\"type\":\"CDSView\"}},\"id\":\"7296\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6952\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7194\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7195\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7197\",\"type\":\"CDSView\"}},\"id\":\"7196\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\",\"Microsoft.Logic\"],\"IPAddress\":[\"131.107.147.205\",\"131.107.147.205\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\"],\"Operation\":[\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\",\"Gets workflow recommend operation groups\"],\"TimeGenerated\":{\"__ndarray__\":\"AIASlQLddkIAgPSUAt12QgDwtVX23HZCAMCaVfbcdkIAEMtJ9tx2QgCgr0n23HZCAOAvHRXddkIAMBMdFd12QgDA/fEd3XZCALDg8R3ddkI=\",\"dtype\":\"float64\",\"shape\":[10]},\"index\":[40,41,52,53,54,55,76,77,84,85],\"y_index\":[15,15,15,15,15,15,15,15,15,15]},\"selected\":{\"id\":\"7385\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7384\",\"type\":\"UnionRenderers\"}},\"id\":\"6964\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"Gets workflow recommend operation groups\"},\"renderers\":[{\"id\":\"7256\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7334\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7300\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7200\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6972\",\"type\":\"ColumnDataSource\"}},\"id\":\"7297\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6952\",\"type\":\"ColumnDataSource\"}},\"id\":\"7197\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#5BC862\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#5BC862\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7299\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#472B7A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#472B7A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7199\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6973\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7299\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7300\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7302\",\"type\":\"CDSView\"}},\"id\":\"7301\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6953\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7199\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7200\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7202\",\"type\":\"CDSView\"}},\"id\":\"7201\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"FolderModified\"},\"renderers\":[{\"id\":\"7251\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7333\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7305\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6973\",\"type\":\"ColumnDataSource\"}},\"id\":\"7302\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"SharingSet\"},\"renderers\":[{\"id\":\"7301\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7343\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"6953\",\"type\":\"ColumnDataSource\"}},\"id\":\"7202\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#6DCE58\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#6DCE58\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7304\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7205\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6974\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7304\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7305\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7307\",\"type\":\"CDSView\"}},\"id\":\"7306\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#453580\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#453580\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7204\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6954\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7204\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7205\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7207\",\"type\":\"CDSView\"}},\"id\":\"7206\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7310\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6974\",\"type\":\"ColumnDataSource\"}},\"id\":\"7307\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#23888D\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#23888D\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7254\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#81D34C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#81D34C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7309\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6954\",\"type\":\"ColumnDataSource\"}},\"id\":\"7207\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"FolderDeleted\"},\"renderers\":[{\"id\":\"7246\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7332\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7210\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6975\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7309\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7310\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7312\",\"type\":\"CDSView\"}},\"id\":\"7311\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#423E85\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#423E85\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7209\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7255\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6955\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7209\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7210\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7212\",\"type\":\"CDSView\"}},\"id\":\"7211\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6976\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7314\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7315\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7317\",\"type\":\"CDSView\"}},\"id\":\"7316\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6975\",\"type\":\"ColumnDataSource\"}},\"id\":\"7312\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6963\",\"type\":\"ColumnDataSource\"}},\"id\":\"7252\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7315\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#95D73F\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#95D73F\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7314\",\"type\":\"Diamond\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"7319\",\"type\":\"LegendItem\"},{\"id\":\"7320\",\"type\":\"LegendItem\"},{\"id\":\"7321\",\"type\":\"LegendItem\"},{\"id\":\"7322\",\"type\":\"LegendItem\"},{\"id\":\"7323\",\"type\":\"LegendItem\"},{\"id\":\"7324\",\"type\":\"LegendItem\"},{\"id\":\"7325\",\"type\":\"LegendItem\"},{\"id\":\"7326\",\"type\":\"LegendItem\"},{\"id\":\"7327\",\"type\":\"LegendItem\"},{\"id\":\"7328\",\"type\":\"LegendItem\"},{\"id\":\"7329\",\"type\":\"LegendItem\"},{\"id\":\"7330\",\"type\":\"LegendItem\"},{\"id\":\"7331\",\"type\":\"LegendItem\"},{\"id\":\"7332\",\"type\":\"LegendItem\"},{\"id\":\"7333\",\"type\":\"LegendItem\"},{\"id\":\"7334\",\"type\":\"LegendItem\"},{\"id\":\"7335\",\"type\":\"LegendItem\"},{\"id\":\"7336\",\"type\":\"LegendItem\"},{\"id\":\"7337\",\"type\":\"LegendItem\"},{\"id\":\"7338\",\"type\":\"LegendItem\"},{\"id\":\"7339\",\"type\":\"LegendItem\"},{\"id\":\"7340\",\"type\":\"LegendItem\"},{\"id\":\"7341\",\"type\":\"LegendItem\"},{\"id\":\"7342\",\"type\":\"LegendItem\"},{\"id\":\"7343\",\"type\":\"LegendItem\"},{\"id\":\"7344\",\"type\":\"LegendItem\"},{\"id\":\"7345\",\"type\":\"LegendItem\"},{\"id\":\"7346\",\"type\":\"LegendItem\"}],\"label_text_font_size\":{\"value\":\"8pt\"},\"location\":\"center\"},\"id\":\"7318\",\"type\":\"Legend\"},{\"attributes\":{\"source\":{\"id\":\"6955\",\"type\":\"ColumnDataSource\"}},\"id\":\"7212\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#3E4888\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#3E4888\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7214\",\"type\":\"Diamond\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"66.146.193.33\"],\"Operation\":[\"FolderDeleted\",\"FolderDeleted\"],\"TimeGenerated\":{\"__ndarray__\":\"AIBJMbvTdkIAgEJrr9R2Qg==\",\"dtype\":\"float64\",\"shape\":[2]},\"index\":[306,626],\"y_index\":[13,13]},\"selected\":{\"id\":\"7381\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7380\",\"type\":\"UnionRenderers\"}},\"id\":\"6962\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"AnonymousLinkCreated\",\"AnonymousLinkCreated\",\"AnonymousLinkCreated\",\"AnonymousLinkCreated\",\"AnonymousLinkCreated\"],\"TimeGenerated\":{\"__ndarray__\":\"AIC36bzTdkIAgOD3vNN2QgCAdfS803ZCAADS77zTdkIAAA37vNN2Qg==\",\"dtype\":\"float64\",\"shape\":[5]},\"index\":[25,52,59,66,79],\"y_index\":[1,1,1,1,1]},\"selected\":{\"id\":\"7357\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7356\",\"type\":\"UnionRenderers\"}},\"id\":\"6950\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null},\"id\":\"7016\",\"type\":\"DataRange1d\"},{\"attributes\":{},\"id\":\"7018\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\",\"Microsoft.OperationalInsights\"],\"IPAddress\":[\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\"],\"Operation\":[\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\",\"Create Saved Search\"],\"TimeGenerated\":{\"__ndarray__\":\"ACCF5hHddkIAQGrmEd12QgAwS9kR3XZCADAy2RHddkIAoM/XEd12QgAwrtcR3XZCAPDR1hHddkIAsLLWEd12QgAQbtUR3XZCACAx1RHddkIAQP2V9tx2QgDQ6pX23HZCABD3lPbcdkIAIOeU9tx2QgBAE5L23HZCAEAJkvbcdkIAUCqR9tx2QgCwBpH23HZCADBzj/bcdkIAoFOP9tx2QgDg3Yn23HZCABC8ifbcdkIAMAFCFd12QgAQ1kEV3XZCADBj0x3ddkIAoBvTHd12Qg==\",\"dtype\":\"float64\",\"shape\":[26]},\"index\":[42,43,44,45,46,47,48,49,50,51,56,57,58,59,60,61,62,63,64,65,66,67,74,75,82,83],\"y_index\":[3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3]},\"selected\":{\"id\":\"7361\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7360\",\"type\":\"UnionRenderers\"}},\"id\":\"6952\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7245\",\"type\":\"Diamond\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"7171\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"7171\",\"type\":\"RangeTool\"}]},\"id\":\"7027\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"6962\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7244\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7245\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7247\",\"type\":\"CDSView\"}},\"id\":\"7246\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#3E4888\"},\"line_color\":{\"value\":\"#3E4888\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7067\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"7366\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"6999\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"7367\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"SearchQueryPerformed\"},\"renderers\":[{\"id\":\"7291\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7341\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7265\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7368\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\"],\"IPAddress\":[\"92.62.139.103\"],\"Operation\":[\"ClientViewSignaled\"],\"TimeGenerated\":{\"__ndarray__\":\"AAA9prTTdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[197],\"y_index\":[2]},\"selected\":{\"id\":\"7359\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7358\",\"type\":\"UnionRenderers\"}},\"id\":\"6951\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"6962\",\"type\":\"ColumnDataSource\"}},\"id\":\"7247\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7369\",\"type\":\"Selection\"},{\"attributes\":{\"overlay\":{\"id\":\"7422\",\"type\":\"BoxAnnotation\"}},\"id\":\"7000\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"6977\",\"type\":\"HoverTool\"},{\"id\":\"6999\",\"type\":\"WheelZoomTool\"},{\"id\":\"7000\",\"type\":\"BoxZoomTool\"},{\"id\":\"7001\",\"type\":\"ResetTool\"},{\"id\":\"7002\",\"type\":\"SaveTool\"},{\"id\":\"7003\",\"type\":\"PanTool\"}]},\"id\":\"7004\",\"type\":\"Toolbar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#1E978A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#1E978A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7264\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7001\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"7370\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\",\"176.10.104.240\"],\"Operation\":[\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\",\"FileUploaded\"],\"TimeGenerated\":{\"__ndarray__\":\"AAAkDL3TdkIAgOsKvdN2QgAANgm903ZCAABCB73TdkIAAEIHvdN2QgCAaAu903ZCAAA8CL3TdkIAgP0HvdN2QgAAKgu903ZCAAAwCr3TdkIAADwIvdN2QgCAdAm903ZCAAAkDL3TdkIAgGgLvdN2QgAArQq903ZCAAA2Cb3TdkIAgAMHvdN2QgAAJAy903ZCAIBoC73TdkIAAPkzu9N2QgCANzS703ZCAAC4KbvTdkIAADspu9N2QgAAuCm703ZCAICiN7vTdkIAAEEou9N2QgCANzS703ZCAABqNrvTdkIAALgpu9N2QgAAZS6z1HZCAAD6KrPUdkIAAAYps9R2QgAAGCaz1HZCAIDfJLPUdkIAAII+s9R2QgCAIRqz1HZCAICO87LUdkIAAN/wstR2QgAAbQOz1HZCAICrA7PUdkIAgO34stR2QgCAcPiy1HZCAICC9bLUdkIAAMf0stR2QgCAlPKy1HZCAABc8bLUdkIAgM4Ss9R2QgCAdvey1HZCAIBk+rLUdkIAgGr5stR2QgAAtfey1HZCAAA+9rLUdkIAgOf5stR2QgCAfPay1HZCAADT8rLUdkIAgB3xstR2QgCAyf6y1HZCAIDh+rLUdkIAAK4Ns9R2QgCAIRqz1HZCAIDfJLPUdkIAAIMps9R2QgCACDOz1HZCAADcL7PUdkIAgCEas9R2QgCAjvOy1HZCAADf8LLUdkIAAE0ys9R2QgAAUzGz1HZCAIAgL7PUdkIAAHEss9R2QgAAgymz1HZCAIBWJrPUdkIAgLsqs9R2QgCAzSez1HZCAACnI7PUdkIAgPIMs9R2QgCA8gyz1HZCAIBtN7PUdkIAAE0ys9R2QgAAWTCz1HZCAAAMKLPUdkIAAI8ns9R2QgAAKiOz1HZCAAAwIrPUdkIAgPA2s9R2QgCAlzCz1HZCAIAyLLPUdkIAAPQrs9R2QgCAOCuz1HZCAADm7K/UdkIAgJvur9R2QgAAXe6v1HZCAIAk7a/UdkIAgKfsr9R2Qg==\",\"dtype\":\"float64\",\"shape\":[95]},\"index\":[0,5,7,11,13,17,20,22,35,36,39,42,45,46,47,75,78,89,90,292,295,296,297,299,301,302,305,308,310,401,404,405,409,411,415,418,419,422,450,452,456,458,461,463,467,468,470,476,479,481,484,486,489,493,496,499,503,505,508,511,513,522,524,526,529,530,532,535,536,538,539,541,543,546,548,551,556,557,559,561,563,567,568,573,576,577,580,583,584,585,590,602,607,610,612],\"y_index\":[11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11]},\"selected\":{\"id\":\"7377\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7376\",\"type\":\"UnionRenderers\"}},\"id\":\"6960\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"7002\",\"type\":\"SaveTool\"},{\"attributes\":{\"label\":{\"value\":\"Update Case Investigation\"},\"renderers\":[{\"id\":\"7311\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7345\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"7371\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"6966\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7264\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7265\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7267\",\"type\":\"CDSView\"}},\"id\":\"7266\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7020\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"7003\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"7372\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"7373\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"6955\",\"type\":\"ColumnDataSource\"}},\"id\":\"7065\",\"type\":\"CDSView\"},{\"attributes\":{\"label\":{\"value\":\"Remove-InboxRule\"},\"renderers\":[{\"id\":\"7286\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7340\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7270\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7374\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"6966\",\"type\":\"ColumnDataSource\"}},\"id\":\"7267\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7375\",\"type\":\"Selection\"},{\"attributes\":{\"ticker\":{\"id\":\"7023\",\"type\":\"DatetimeTicker\"}},\"id\":\"7026\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#1E9E88\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#1E9E88\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7269\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7376\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"7377\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"6967\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7269\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7270\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7272\",\"type\":\"CDSView\"}},\"id\":\"7271\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"7029\",\"type\":\"DatetimeTickFormatter\"},\"ticker\":{\"id\":\"7023\",\"type\":\"DatetimeTicker\"}},\"id\":\"7022\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"7423\",\"type\":\"AdaptiveTicker\"},{\"id\":\"7424\",\"type\":\"AdaptiveTicker\"},{\"id\":\"7425\",\"type\":\"AdaptiveTicker\"},{\"id\":\"7426\",\"type\":\"DaysTicker\"},{\"id\":\"7427\",\"type\":\"DaysTicker\"},{\"id\":\"7428\",\"type\":\"DaysTicker\"},{\"id\":\"7429\",\"type\":\"DaysTicker\"},{\"id\":\"7430\",\"type\":\"MonthsTicker\"},{\"id\":\"7431\",\"type\":\"MonthsTicker\"},{\"id\":\"7432\",\"type\":\"MonthsTicker\"},{\"id\":\"7433\",\"type\":\"MonthsTicker\"},{\"id\":\"7434\",\"type\":\"YearsTicker\"}]},\"id\":\"7023\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"7378\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"7379\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"PermissionLevelAdded\"},\"renderers\":[{\"id\":\"7281\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7339\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"7029\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7275\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6949\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7032\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7033\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7035\",\"type\":\"CDSView\"}},\"id\":\"7034\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6967\",\"type\":\"ColumnDataSource\"}},\"id\":\"7272\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7380\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"7381\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#21A685\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#21A685\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7274\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7068\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"O365 Suite UX\",\"O365 Suite UX\",\"Office 365 SharePoint Online\",\"O365 Suite UX\",\"O365 Suite UX\",\"Office 365 SharePoint Online\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Notebooks\",\"Azure Notebooks\",\"Azure Portal\",\"Azure Portal\",\"Azure Notebooks\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Azure Portal\",\"Azure Portal\",\"Azure Portal\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"O365 Suite UX\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\",\"Office 365 Exchange Online\"],\"IPAddress\":[\"131.107.174.181\",\"131.107.159.181\",\"131.107.160.181\",\"23.129.64.193\",\"23.129.64.193\",\"23.129.64.193\",\"23.129.64.193\",\"185.220.101.48\",\"198.98.58.135\",\"198.98.58.135\",\"185.220.101.48\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"131.107.160.77\",\"50.35.65.178\",\"50.35.65.178\",\"50.35.65.178\",\"167.220.2.105\",\"131.107.160.77\",\"131.107.160.77\",\"131.107.160.77\",\"176.10.99.200\",\"176.10.99.200\",\"176.10.99.200\",\"176.10.99.200\",\"131.107.159.205\",\"167.220.2.123\",\"167.220.2.123\",\"131.107.159.143\",\"131.107.159.205\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.147.105\",\"131.107.174.205\",\"131.107.174.205\",\"131.107.160.205\",\"131.107.174.205\",\"131.107.160.205\",\"50.35.65.178\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"87.118.116.103\",\"131.107.159.205\",\"50.35.65.178\",\"131.107.160.77\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\",\"109.70.100.24\",\"217.115.10.132\",\"217.115.10.132\",\"185.4.132.135\",\"185.4.132.135\",\"185.4.132.135\",\"185.4.132.135\",\"109.70.100.24\",\"109.70.100.24\"],\"Operation\":[\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\",\"Sign-in activity\"],\"TimeGenerated\":{\"__ndarray__\":\"ADB9RZ7hdkIAYGtXnuF2QgDgx4Ge4XZCAIBWKzzXdkIAEOUsPNd2QgCAVis813ZCABDlLDzXdkIAICQV5tZ2QgAwA+2O13ZCADAD7Y7XdkIAICQV5tZ2QgBQ8T2v1HZCAFDxPa/UdkIAUAdar9R2QgBg5z6v1HZCAGDnPq/UdkIAUAdar9R2QgBwlosB3XZCAJB1qfbcdkIAAMKn9tx2QgDgALb13HZCADCbORHddkIAkOc8Zd12QgAw4VRl3XZCAFDiUmXddkIAIAUpXN12QgDg0Slc3XZCACAFKVzddkIA4NEpXN12QgDAO06l3XZCAJAjrKXddkIAkIKqpd12QgDA272o3XZCACAUTaXddkIAoL+Dwtx2QgCAxYTC3HZCALAbfsLcdkIAgNF9wtx2QgCwAITC3HZCAAB0fcLcdkIAQNtlrt12QgBwWKeu3XZCAFByK7fddkIAUPulrt12QgCQfpT43XZCAJCHFgHgdkIAkKi5BNV2QgCQqLkE1XZCAGBysgTVdkIAIK68BNV2QgAgrrwE1XZCAKD8OEHfdkIA8IPjad92QgCwV7mX33ZCADAldf7UdkIAEIt2/tR2QgAQi3b+1HZCADAldf7UdkIA0CGpk9Z2QgDQIamT1nZCAKDAp5PWdkIAoMCnk9Z2QgBQgmdY1nZCAFCCZ1jWdkIA0NOWWNZ2QgDQ05ZY1nZCABDvl1jWdkIAEO+XWNZ2QgAwIHDh13ZCADAgcOHXdkI=\",\"dtype\":\"float64\",\"shape\":[70]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69],\"y_index\":[25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25,25]},\"selected\":{\"id\":\"7405\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7404\",\"type\":\"UnionRenderers\"}},\"id\":\"6974\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7033\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"7382\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"6968\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7274\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7275\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7277\",\"type\":\"CDSView\"}},\"id\":\"7276\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7383\",\"type\":\"Selection\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7032\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"7384\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"PageViewed\"},\"renderers\":[{\"id\":\"7276\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7338\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"7385\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7280\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6968\",\"type\":\"ColumnDataSource\"}},\"id\":\"7277\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7386\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#27AD80\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#27AD80\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7279\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6949\",\"type\":\"ColumnDataSource\"}},\"id\":\"7035\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7387\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"6976\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7167\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7168\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7170\",\"type\":\"CDSView\"}},\"id\":\"7169\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"77.247.181.163\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"40.126.9.50\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"77.247.181.163\",\"77.247.181.163\",\"40.126.9.50\",\"40.126.9.50\",\"40.126.9.50\",\"40.126.9.50\",\"77.247.181.163\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"185.220.102.8\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"40.126.9.51\",\"40.126.9.51\",\"40.126.9.49\",\"185.220.101.1\",\"40.126.9.49\",\"185.220.101.1\",\"185.220.101.1\",\"40.126.9.51\",\"185.220.101.1\",\"185.220.101.1\",\"185.220.101.1\",\"40.126.9.51\",\"185.220.101.1\",\"23.129.64.152\",\"23.129.64.152\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"23.129.64.152\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"185.220.101.31\",\"20.190.128.101\",\"20.190.128.103\",\"199.249.230.111\",\"199.249.230.111\",\"20.190.128.103\",\"199.249.230.111\",\"199.249.230.111\",\"199.249.230.111\",\"20.190.128.103\",\"199.249.230.111\",\"66.146.193.33\",\"199.249.230.111\",\"20.190.128.103\",\"199.249.230.111\",\"66.146.193.33\",\"20.190.128.103\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"20.190.129.100\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"109.70.100.26\",\"20.190.129.100\",\"20.190.129.100\",\"20.190.129.100\"],\"Operation\":[\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\",\"FilePreviewed\"],\"TimeGenerated\":{\"__ndarray__\":\"AAB+/bzTdkIAAH79vNN2QgCA+LKy03ZCAACuK7TTdkIAAK4rtNN2QgAAriu003ZCAACuK7TTdkIAAK4rtNN2QgCAgbGy03ZCAIBvK7TTdkIAAK4rtNN2QgAAriu003ZCAADps7TTdkIAAO+ytNN2QgAA17a003ZCAICktLTTdkIAgKqztNN2QgAAriu003ZCAACuK7TTdkIAACu1stN2QgCA+LKy03ZCAABJsLLTdkIAAEmwstN2QgCAgbGy03ZCAICBsbLTdkIAgPiystN2QgCAsLK003ZCAAB+sLTTdkIAAN21tNN2QgCAsLK003ZCAIA/sLTTdkIAAGyztNN2QgCAG7a003ZCAADFubTTdkIAgIa5tNN2QgAAYLW003ZCAACpBbfTdkIAgOEGt9N2QgCAIbW003ZCAABysrTTdkIAACYGt9N2QgAAqQW303ZCAACpBbfTdkIAAKkFt9N2QgAAJga303ZCAAAmBrfTdkIAAKkFt9N2QgAAsCxc3XZCAACwLFzddkIAAC0tXN12QgCA6C1c3XZCAAAtLVzddkIAgOgtXN12QgCAay1c3XZCAACwLFzddkIAAKotXN12QgAAqi1c3XZCAACqLVzddkIAALAsXN12QgAAqi1c3XZCAIBqOVXUdkIAAKk5VdR2QgAAhqdV1HZCAIBHp1XUdkIAgEenVdR2QgCAcDhV1HZCAAAmOlXUdkIAgOc5VdR2QgCA7ThV1HZCAACvOFXUdkIAAH9AVdR2QgCAQEBV1HZCAIBHp1XUdkIAAIanVdR2QgAAAEKv1HZCAACDQa/UdkIAAPRDr9R2QgCAtUOv1HZCAACDQa/UdkIAAPRDr9R2QgCAtUOv1HZCAIAyRK/UdkIAAINBr9R2QgAAcUSv1HZCAIA0l6/UdkIAAPRDr9R2QgAAg0Gv1HZCAIC1Q6/UdkIAAPaWr9R2QgAAg0Gv1HZCAAC9e/7UdkIAAL17/tR2QgAAvXv+1HZCAADDev7UdkIAAL17/tR2QgAAvXv+1HZCAAC9e/7UdkIAAL17/tR2QgAAQHv+1HZCAADDev7UdkIAAEB7/tR2Qg==\",\"dtype\":\"float64\",\"shape\":[101]},\"index\":[14,49,91,102,108,109,115,129,130,134,149,151,157,158,163,166,168,172,174,186,187,188,189,190,191,193,195,196,202,204,205,207,210,214,215,218,230,231,236,238,250,252,253,254,255,256,258,311,313,314,315,316,317,319,320,321,322,323,324,325,329,333,335,339,342,359,362,363,364,365,368,369,377,379,593,594,599,600,618,621,622,627,629,632,633,634,636,647,652,658,662,663,664,665,668,670,671,673,674,675,676],\"y_index\":[10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10]},\"selected\":{\"id\":\"7375\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7374\",\"type\":\"UnionRenderers\"}},\"id\":\"6959\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\"],\"IPAddress\":[\"185.220.101.31\"],\"Operation\":[\"ListCreated\"],\"TimeGenerated\":{\"__ndarray__\":\"AIBHp1XUdkI=\",\"dtype\":\"float64\",\"shape\":[1]},\"index\":[346],\"y_index\":[17]},\"selected\":{\"id\":\"7389\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7388\",\"type\":\"UnionRenderers\"}},\"id\":\"6966\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#460B5E\"},\"line_color\":{\"value\":\"#460B5E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7037\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6969\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7279\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7280\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7282\",\"type\":\"CDSView\"}},\"id\":\"7281\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7038\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"7388\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"6950\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7037\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7038\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7040\",\"type\":\"CDSView\"}},\"id\":\"7039\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7389\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"7390\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7285\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7391\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"6969\",\"type\":\"ColumnDataSource\"}},\"id\":\"7282\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6950\",\"type\":\"ColumnDataSource\"}},\"id\":\"7040\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#30B47A\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#30B47A\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7284\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"7392\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_color\":{\"value\":\"#471669\"},\"line_color\":{\"value\":\"#471669\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7042\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"7393\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7043\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6970\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7284\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7285\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7287\",\"type\":\"CDSView\"}},\"id\":\"7286\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6951\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7042\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7043\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7045\",\"type\":\"CDSView\"}},\"id\":\"7044\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7394\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"7395\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"6970\",\"type\":\"ColumnDataSource\"}},\"id\":\"7287\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6951\",\"type\":\"ColumnDataSource\"}},\"id\":\"7045\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"7396\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"6960\",\"type\":\"ColumnDataSource\"}},\"id\":\"7090\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"7176\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"overlay\":{\"id\":\"7172\",\"type\":\"BoxAnnotation\"},\"x_range\":{\"id\":\"6981\",\"type\":\"Range1d\"},\"y_range\":null},\"id\":\"7171\",\"type\":\"RangeTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#482172\"},\"line_color\":{\"value\":\"#482172\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7047\",\"type\":\"Circle\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"7425\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#30B47A\"},\"line_color\":{\"value\":\"#30B47A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7137\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7048\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"7426\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"6952\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7047\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7048\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7050\",\"type\":\"CDSView\"}},\"id\":\"7049\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7138\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6970\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7137\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7138\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7140\",\"type\":\"CDSView\"}},\"id\":\"7139\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"7427\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"6952\",\"type\":\"ColumnDataSource\"}},\"id\":\"7050\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"7428\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"6970\",\"type\":\"ColumnDataSource\"}},\"id\":\"7140\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#472B7A\"},\"line_color\":{\"value\":\"#472B7A\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7052\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"7429\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7053\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#3DBB74\"},\"line_color\":{\"value\":\"#3DBB74\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7142\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"7430\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"6953\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7052\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7053\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7055\",\"type\":\"CDSView\"}},\"id\":\"7054\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7143\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6971\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7142\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7143\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7145\",\"type\":\"CDSView\"}},\"id\":\"7144\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6960\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7087\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7088\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7090\",\"type\":\"CDSView\"}},\"id\":\"7089\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"7431\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"7432\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"6953\",\"type\":\"ColumnDataSource\"}},\"id\":\"7055\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6971\",\"type\":\"ColumnDataSource\"}},\"id\":\"7145\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"7433\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#453580\"},\"line_color\":{\"value\":\"#453580\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7057\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#4BC26C\"},\"line_color\":{\"value\":\"#4BC26C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7147\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7058\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7148\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6954\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7057\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7058\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7060\",\"type\":\"CDSView\"}},\"id\":\"7059\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6972\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7147\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7148\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7150\",\"type\":\"CDSView\"}},\"id\":\"7149\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"7434\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2F698D\"},\"line_color\":{\"value\":\"#2F698D\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7087\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"7172\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"source\":{\"id\":\"6954\",\"type\":\"ColumnDataSource\"}},\"id\":\"7060\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6972\",\"type\":\"ColumnDataSource\"}},\"id\":\"7150\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#423E85\"},\"line_color\":{\"value\":\"#423E85\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7062\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#5BC862\"},\"line_color\":{\"value\":\"#5BC862\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7152\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7063\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"6959\",\"type\":\"ColumnDataSource\"}},\"id\":\"7085\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7153\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6955\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7062\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7063\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7065\",\"type\":\"CDSView\"}},\"id\":\"7064\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6973\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7152\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7153\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7155\",\"type\":\"CDSView\"}},\"id\":\"7154\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6958\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7077\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7078\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7080\",\"type\":\"CDSView\"}},\"id\":\"7079\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#2C718E\"},\"line_color\":{\"value\":\"#2C718E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7092\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7093\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7180\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7088\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6961\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7092\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7093\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7095\",\"type\":\"CDSView\"}},\"id\":\"7094\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6973\",\"type\":\"ColumnDataSource\"}},\"id\":\"7155\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#208F8C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7259\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6959\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7082\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7083\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7085\",\"type\":\"CDSView\"}},\"id\":\"7084\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"6975\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7162\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7163\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7165\",\"type\":\"CDSView\"}},\"id\":\"7164\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"SharingInheritanceBroken\"},\"renderers\":[{\"id\":\"7296\",\"type\":\"GlyphRenderer\"}]},\"id\":\"7342\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"6957\",\"type\":\"ColumnDataSource\"}},\"id\":\"7075\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7179\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"6949\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7179\",\"type\":\"Diamond\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7180\",\"type\":\"Diamond\"},\"selection_glyph\":null,\"view\":{\"id\":\"7182\",\"type\":\"CDSView\"}},\"id\":\"7181\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"6961\",\"type\":\"ColumnDataSource\"}},\"id\":\"7095\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7185\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"#29798E\"},\"line_color\":{\"value\":\"#29798E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7097\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7098\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"6962\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"7097\",\"type\":\"Circle\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"7098\",\"type\":\"Circle\"},\"selection_glyph\":null,\"view\":{\"id\":\"7100\",\"type\":\"CDSView\"}},\"id\":\"7099\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"185.220.101.6\",\"92.62.139.103\",\"185.220.101.6\",\"185.220.101.6\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"92.62.139.103\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\",\"FileDownloaded\"],\"TimeGenerated\":{\"__ndarray__\":\"AADtX7TTdkIAAHBftNN2QgAAcF+003ZCAIAxX7TTdkIAAPNetNN2QgCAtF6003ZCAIC0XrTTdkIAAHZetNN2QgAAdl6003ZCAIBIcLTTdkIAgEhwtNN2QgCAy2+003ZCAAAKcLTTdkIAABuCtNN2QgCASHC003ZCAAAKcLTTdkIAgJt3tNN2QgAAwnu003ZCAACAhrTTdkIAgPR9tNN2QgAACAu303ZCAACLCrfTdkIAAAgLt9N2QgCAyQq303ZCAACLCrfTdkIAgEwKt9N2QgAA3he203ZCAICfF7bTdkIAAGEXttN2QgAAYRe203ZCAIAiF7bTdkIAgCIXttN2QgAA5Ba203ZCAABnFrbTdkIAgKUWttN2Qg==\",\"dtype\":\"float64\",\"shape\":[35]},\"index\":[92,93,94,95,96,97,98,99,100,119,120,121,122,123,159,160,173,176,184,201,223,224,247,248,249,251,262,263,264,265,266,267,268,269,270],\"y_index\":[7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7]},\"selected\":{\"id\":\"7369\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7368\",\"type\":\"UnionRenderers\"}},\"id\":\"6956\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7260\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"6949\",\"type\":\"ColumnDataSource\"}},\"id\":\"7182\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#460B5E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#460B5E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7184\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7163\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7103\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"7083\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"6962\",\"type\":\"ColumnDataSource\"}},\"id\":\"7100\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"6950\",\"type\":\"ColumnDataSource\"}},\"id\":\"7187\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"data\":{\"AppResourceProvider\":[\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\",\"SharePoint\"],\"IPAddress\":[\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\",\"185.220.102.8\"],\"Operation\":[\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\",\"SharingSet\"],\"TimeGenerated\":{\"__ndarray__\":\"AIA66bzTdkIAgDrpvNN2QgCAOum803ZCAIDg97zTdkIAgOD3vNN2QgCA4Pe803ZCAIB19LzTdkIAgHX0vNN2QgCAdfS803ZCAICT77zTdkIAgJPvvNN2QgCAk++803ZCAAAN+7zTdkIAAA37vNN2QgAADfu803ZC\",\"dtype\":\"float64\",\"shape\":[15]},\"index\":[27,28,29,53,54,55,60,61,62,67,68,69,80,81,83],\"y_index\":[24,24,24,24,24,24,24,24,24,24,24,24,24,24,24]},\"selected\":{\"id\":\"7403\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"7402\",\"type\":\"UnionRenderers\"}},\"id\":\"6973\",\"type\":\"ColumnDataSource\"}],\"root_ids\":[\"7347\"]},\"title\":\"Bokeh Application\",\"version\":\"1.3.4\"}};\n",
       "  var render_items = [{\"docid\":\"2226748e-6ebf-42ee-9514-1674d3486b5c\",\"roots\":{\"7347\":\"45034f26-d5bd-4162-bf12-a9b4d89a1627\"}}];\n",
       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
       "\n",
       "  }\n",
       "  if (root.Bokeh !== undefined) {\n",
       "    embed_document(root);\n",
       "  } else {\n",
       "    var attempts = 0;\n",
       "    var timer = setInterval(function(root) {\n",
       "      if (root.Bokeh !== undefined) {\n",
       "        embed_document(root);\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "      attempts++;\n",
       "      if (attempts > 100) {\n",
       "        console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
       "        clearInterval(timer);\n",
       "      }\n",
       "    }, 10, root)\n",
       "  }\n",
       "})(window);"
      ],
      "application/vnd.bokehjs_exec.v0+json": ""
     },
     "metadata": {
      "application/vnd.bokehjs_exec.v0+json": {
       "id": "7347"
      }
     },
     "output_type": "display_data"
    }
   ],
   "source": [
    "az_all_data = pd.concat([aad_signin_df, azure_activity_df, o365_activity_df], sort=False)\n",
    "\n",
    "nbdisplay.display_timeline(data=az_all_data,\n",
    "                          group_by=\"AppResourceProvider\",\n",
    "                          source_columns=[\"Operation\", \"IPAddress\", \"AppResourceProvider\"],\n",
    "                          title=\"Azure Signin activity by Provider\")\n",
    "nbdisplay.display_timeline(data=az_all_data,\n",
    "                          group_by=\"IPAddress\",\n",
    "                          source_columns=[\"Operation\", \"IPAddress\", \"AppResourceProvider\"],\n",
    "                          title=\"Azure Operations by Source IP\")\n",
    "nbdisplay.display_timeline(data=az_all_data,\n",
    "                          group_by=\"Operation\",\n",
    "                          source_columns=[\"Operation\", \"IPAddress\", \"AppResourceProvider\"],\n",
    "                          title=\"Azure Operations by Operation\");"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 48,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:14:18.846865Z",
     "start_time": "2019-10-30T19:14:18.809885Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/html": [
       "<div>\n",
       "<style scoped>\n",
       "    .dataframe tbody tr th:only-of-type {\n",
       "        vertical-align: middle;\n",
       "    }\n",
       "\n",
       "    .dataframe tbody tr th {\n",
       "        vertical-align: top;\n",
       "    }\n",
       "\n",
       "    .dataframe thead th {\n",
       "        text-align: right;\n",
       "    }\n",
       "</style>\n",
       "<table border=\"1\" class=\"dataframe\">\n",
       "  <thead>\n",
       "    <tr style=\"text-align: right;\">\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th>OperationCount</th>\n",
       "      <th>OperationTypes</th>\n",
       "      <th>Resources</th>\n",
       "      <th>FirstOperation</th>\n",
       "      <th>LastOperation</th>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <th>UserPrincipalName</th>\n",
       "      <th>Type</th>\n",
       "      <th>IPAddress</th>\n",
       "      <th>AppResourceProvider</th>\n",
       "      <th>UserType</th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "    </tr>\n",
       "  </thead>\n",
       "  <tbody>\n",
       "    <tr>\n",
       "      <td rowspan=\"26\" valign=\"top\">alexw@m365x648731.onmicrosoft.com</td>\n",
       "      <td rowspan=\"26\" valign=\"top\">OfficeActivity</td>\n",
       "      <td></td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>15</td>\n",
       "      <td>[FileAccessed]</td>\n",
       "      <td>7</td>\n",
       "      <td>2019-09-16 18:06:06</td>\n",
       "      <td>2019-09-19 19:18:06</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>104.41.146.53</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>7</td>\n",
       "      <td>[SearchQueryPerformed]</td>\n",
       "      <td>5</td>\n",
       "      <td>2019-09-19 19:16:20</td>\n",
       "      <td>2019-09-20 18:20:49</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>109.70.100.26</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>7</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>3</td>\n",
       "      <td>2019-09-20 18:20:50</td>\n",
       "      <td>2019-09-20 18:20:50</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>176.10.104.240</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>208</td>\n",
       "      <td>[FileModified, FileAccessed, FileUploaded, FileModifiedExtended, FileDeleted]</td>\n",
       "      <td>36</td>\n",
       "      <td>2019-09-19 19:27:55</td>\n",
       "      <td>2019-09-19 20:26:23</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>176.10.99.200:45866</td>\n",
       "      <td>Exchange</td>\n",
       "      <td>Admin</td>\n",
       "      <td>1</td>\n",
       "      <td>[New-InboxRule]</td>\n",
       "      <td>1</td>\n",
       "      <td>2019-09-20 20:11:57</td>\n",
       "      <td>2019-09-20 20:11:57</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.207.139.2:30396</td>\n",
       "      <td>Exchange</td>\n",
       "      <td>Admin</td>\n",
       "      <td>1</td>\n",
       "      <td>[Remove-InboxRule]</td>\n",
       "      <td>1</td>\n",
       "      <td>2019-09-24 23:10:38</td>\n",
       "      <td>2019-09-24 23:10:38</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.207.139.2:7127</td>\n",
       "      <td>Exchange</td>\n",
       "      <td>Admin</td>\n",
       "      <td>1</td>\n",
       "      <td>[Remove-InboxRule]</td>\n",
       "      <td>1</td>\n",
       "      <td>2019-09-24 23:10:35</td>\n",
       "      <td>2019-09-24 23:10:35</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.220.101.1</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>7</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>3</td>\n",
       "      <td>2019-10-16 18:09:39</td>\n",
       "      <td>2019-10-16 18:09:41</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.220.101.31</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>26</td>\n",
       "      <td>[FilePreviewed, FileAccessed, ListCreated, SearchQueryPerformed, PageViewed]</td>\n",
       "      <td>25</td>\n",
       "      <td>2019-09-18 17:02:06</td>\n",
       "      <td>2019-09-18 17:10:23</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.220.101.6</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>15</td>\n",
       "      <td>[FileDownloaded]</td>\n",
       "      <td>14</td>\n",
       "      <td>2019-09-16 18:11:40</td>\n",
       "      <td>2019-09-16 18:12:53</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.220.102.8</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>168</td>\n",
       "      <td>[FileUploaded, PermissionLevelAdded, PageViewed, FileAccessed, FileModified, FilePreviewed, Anon...</td>\n",
       "      <td>46</td>\n",
       "      <td>2019-09-16 18:41:42</td>\n",
       "      <td>2019-09-16 20:43:20</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>199.249.230.111</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>8</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>4</td>\n",
       "      <td>2019-09-19 19:16:23</td>\n",
       "      <td>2019-09-19 19:16:26</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>199.249.230.113</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>1</td>\n",
       "      <td>[FileAccessed]</td>\n",
       "      <td>1</td>\n",
       "      <td>2019-09-16 18:16:38</td>\n",
       "      <td>2019-09-16 18:16:38</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20.190.128.101</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>1</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>1</td>\n",
       "      <td>2019-09-19 19:16:16</td>\n",
       "      <td>2019-09-19 19:16:16</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20.190.128.103</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>5</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>4</td>\n",
       "      <td>2019-09-19 19:16:14</td>\n",
       "      <td>2019-09-19 19:16:14</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20.190.129.100</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>4</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>4</td>\n",
       "      <td>2019-09-20 18:20:46</td>\n",
       "      <td>2019-09-20 18:20:48</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>23.129.64.152</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>32</td>\n",
       "      <td>[FileAccessed, FilePreviewed, PageViewed, SearchQueryPerformed]</td>\n",
       "      <td>31</td>\n",
       "      <td>2019-09-18 17:01:25</td>\n",
       "      <td>2019-09-18 17:03:03</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.117.152.107</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>17</td>\n",
       "      <td>[SearchQueryPerformed]</td>\n",
       "      <td>11</td>\n",
       "      <td>2019-09-16 17:42:17</td>\n",
       "      <td>2019-09-18 17:02:37</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.126.9.49</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>2</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>1</td>\n",
       "      <td>2019-10-16 18:09:38</td>\n",
       "      <td>2019-10-16 18:09:38</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.126.9.50</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>5</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>3</td>\n",
       "      <td>2019-09-16 17:42:18</td>\n",
       "      <td>2019-09-16 17:42:23</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.126.9.51</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>4</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>2</td>\n",
       "      <td>2019-10-16 18:09:36</td>\n",
       "      <td>2019-10-16 18:09:36</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>52.109.6.30</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>7</td>\n",
       "      <td>[FileAccessed]</td>\n",
       "      <td>6</td>\n",
       "      <td>2019-09-19 19:16:23</td>\n",
       "      <td>2019-10-16 18:09:42</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>66.146.193.33</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>33</td>\n",
       "      <td>[PageViewed, FileAccessed, FileDeleted, FolderDeleted, FilePreviewed]</td>\n",
       "      <td>32</td>\n",
       "      <td>2019-09-19 19:17:59</td>\n",
       "      <td>2019-09-19 19:22:05</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>77.247.181.163</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>4</td>\n",
       "      <td>[FilePreviewed]</td>\n",
       "      <td>4</td>\n",
       "      <td>2019-09-16 17:42:29</td>\n",
       "      <td>2019-09-16 17:42:38</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>92.62.139.103</td>\n",
       "      <td>SharePoint</td>\n",
       "      <td>Regular</td>\n",
       "      <td>100</td>\n",
       "      <td>[FileAccessed, FilePreviewed, SearchQueryPerformed, PageViewed, FileDownloaded, FileAccessedExte...</td>\n",
       "      <td>63</td>\n",
       "      <td>2019-09-16 18:05:57</td>\n",
       "      <td>2019-09-16 18:18:07</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>[2a02:418:6017::148]:45644</td>\n",
       "      <td>Exchange</td>\n",
       "      <td>Admin</td>\n",
       "      <td>1</td>\n",
       "      <td>[New-InboxRule]</td>\n",
       "      <td>1</td>\n",
       "      <td>2019-09-16 17:43:36</td>\n",
       "      <td>2019-09-16 17:43:36</td>\n",
       "    </tr>\n",
       "  </tbody>\n",
       "</table>\n",
       "</div>"
      ],
      "text/plain": [
       "                                                                                                          OperationCount  \\\n",
       "UserPrincipalName                 Type           IPAddress                  AppResourceProvider UserType                   \n",
       "alexw@m365x648731.onmicrosoft.com OfficeActivity                            SharePoint          Regular               15   \n",
       "                                                 104.41.146.53              SharePoint          Regular                7   \n",
       "                                                 109.70.100.26              SharePoint          Regular                7   \n",
       "                                                 176.10.104.240             SharePoint          Regular              208   \n",
       "                                                 176.10.99.200:45866        Exchange            Admin                  1   \n",
       "                                                 185.207.139.2:30396        Exchange            Admin                  1   \n",
       "                                                 185.207.139.2:7127         Exchange            Admin                  1   \n",
       "                                                 185.220.101.1              SharePoint          Regular                7   \n",
       "                                                 185.220.101.31             SharePoint          Regular               26   \n",
       "                                                 185.220.101.6              SharePoint          Regular               15   \n",
       "                                                 185.220.102.8              SharePoint          Regular              168   \n",
       "                                                 199.249.230.111            SharePoint          Regular                8   \n",
       "                                                 199.249.230.113            SharePoint          Regular                1   \n",
       "                                                 20.190.128.101             SharePoint          Regular                1   \n",
       "                                                 20.190.128.103             SharePoint          Regular                5   \n",
       "                                                 20.190.129.100             SharePoint          Regular                4   \n",
       "                                                 23.129.64.152              SharePoint          Regular               32   \n",
       "                                                 40.117.152.107             SharePoint          Regular               17   \n",
       "                                                 40.126.9.49                SharePoint          Regular                2   \n",
       "                                                 40.126.9.50                SharePoint          Regular                5   \n",
       "                                                 40.126.9.51                SharePoint          Regular                4   \n",
       "                                                 52.109.6.30                SharePoint          Regular                7   \n",
       "                                                 66.146.193.33              SharePoint          Regular               33   \n",
       "                                                 77.247.181.163             SharePoint          Regular                4   \n",
       "                                                 92.62.139.103              SharePoint          Regular              100   \n",
       "                                                 [2a02:418:6017::148]:45644 Exchange            Admin                  1   \n",
       "\n",
       "                                                                                                                                                                                               OperationTypes  \\\n",
       "UserPrincipalName                 Type           IPAddress                  AppResourceProvider UserType                                                                                                        \n",
       "alexw@m365x648731.onmicrosoft.com OfficeActivity                            SharePoint          Regular                                                                                        [FileAccessed]   \n",
       "                                                 104.41.146.53              SharePoint          Regular                                                                                [SearchQueryPerformed]   \n",
       "                                                 109.70.100.26              SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 176.10.104.240             SharePoint          Regular                         [FileModified, FileAccessed, FileUploaded, FileModifiedExtended, FileDeleted]   \n",
       "                                                 176.10.99.200:45866        Exchange            Admin                                                                                         [New-InboxRule]   \n",
       "                                                 185.207.139.2:30396        Exchange            Admin                                                                                      [Remove-InboxRule]   \n",
       "                                                 185.207.139.2:7127         Exchange            Admin                                                                                      [Remove-InboxRule]   \n",
       "                                                 185.220.101.1              SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 185.220.101.31             SharePoint          Regular                          [FilePreviewed, FileAccessed, ListCreated, SearchQueryPerformed, PageViewed]   \n",
       "                                                 185.220.101.6              SharePoint          Regular                                                                                      [FileDownloaded]   \n",
       "                                                 185.220.102.8              SharePoint          Regular   [FileUploaded, PermissionLevelAdded, PageViewed, FileAccessed, FileModified, FilePreviewed, Anon...   \n",
       "                                                 199.249.230.111            SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 199.249.230.113            SharePoint          Regular                                                                                        [FileAccessed]   \n",
       "                                                 20.190.128.101             SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 20.190.128.103             SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 20.190.129.100             SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 23.129.64.152              SharePoint          Regular                                       [FileAccessed, FilePreviewed, PageViewed, SearchQueryPerformed]   \n",
       "                                                 40.117.152.107             SharePoint          Regular                                                                                [SearchQueryPerformed]   \n",
       "                                                 40.126.9.49                SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 40.126.9.50                SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 40.126.9.51                SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 52.109.6.30                SharePoint          Regular                                                                                        [FileAccessed]   \n",
       "                                                 66.146.193.33              SharePoint          Regular                                 [PageViewed, FileAccessed, FileDeleted, FolderDeleted, FilePreviewed]   \n",
       "                                                 77.247.181.163             SharePoint          Regular                                                                                       [FilePreviewed]   \n",
       "                                                 92.62.139.103              SharePoint          Regular   [FileAccessed, FilePreviewed, SearchQueryPerformed, PageViewed, FileDownloaded, FileAccessedExte...   \n",
       "                                                 [2a02:418:6017::148]:45644 Exchange            Admin                                                                                         [New-InboxRule]   \n",
       "\n",
       "                                                                                                          Resources  \\\n",
       "UserPrincipalName                 Type           IPAddress                  AppResourceProvider UserType              \n",
       "alexw@m365x648731.onmicrosoft.com OfficeActivity                            SharePoint          Regular           7   \n",
       "                                                 104.41.146.53              SharePoint          Regular           5   \n",
       "                                                 109.70.100.26              SharePoint          Regular           3   \n",
       "                                                 176.10.104.240             SharePoint          Regular          36   \n",
       "                                                 176.10.99.200:45866        Exchange            Admin             1   \n",
       "                                                 185.207.139.2:30396        Exchange            Admin             1   \n",
       "                                                 185.207.139.2:7127         Exchange            Admin             1   \n",
       "                                                 185.220.101.1              SharePoint          Regular           3   \n",
       "                                                 185.220.101.31             SharePoint          Regular          25   \n",
       "                                                 185.220.101.6              SharePoint          Regular          14   \n",
       "                                                 185.220.102.8              SharePoint          Regular          46   \n",
       "                                                 199.249.230.111            SharePoint          Regular           4   \n",
       "                                                 199.249.230.113            SharePoint          Regular           1   \n",
       "                                                 20.190.128.101             SharePoint          Regular           1   \n",
       "                                                 20.190.128.103             SharePoint          Regular           4   \n",
       "                                                 20.190.129.100             SharePoint          Regular           4   \n",
       "                                                 23.129.64.152              SharePoint          Regular          31   \n",
       "                                                 40.117.152.107             SharePoint          Regular          11   \n",
       "                                                 40.126.9.49                SharePoint          Regular           1   \n",
       "                                                 40.126.9.50                SharePoint          Regular           3   \n",
       "                                                 40.126.9.51                SharePoint          Regular           2   \n",
       "                                                 52.109.6.30                SharePoint          Regular           6   \n",
       "                                                 66.146.193.33              SharePoint          Regular          32   \n",
       "                                                 77.247.181.163             SharePoint          Regular           4   \n",
       "                                                 92.62.139.103              SharePoint          Regular          63   \n",
       "                                                 [2a02:418:6017::148]:45644 Exchange            Admin             1   \n",
       "\n",
       "                                                                                                              FirstOperation  \\\n",
       "UserPrincipalName                 Type           IPAddress                  AppResourceProvider UserType                       \n",
       "alexw@m365x648731.onmicrosoft.com OfficeActivity                            SharePoint          Regular  2019-09-16 18:06:06   \n",
       "                                                 104.41.146.53              SharePoint          Regular  2019-09-19 19:16:20   \n",
       "                                                 109.70.100.26              SharePoint          Regular  2019-09-20 18:20:50   \n",
       "                                                 176.10.104.240             SharePoint          Regular  2019-09-19 19:27:55   \n",
       "                                                 176.10.99.200:45866        Exchange            Admin    2019-09-20 20:11:57   \n",
       "                                                 185.207.139.2:30396        Exchange            Admin    2019-09-24 23:10:38   \n",
       "                                                 185.207.139.2:7127         Exchange            Admin    2019-09-24 23:10:35   \n",
       "                                                 185.220.101.1              SharePoint          Regular  2019-10-16 18:09:39   \n",
       "                                                 185.220.101.31             SharePoint          Regular  2019-09-18 17:02:06   \n",
       "                                                 185.220.101.6              SharePoint          Regular  2019-09-16 18:11:40   \n",
       "                                                 185.220.102.8              SharePoint          Regular  2019-09-16 18:41:42   \n",
       "                                                 199.249.230.111            SharePoint          Regular  2019-09-19 19:16:23   \n",
       "                                                 199.249.230.113            SharePoint          Regular  2019-09-16 18:16:38   \n",
       "                                                 20.190.128.101             SharePoint          Regular  2019-09-19 19:16:16   \n",
       "                                                 20.190.128.103             SharePoint          Regular  2019-09-19 19:16:14   \n",
       "                                                 20.190.129.100             SharePoint          Regular  2019-09-20 18:20:46   \n",
       "                                                 23.129.64.152              SharePoint          Regular  2019-09-18 17:01:25   \n",
       "                                                 40.117.152.107             SharePoint          Regular  2019-09-16 17:42:17   \n",
       "                                                 40.126.9.49                SharePoint          Regular  2019-10-16 18:09:38   \n",
       "                                                 40.126.9.50                SharePoint          Regular  2019-09-16 17:42:18   \n",
       "                                                 40.126.9.51                SharePoint          Regular  2019-10-16 18:09:36   \n",
       "                                                 52.109.6.30                SharePoint          Regular  2019-09-19 19:16:23   \n",
       "                                                 66.146.193.33              SharePoint          Regular  2019-09-19 19:17:59   \n",
       "                                                 77.247.181.163             SharePoint          Regular  2019-09-16 17:42:29   \n",
       "                                                 92.62.139.103              SharePoint          Regular  2019-09-16 18:05:57   \n",
       "                                                 [2a02:418:6017::148]:45644 Exchange            Admin    2019-09-16 17:43:36   \n",
       "\n",
       "                                                                                                               LastOperation  \n",
       "UserPrincipalName                 Type           IPAddress                  AppResourceProvider UserType                      \n",
       "alexw@m365x648731.onmicrosoft.com OfficeActivity                            SharePoint          Regular  2019-09-19 19:18:06  \n",
       "                                                 104.41.146.53              SharePoint          Regular  2019-09-20 18:20:49  \n",
       "                                                 109.70.100.26              SharePoint          Regular  2019-09-20 18:20:50  \n",
       "                                                 176.10.104.240             SharePoint          Regular  2019-09-19 20:26:23  \n",
       "                                                 176.10.99.200:45866        Exchange            Admin    2019-09-20 20:11:57  \n",
       "                                                 185.207.139.2:30396        Exchange            Admin    2019-09-24 23:10:38  \n",
       "                                                 185.207.139.2:7127         Exchange            Admin    2019-09-24 23:10:35  \n",
       "                                                 185.220.101.1              SharePoint          Regular  2019-10-16 18:09:41  \n",
       "                                                 185.220.101.31             SharePoint          Regular  2019-09-18 17:10:23  \n",
       "                                                 185.220.101.6              SharePoint          Regular  2019-09-16 18:12:53  \n",
       "                                                 185.220.102.8              SharePoint          Regular  2019-09-16 20:43:20  \n",
       "                                                 199.249.230.111            SharePoint          Regular  2019-09-19 19:16:26  \n",
       "                                                 199.249.230.113            SharePoint          Regular  2019-09-16 18:16:38  \n",
       "                                                 20.190.128.101             SharePoint          Regular  2019-09-19 19:16:16  \n",
       "                                                 20.190.128.103             SharePoint          Regular  2019-09-19 19:16:14  \n",
       "                                                 20.190.129.100             SharePoint          Regular  2019-09-20 18:20:48  \n",
       "                                                 23.129.64.152              SharePoint          Regular  2019-09-18 17:03:03  \n",
       "                                                 40.117.152.107             SharePoint          Regular  2019-09-18 17:02:37  \n",
       "                                                 40.126.9.49                SharePoint          Regular  2019-10-16 18:09:38  \n",
       "                                                 40.126.9.50                SharePoint          Regular  2019-09-16 17:42:23  \n",
       "                                                 40.126.9.51                SharePoint          Regular  2019-10-16 18:09:36  \n",
       "                                                 52.109.6.30                SharePoint          Regular  2019-10-16 18:09:42  \n",
       "                                                 66.146.193.33              SharePoint          Regular  2019-09-19 19:22:05  \n",
       "                                                 77.247.181.163             SharePoint          Regular  2019-09-16 17:42:38  \n",
       "                                                 92.62.139.103              SharePoint          Regular  2019-09-16 18:18:07  \n",
       "                                                 [2a02:418:6017::148]:45644 Exchange            Admin    2019-09-16 17:43:36  "
      ]
     },
     "execution_count": 48,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "(az_all_data\n",
    ".groupby([\"UserPrincipalName\", \"Type\", \"IPAddress\", \"AppResourceProvider\", \"UserType\"])\n",
    ".agg(\n",
    "     OperationCount=pd.NamedAgg(column=\"Type\", aggfunc=\"count\"),\n",
    "     OperationTypes=pd.NamedAgg(column=\"Operation\", aggfunc=lambda x: x.unique().tolist()),\n",
    "     Resources=pd.NamedAgg(column=\"ResourceId\", aggfunc=\"nunique\"),\n",
    "     FirstOperation=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"min\"),\n",
    "     LastOperation=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"max\"),\n",
    "  )\n",
    ")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Threat Intelligence for IP Addresses\n",
    "<details>\n",
    "    <summary>TI Configuration</summary>\n",
    "If you have not used msticpy threat intelligence lookups before you will need to supply API keys for the \n",
    "TI Providers that you want to use. Please see the section on configuring [msticpyconfig.yaml](#msticpyconfig.yaml-configuration-File)\n",
    "\n",
    "Then reload provider settings:\n",
    "```\n",
    "mylookup = TILookup()\n",
    "mylookup.reload_provider_settings()\n",
    "```\n",
    "</details>"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 55,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-30T19:18:18.323560Z",
     "start_time": "2019-10-30T19:16:43.180798Z"
    },
    "scrolled": true
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold;color: red;font-size: 130%'>63 threat intelligence hits have been matched on one or more source IP addresses.</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold;color: red'> You should investigate these IP addresses using the 'Entity Explorer - IP Address' notebook</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "<div>\n",
       "<style scoped>\n",
       "    .dataframe tbody tr th:only-of-type {\n",
       "        vertical-align: middle;\n",
       "    }\n",
       "\n",
       "    .dataframe tbody tr th {\n",
       "        vertical-align: top;\n",
       "    }\n",
       "\n",
       "    .dataframe thead th {\n",
       "        text-align: right;\n",
       "    }\n",
       "</style>\n",
       "<table border=\"1\" class=\"dataframe\">\n",
       "  <thead>\n",
       "    <tr style=\"text-align: right;\">\n",
       "      <th></th>\n",
       "      <th>Ioc</th>\n",
       "      <th>IocType</th>\n",
       "      <th>QuerySubtype</th>\n",
       "      <th>Provider</th>\n",
       "      <th>Result</th>\n",
       "      <th>Severity</th>\n",
       "      <th>Details</th>\n",
       "      <th>RawResult</th>\n",
       "      <th>Reference</th>\n",
       "      <th>Status</th>\n",
       "    </tr>\n",
       "  </thead>\n",
       "  <tbody>\n",
       "    <tr>\n",
       "      <td>3</td>\n",
       "      <td>23.129.64.193</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 35, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/23.129.64.193/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>4</td>\n",
       "      <td>185.220.101.48</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 35, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offi...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.48/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>5</td>\n",
       "      <td>198.98.58.135</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 7, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/198.98.58.135/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>10</td>\n",
       "      <td>176.10.99.200</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 50, 'names': ['Webscanners 2018-02-09  thru current day', 'TOR Nodes', 'N6 Torli...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/176.10.99.200/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>17</td>\n",
       "      <td>87.118.116.103</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 30, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/87.118.116.103/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>19</td>\n",
       "      <td>217.115.10.132</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 50, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/217.115.10.132/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20</td>\n",
       "      <td>185.4.132.135</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 4, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'dan...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.4.132.135/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>23</td>\n",
       "      <td>185.220.102.8</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 10, 'names': ['TOR Nodes', 'SSH - US Honeypot IoCs 2019-09-19', 'N6 Torlist 2019...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.102.8/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>24</td>\n",
       "      <td>77.247.181.163</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 50, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/77.247.181.163/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>25</td>\n",
       "      <td>185.220.101.6</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 45, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.6/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>26</td>\n",
       "      <td>92.62.139.103</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 9, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/92.62.139.103/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>29</td>\n",
       "      <td>199.249.230.113</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 31, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'Suspicious IPs-August-10-08...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/199.249.230.113/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>33</td>\n",
       "      <td>185.220.101.1</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 45, 'names': ['Webscanners 2018-02-09  thru current day', 'TOR Nodes', 'N6 Torli...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.1/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>34</td>\n",
       "      <td>23.129.64.152</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 36, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/23.129.64.152/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>35</td>\n",
       "      <td>185.220.101.31</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 39, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offi...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.31/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>36</td>\n",
       "      <td>176.10.104.240</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 44, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/176.10.104.240/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>38</td>\n",
       "      <td>66.146.193.33</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 5, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'dan...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/66.146.193.33/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>41</td>\n",
       "      <td>199.249.230.111</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 29, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'Suspicious IPs-August-10-08...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/199.249.230.111/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>43</td>\n",
       "      <td>185.207.139.2</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>OTX</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'pulse_count': 4, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic...</td>\n",
       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/185.207.139.2/general</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>0</td>\n",
       "      <td>131.107.174.181</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri...</td>\n",
       "      <td>{'ip': '131.107.174.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.174.181</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>1</td>\n",
       "      <td>131.107.159.181</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri...</td>\n",
       "      <td>{'ip': '131.107.159.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.159.181</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>2</td>\n",
       "      <td>131.107.160.181</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri...</td>\n",
       "      <td>{'ip': '131.107.160.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.160.181</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>3</td>\n",
       "      <td>23.129.64.193</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Spam': 71, 'Anonymisation Services': 86, 'Bots': 57}, 'categoryDescript...</td>\n",
       "      <td>{'ip': '23.129.64.193', 'history': [{'created': '2017-07-20T06:21:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/23.129.64.193</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>4</td>\n",
       "      <td>185.220.101.48</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '185.220.101.48', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.220.101.48</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>5</td>\n",
       "      <td>198.98.58.135</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...</td>\n",
       "      <td>{'ip': '198.98.58.135', 'history': [{'created': '2012-07-06T06:28:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/198.98.58.135</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>6</td>\n",
       "      <td>109.70.100.26</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '109.70.100.26', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/109.70.100.26</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>7</td>\n",
       "      <td>131.107.160.77</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.160.77', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.160.77</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>8</td>\n",
       "      <td>50.35.65.178</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '50.35.65.178', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional I...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/50.35.65.178</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>9</td>\n",
       "      <td>167.220.2.105</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '167.220.2.105', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/167.220.2.105</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>10</td>\n",
       "      <td>176.10.99.200</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Scanning IPs': 29, 'Bots': 43}, 'category...</td>\n",
       "      <td>{'ip': '176.10.99.200', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/176.10.99.200</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>11</td>\n",
       "      <td>131.107.159.205</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.159.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.159.205</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>12</td>\n",
       "      <td>167.220.2.123</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '167.220.2.123', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/167.220.2.123</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>13</td>\n",
       "      <td>131.107.159.143</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.159.143', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.159.143</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>14</td>\n",
       "      <td>131.107.147.105</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.147.105', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.147.105</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>15</td>\n",
       "      <td>131.107.174.205</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.174.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.174.205</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>16</td>\n",
       "      <td>131.107.160.205</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.160.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.160.205</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>17</td>\n",
       "      <td>87.118.116.103</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '87.118.116.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/87.118.116.103</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>18</td>\n",
       "      <td>109.70.100.24</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '109.70.100.24', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/109.70.100.24</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>19</td>\n",
       "      <td>217.115.10.132</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Scanning IPs': 29, 'Bots': 43}, 'category...</td>\n",
       "      <td>{'ip': '217.115.10.132', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/217.115.10.132</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20</td>\n",
       "      <td>185.4.132.135</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...</td>\n",
       "      <td>{'ip': '185.4.132.135', 'history': [{'created': '2012-09-28T06:27:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.4.132.135</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>21</td>\n",
       "      <td>131.107.147.205</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.147.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.147.205</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>22</td>\n",
       "      <td>131.107.174.123</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '131.107.174.123', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/131.107.174.123</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>23</td>\n",
       "      <td>185.220.102.8</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '185.220.102.8', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.220.102.8</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>24</td>\n",
       "      <td>77.247.181.163</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 29}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '77.247.181.163', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/77.247.181.163</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>25</td>\n",
       "      <td>185.220.101.6</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '185.220.101.6', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.220.101.6</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>26</td>\n",
       "      <td>92.62.139.103</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Spam': 29, 'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescript...</td>\n",
       "      <td>{'ip': '92.62.139.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/92.62.139.103</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>27</td>\n",
       "      <td>40.117.152.107</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '40.117.152.107', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/40.117.152.107</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>28</td>\n",
       "      <td>40.126.9.50</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '40.126.9.50', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/40.126.9.50</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>29</td>\n",
       "      <td>199.249.230.113</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...</td>\n",
       "      <td>{'ip': '199.249.230.113', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/199.249.230.113</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>30</td>\n",
       "      <td>40.126.9.51</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '40.126.9.51', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/40.126.9.51</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>31</td>\n",
       "      <td>52.109.6.30</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '52.109.6.30', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/52.109.6.30</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>32</td>\n",
       "      <td>40.126.9.49</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '40.126.9.49', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/40.126.9.49</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>33</td>\n",
       "      <td>185.220.101.1</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...</td>\n",
       "      <td>{'ip': '185.220.101.1', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.220.101.1</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>34</td>\n",
       "      <td>23.129.64.152</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Spam': 86, 'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescript...</td>\n",
       "      <td>{'ip': '23.129.64.152', 'history': [{'created': '2017-07-20T06:21:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/23.129.64.152</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>35</td>\n",
       "      <td>185.220.101.31</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '185.220.101.31', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.220.101.31</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>36</td>\n",
       "      <td>176.10.104.240</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '176.10.104.240', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/176.10.104.240</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>37</td>\n",
       "      <td>104.41.146.53</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '104.41.146.53', 'history': [{'created': '2014-05-08T06:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/104.41.146.53</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>38</td>\n",
       "      <td>66.146.193.33</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '66.146.193.33', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/66.146.193.33</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>39</td>\n",
       "      <td>20.190.128.101</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '20.190.128.101', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/20.190.128.101</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40</td>\n",
       "      <td>20.190.128.103</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '20.190.128.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/20.190.128.103</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>41</td>\n",
       "      <td>199.249.230.111</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 57}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '199.249.230.111', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/199.249.230.111</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>42</td>\n",
       "      <td>20.190.129.100</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>1</td>\n",
       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
       "      <td>{'ip': '20.190.129.100', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/20.190.129.100</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>43</td>\n",
       "      <td>185.207.139.2</td>\n",
       "      <td>ipv4</td>\n",
       "      <td>None</td>\n",
       "      <td>XForce</td>\n",
       "      <td>True</td>\n",
       "      <td>2</td>\n",
       "      <td>{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...</td>\n",
       "      <td>{'ip': '185.207.139.2', 'history': [{'created': '2017-06-10T06:21:00.000Z', 'reason': 'Regional ...</td>\n",
       "      <td>https://api.xforce.ibmcloud.com/ipr/185.207.139.2</td>\n",
       "      <td>0</td>\n",
       "    </tr>\n",
       "  </tbody>\n",
       "</table>\n",
       "</div>"
      ],
      "text/plain": [
       "                Ioc IocType QuerySubtype Provider  Result  Severity  \\\n",
       "3     23.129.64.193    ipv4         None      OTX    True         2   \n",
       "4    185.220.101.48    ipv4         None      OTX    True         2   \n",
       "5     198.98.58.135    ipv4         None      OTX    True         2   \n",
       "10    176.10.99.200    ipv4         None      OTX    True         2   \n",
       "17   87.118.116.103    ipv4         None      OTX    True         2   \n",
       "19   217.115.10.132    ipv4         None      OTX    True         2   \n",
       "20    185.4.132.135    ipv4         None      OTX    True         2   \n",
       "23    185.220.102.8    ipv4         None      OTX    True         2   \n",
       "24   77.247.181.163    ipv4         None      OTX    True         2   \n",
       "25    185.220.101.6    ipv4         None      OTX    True         2   \n",
       "26    92.62.139.103    ipv4         None      OTX    True         2   \n",
       "29  199.249.230.113    ipv4         None      OTX    True         2   \n",
       "33    185.220.101.1    ipv4         None      OTX    True         2   \n",
       "34    23.129.64.152    ipv4         None      OTX    True         2   \n",
       "35   185.220.101.31    ipv4         None      OTX    True         2   \n",
       "36   176.10.104.240    ipv4         None      OTX    True         2   \n",
       "38    66.146.193.33    ipv4         None      OTX    True         2   \n",
       "41  199.249.230.111    ipv4         None      OTX    True         2   \n",
       "43    185.207.139.2    ipv4         None      OTX    True         2   \n",
       "0   131.107.174.181    ipv4         None   XForce    True         1   \n",
       "1   131.107.159.181    ipv4         None   XForce    True         1   \n",
       "2   131.107.160.181    ipv4         None   XForce    True         1   \n",
       "3     23.129.64.193    ipv4         None   XForce    True         2   \n",
       "4    185.220.101.48    ipv4         None   XForce    True         2   \n",
       "5     198.98.58.135    ipv4         None   XForce    True         2   \n",
       "6     109.70.100.26    ipv4         None   XForce    True         2   \n",
       "7    131.107.160.77    ipv4         None   XForce    True         1   \n",
       "8      50.35.65.178    ipv4         None   XForce    True         1   \n",
       "9     167.220.2.105    ipv4         None   XForce    True         1   \n",
       "10    176.10.99.200    ipv4         None   XForce    True         2   \n",
       "11  131.107.159.205    ipv4         None   XForce    True         1   \n",
       "12    167.220.2.123    ipv4         None   XForce    True         1   \n",
       "13  131.107.159.143    ipv4         None   XForce    True         1   \n",
       "14  131.107.147.105    ipv4         None   XForce    True         1   \n",
       "15  131.107.174.205    ipv4         None   XForce    True         1   \n",
       "16  131.107.160.205    ipv4         None   XForce    True         1   \n",
       "17   87.118.116.103    ipv4         None   XForce    True         2   \n",
       "18    109.70.100.24    ipv4         None   XForce    True         2   \n",
       "19   217.115.10.132    ipv4         None   XForce    True         2   \n",
       "20    185.4.132.135    ipv4         None   XForce    True         2   \n",
       "21  131.107.147.205    ipv4         None   XForce    True         1   \n",
       "22  131.107.174.123    ipv4         None   XForce    True         1   \n",
       "23    185.220.102.8    ipv4         None   XForce    True         2   \n",
       "24   77.247.181.163    ipv4         None   XForce    True         2   \n",
       "25    185.220.101.6    ipv4         None   XForce    True         2   \n",
       "26    92.62.139.103    ipv4         None   XForce    True         2   \n",
       "27   40.117.152.107    ipv4         None   XForce    True         1   \n",
       "28      40.126.9.50    ipv4         None   XForce    True         1   \n",
       "29  199.249.230.113    ipv4         None   XForce    True         2   \n",
       "30      40.126.9.51    ipv4         None   XForce    True         1   \n",
       "31      52.109.6.30    ipv4         None   XForce    True         1   \n",
       "32      40.126.9.49    ipv4         None   XForce    True         1   \n",
       "33    185.220.101.1    ipv4         None   XForce    True         2   \n",
       "34    23.129.64.152    ipv4         None   XForce    True         2   \n",
       "35   185.220.101.31    ipv4         None   XForce    True         2   \n",
       "36   176.10.104.240    ipv4         None   XForce    True         2   \n",
       "37    104.41.146.53    ipv4         None   XForce    True         1   \n",
       "38    66.146.193.33    ipv4         None   XForce    True         2   \n",
       "39   20.190.128.101    ipv4         None   XForce    True         1   \n",
       "40   20.190.128.103    ipv4         None   XForce    True         1   \n",
       "41  199.249.230.111    ipv4         None   XForce    True         2   \n",
       "42   20.190.129.100    ipv4         None   XForce    True         1   \n",
       "43    185.207.139.2    ipv4         None   XForce    True         2   \n",
       "\n",
       "                                                                                                Details  \\\n",
       "3   {'pulse_count': 35, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...   \n",
       "4   {'pulse_count': 35, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offi...   \n",
       "5   {'pulse_count': 7, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic...   \n",
       "10  {'pulse_count': 50, 'names': ['Webscanners 2018-02-09  thru current day', 'TOR Nodes', 'N6 Torli...   \n",
       "17  {'pulse_count': 30, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN...   \n",
       "19  {'pulse_count': 50, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...   \n",
       "20  {'pulse_count': 4, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'dan...   \n",
       "23  {'pulse_count': 10, 'names': ['TOR Nodes', 'SSH - US Honeypot IoCs 2019-09-19', 'N6 Torlist 2019...   \n",
       "24  {'pulse_count': 50, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...   \n",
       "25  {'pulse_count': 45, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/...   \n",
       "26  {'pulse_count': 9, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic...   \n",
       "29  {'pulse_count': 31, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'Suspicious IPs-August-10-08...   \n",
       "33  {'pulse_count': 45, 'names': ['Webscanners 2018-02-09  thru current day', 'TOR Nodes', 'N6 Torli...   \n",
       "34  {'pulse_count': 36, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN...   \n",
       "35  {'pulse_count': 39, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offi...   \n",
       "36  {'pulse_count': 44, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN...   \n",
       "38  {'pulse_count': 5, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'dan...   \n",
       "41  {'pulse_count': 29, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'Suspicious IPs-August-10-08...   \n",
       "43  {'pulse_count': 4, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic...   \n",
       "0   {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri...   \n",
       "1   {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri...   \n",
       "2   {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri...   \n",
       "3   {'score': 8.6, 'cats': {'Spam': 71, 'Anonymisation Services': 86, 'Bots': 57}, 'categoryDescript...   \n",
       "4   {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "5   {'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...   \n",
       "6   {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "7   {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "8   {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "9   {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "10  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Scanning IPs': 29, 'Bots': 43}, 'category...   \n",
       "11  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "12  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "13  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "14  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "15  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "16  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "17  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "18  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "19  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Scanning IPs': 29, 'Bots': 43}, 'category...   \n",
       "20  {'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...   \n",
       "21  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "22  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "23  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "24  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 29}, 'categoryDescriptions': {'Ano...   \n",
       "25  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "26  {'score': 8.6, 'cats': {'Spam': 29, 'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescript...   \n",
       "27  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "28  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "29  {'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...   \n",
       "30  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "31  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "32  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "33  {'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S...   \n",
       "34  {'score': 8.6, 'cats': {'Spam': 86, 'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescript...   \n",
       "35  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "36  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "37  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "38  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "39  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "40  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "41  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 57}, 'categoryDescriptions': {'Ano...   \n",
       "42  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
       "43  {'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano...   \n",
       "\n",
       "                                                                                              RawResult  \\\n",
       "3   {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "4   {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "5   {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "10  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "17  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "19  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "20  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "23  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "24  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "25  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "26  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "29  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "33  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "34  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "35  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "36  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "38  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "41  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "43  {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
       "0   {'ip': '131.107.174.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "1   {'ip': '131.107.159.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "2   {'ip': '131.107.160.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "3   {'ip': '23.129.64.193', 'history': [{'created': '2017-07-20T06:21:00.000Z', 'reason': 'Regional ...   \n",
       "4   {'ip': '185.220.101.48', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional...   \n",
       "5   {'ip': '198.98.58.135', 'history': [{'created': '2012-07-06T06:28:00.000Z', 'reason': 'Regional ...   \n",
       "6   {'ip': '109.70.100.26', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
       "7   {'ip': '131.107.160.77', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "8   {'ip': '50.35.65.178', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional I...   \n",
       "9   {'ip': '167.220.2.105', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
       "10  {'ip': '176.10.99.200', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
       "11  {'ip': '131.107.159.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "12  {'ip': '167.220.2.123', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
       "13  {'ip': '131.107.159.143', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "14  {'ip': '131.107.147.105', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "15  {'ip': '131.107.174.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "16  {'ip': '131.107.160.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "17  {'ip': '87.118.116.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "18  {'ip': '109.70.100.24', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
       "19  {'ip': '217.115.10.132', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "20  {'ip': '185.4.132.135', 'history': [{'created': '2012-09-28T06:27:00.000Z', 'reason': 'Regional ...   \n",
       "21  {'ip': '131.107.147.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "22  {'ip': '131.107.174.123', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "23  {'ip': '185.220.102.8', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ...   \n",
       "24  {'ip': '77.247.181.163', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "25  {'ip': '185.220.101.6', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ...   \n",
       "26  {'ip': '92.62.139.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
       "27  {'ip': '40.117.152.107', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "28  {'ip': '40.126.9.50', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...   \n",
       "29  {'ip': '199.249.230.113', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "30  {'ip': '40.126.9.51', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...   \n",
       "31  {'ip': '52.109.6.30', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...   \n",
       "32  {'ip': '40.126.9.49', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...   \n",
       "33  {'ip': '185.220.101.1', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ...   \n",
       "34  {'ip': '23.129.64.152', 'history': [{'created': '2017-07-20T06:21:00.000Z', 'reason': 'Regional ...   \n",
       "35  {'ip': '185.220.101.31', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional...   \n",
       "36  {'ip': '176.10.104.240', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "37  {'ip': '104.41.146.53', 'history': [{'created': '2014-05-08T06:26:00.000Z', 'reason': 'Regional ...   \n",
       "38  {'ip': '66.146.193.33', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
       "39  {'ip': '20.190.128.101', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "40  {'ip': '20.190.128.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "41  {'ip': '199.249.230.111', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \n",
       "42  {'ip': '20.190.129.100', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n",
       "43  {'ip': '185.207.139.2', 'history': [{'created': '2017-06-10T06:21:00.000Z', 'reason': 'Regional ...   \n",
       "\n",
       "                                                                    Reference  \\\n",
       "3     https://otx.alienvault.com/api/v1/indicators/IPv4/23.129.64.193/general   \n",
       "4    https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.48/general   \n",
       "5     https://otx.alienvault.com/api/v1/indicators/IPv4/198.98.58.135/general   \n",
       "10    https://otx.alienvault.com/api/v1/indicators/IPv4/176.10.99.200/general   \n",
       "17   https://otx.alienvault.com/api/v1/indicators/IPv4/87.118.116.103/general   \n",
       "19   https://otx.alienvault.com/api/v1/indicators/IPv4/217.115.10.132/general   \n",
       "20    https://otx.alienvault.com/api/v1/indicators/IPv4/185.4.132.135/general   \n",
       "23    https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.102.8/general   \n",
       "24   https://otx.alienvault.com/api/v1/indicators/IPv4/77.247.181.163/general   \n",
       "25    https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.6/general   \n",
       "26    https://otx.alienvault.com/api/v1/indicators/IPv4/92.62.139.103/general   \n",
       "29  https://otx.alienvault.com/api/v1/indicators/IPv4/199.249.230.113/general   \n",
       "33    https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.1/general   \n",
       "34    https://otx.alienvault.com/api/v1/indicators/IPv4/23.129.64.152/general   \n",
       "35   https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.31/general   \n",
       "36   https://otx.alienvault.com/api/v1/indicators/IPv4/176.10.104.240/general   \n",
       "38    https://otx.alienvault.com/api/v1/indicators/IPv4/66.146.193.33/general   \n",
       "41  https://otx.alienvault.com/api/v1/indicators/IPv4/199.249.230.111/general   \n",
       "43    https://otx.alienvault.com/api/v1/indicators/IPv4/185.207.139.2/general   \n",
       "0                         https://api.xforce.ibmcloud.com/ipr/131.107.174.181   \n",
       "1                         https://api.xforce.ibmcloud.com/ipr/131.107.159.181   \n",
       "2                         https://api.xforce.ibmcloud.com/ipr/131.107.160.181   \n",
       "3                           https://api.xforce.ibmcloud.com/ipr/23.129.64.193   \n",
       "4                          https://api.xforce.ibmcloud.com/ipr/185.220.101.48   \n",
       "5                           https://api.xforce.ibmcloud.com/ipr/198.98.58.135   \n",
       "6                           https://api.xforce.ibmcloud.com/ipr/109.70.100.26   \n",
       "7                          https://api.xforce.ibmcloud.com/ipr/131.107.160.77   \n",
       "8                            https://api.xforce.ibmcloud.com/ipr/50.35.65.178   \n",
       "9                           https://api.xforce.ibmcloud.com/ipr/167.220.2.105   \n",
       "10                          https://api.xforce.ibmcloud.com/ipr/176.10.99.200   \n",
       "11                        https://api.xforce.ibmcloud.com/ipr/131.107.159.205   \n",
       "12                          https://api.xforce.ibmcloud.com/ipr/167.220.2.123   \n",
       "13                        https://api.xforce.ibmcloud.com/ipr/131.107.159.143   \n",
       "14                        https://api.xforce.ibmcloud.com/ipr/131.107.147.105   \n",
       "15                        https://api.xforce.ibmcloud.com/ipr/131.107.174.205   \n",
       "16                        https://api.xforce.ibmcloud.com/ipr/131.107.160.205   \n",
       "17                         https://api.xforce.ibmcloud.com/ipr/87.118.116.103   \n",
       "18                          https://api.xforce.ibmcloud.com/ipr/109.70.100.24   \n",
       "19                         https://api.xforce.ibmcloud.com/ipr/217.115.10.132   \n",
       "20                          https://api.xforce.ibmcloud.com/ipr/185.4.132.135   \n",
       "21                        https://api.xforce.ibmcloud.com/ipr/131.107.147.205   \n",
       "22                        https://api.xforce.ibmcloud.com/ipr/131.107.174.123   \n",
       "23                          https://api.xforce.ibmcloud.com/ipr/185.220.102.8   \n",
       "24                         https://api.xforce.ibmcloud.com/ipr/77.247.181.163   \n",
       "25                          https://api.xforce.ibmcloud.com/ipr/185.220.101.6   \n",
       "26                          https://api.xforce.ibmcloud.com/ipr/92.62.139.103   \n",
       "27                         https://api.xforce.ibmcloud.com/ipr/40.117.152.107   \n",
       "28                            https://api.xforce.ibmcloud.com/ipr/40.126.9.50   \n",
       "29                        https://api.xforce.ibmcloud.com/ipr/199.249.230.113   \n",
       "30                            https://api.xforce.ibmcloud.com/ipr/40.126.9.51   \n",
       "31                            https://api.xforce.ibmcloud.com/ipr/52.109.6.30   \n",
       "32                            https://api.xforce.ibmcloud.com/ipr/40.126.9.49   \n",
       "33                          https://api.xforce.ibmcloud.com/ipr/185.220.101.1   \n",
       "34                          https://api.xforce.ibmcloud.com/ipr/23.129.64.152   \n",
       "35                         https://api.xforce.ibmcloud.com/ipr/185.220.101.31   \n",
       "36                         https://api.xforce.ibmcloud.com/ipr/176.10.104.240   \n",
       "37                          https://api.xforce.ibmcloud.com/ipr/104.41.146.53   \n",
       "38                          https://api.xforce.ibmcloud.com/ipr/66.146.193.33   \n",
       "39                         https://api.xforce.ibmcloud.com/ipr/20.190.128.101   \n",
       "40                         https://api.xforce.ibmcloud.com/ipr/20.190.128.103   \n",
       "41                        https://api.xforce.ibmcloud.com/ipr/199.249.230.111   \n",
       "42                         https://api.xforce.ibmcloud.com/ipr/20.190.129.100   \n",
       "43                          https://api.xforce.ibmcloud.com/ipr/185.207.139.2   \n",
       "\n",
       "    Status  \n",
       "3        0  \n",
       "4        0  \n",
       "5        0  \n",
       "10       0  \n",
       "17       0  \n",
       "19       0  \n",
       "20       0  \n",
       "23       0  \n",
       "24       0  \n",
       "25       0  \n",
       "26       0  \n",
       "29       0  \n",
       "33       0  \n",
       "34       0  \n",
       "35       0  \n",
       "36       0  \n",
       "38       0  \n",
       "41       0  \n",
       "43       0  \n",
       "0        0  \n",
       "1        0  \n",
       "2        0  \n",
       "3        0  \n",
       "4        0  \n",
       "5        0  \n",
       "6        0  \n",
       "7        0  \n",
       "8        0  \n",
       "9        0  \n",
       "10       0  \n",
       "11       0  \n",
       "12       0  \n",
       "13       0  \n",
       "14       0  \n",
       "15       0  \n",
       "16       0  \n",
       "17       0  \n",
       "18       0  \n",
       "19       0  \n",
       "20       0  \n",
       "21       0  \n",
       "22       0  \n",
       "23       0  \n",
       "24       0  \n",
       "25       0  \n",
       "26       0  \n",
       "27       0  \n",
       "28       0  \n",
       "29       0  \n",
       "30       0  \n",
       "31       0  \n",
       "32       0  \n",
       "33       0  \n",
       "34       0  \n",
       "35       0  \n",
       "36       0  \n",
       "37       0  \n",
       "38       0  \n",
       "39       0  \n",
       "40       0  \n",
       "41       0  \n",
       "42       0  \n",
       "43       0  "
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "ti_results_az, all_az_ti, src_ip_addrs_az = check_ip_ti(df=az_all_data, ip_col=\"IPAddress\")\n",
    "\n",
    "if not ti_results_az.empty:\n",
    "    md(f\"{len(ti_results_az)} threat intelligence hits have been \"\n",
    "       + \"matched on one or more source IP addresses.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these IP addresses using \"\n",
    "       + \"the 'Entity Explorer - IP Address' notebook\", \"bold, red\" )\n",
    "    display(ti_results_az)\n",
    "else:\n",
    "    md(\"No additional items found\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Geolocation and ownership for source IP addresses"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 103,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T00:00:36.920040Z",
     "start_time": "2019-10-31T00:00:36.771150Z"
    },
    "scrolled": false
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style=''>Querying geolocation for 44 ip addresses...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style=''>Querying WhoIs for 44 ip addresses...</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold'>Geolocations and ASN Owner for source IP addresses. Information only</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "<div>\n",
       "<style scoped>\n",
       "    .dataframe tbody tr th:only-of-type {\n",
       "        vertical-align: middle;\n",
       "    }\n",
       "\n",
       "    .dataframe tbody tr th {\n",
       "        vertical-align: top;\n",
       "    }\n",
       "\n",
       "    .dataframe thead th {\n",
       "        text-align: right;\n",
       "    }\n",
       "</style>\n",
       "<table border=\"1\" class=\"dataframe\">\n",
       "  <thead>\n",
       "    <tr style=\"text-align: right;\">\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th>TotalOperations</th>\n",
       "      <th>Operations</th>\n",
       "      <th>AppResources</th>\n",
       "      <th>FirstLogon</th>\n",
       "      <th>LastLogon</th>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <th>UserPrincipalName</th>\n",
       "      <th>IPAddress</th>\n",
       "      <th>CountryCode</th>\n",
       "      <th>CountryName</th>\n",
       "      <th>City</th>\n",
       "      <th>ASNDesc</th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "      <th></th>\n",
       "    </tr>\n",
       "  </thead>\n",
       "  <tbody>\n",
       "    <tr>\n",
       "      <td rowspan=\"32\" valign=\"top\">alexw@m365x648731.onmicrosoft.com</td>\n",
       "      <td>104.41.146.53</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Washington</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>7</td>\n",
       "      <td>{'SearchQueryPerformed': 7}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-19 19:16:20.000</td>\n",
       "      <td>2019-09-20 18:20:49.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>109.70.100.24</td>\n",
       "      <td>AT</td>\n",
       "      <td>Austria</td>\n",
       "      <td>Vienna</td>\n",
       "      <td>APPLIEDPRIVACY-AS, AT</td>\n",
       "      <td>6</td>\n",
       "      <td>{'Sign-in activity': 6}</td>\n",
       "      <td>[Office 365 Exchange Online]</td>\n",
       "      <td>2019-09-25 16:21:43.562</td>\n",
       "      <td>2019-09-29 17:35:00.099</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>109.70.100.26</td>\n",
       "      <td>AT</td>\n",
       "      <td>Austria</td>\n",
       "      <td>Vienna</td>\n",
       "      <td>APPLIEDPRIVACY-AS, AT</td>\n",
       "      <td>17</td>\n",
       "      <td>{'Sign-in activity': 10, 'FilePreviewed': 7}</td>\n",
       "      <td>[O365 Suite UX, Office 365 SharePoint Online, SharePoint]</td>\n",
       "      <td>2019-09-19 19:15:59.381</td>\n",
       "      <td>2019-09-20 18:20:50.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.147.105</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>36</td>\n",
       "      <td>{'Create Saved Search': 14, 'Update Case Investigation': 12, 'Sign-in activity': 6, 'Gets workfl...</td>\n",
       "      <td>[Azure Notebooks, Azure Portal, Microsoft.OperationalInsights, Microsoft.Logic, Microsoft.Securi...</td>\n",
       "      <td>2019-10-14 21:23:46.112</td>\n",
       "      <td>2019-10-16 00:02:03.868</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.147.205</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>40</td>\n",
       "      <td>{'Update Case Investigation': 34, 'Update Cases': 4, 'Gets workflow recommend operation groups': 2}</td>\n",
       "      <td>[Microsoft.SecurityInsights, Microsoft.Logic]</td>\n",
       "      <td>2019-10-15 15:58:35.552</td>\n",
       "      <td>2019-10-23 16:39:05.220</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.159.143</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>1</td>\n",
       "      <td>{'Sign-in activity': 1}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-17 16:27:42.396</td>\n",
       "      <td>2019-10-17 16:27:42.396</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.159.181</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>1</td>\n",
       "      <td>{'Sign-in activity': 1}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-29 23:41:38.870</td>\n",
       "      <td>2019-10-29 23:41:38.870</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.159.205</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>3</td>\n",
       "      <td>{'Sign-in activity': 3}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-17 15:27:34.722</td>\n",
       "      <td>2019-10-22 15:26:25.738</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.160.181</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>1</td>\n",
       "      <td>{'Sign-in activity': 1}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-29 23:44:32.382</td>\n",
       "      <td>2019-10-29 23:44:32.382</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.160.205</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>2</td>\n",
       "      <td>{'Sign-in activity': 2}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-17 20:39:51.333</td>\n",
       "      <td>2019-10-18 15:42:59.049</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.160.77</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>5</td>\n",
       "      <td>{'Sign-in activity': 5}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-15 15:45:44.295</td>\n",
       "      <td>2019-10-23 16:38:09.019</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.174.123</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>4</td>\n",
       "      <td>{'Update Case Investigation': 4}</td>\n",
       "      <td>[Microsoft.SecurityInsights]</td>\n",
       "      <td>2019-10-17 15:49:17.520</td>\n",
       "      <td>2019-10-17 15:52:18.166</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.174.181</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>1</td>\n",
       "      <td>{'Sign-in activity': 1}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-29 23:40:25.427</td>\n",
       "      <td>2019-10-29 23:40:25.427</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>131.107.174.205</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>3</td>\n",
       "      <td>{'Sign-in activity': 3}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-17 18:06:33.396</td>\n",
       "      <td>2019-10-17 18:11:01.639</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>167.220.2.105</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>1</td>\n",
       "      <td>{'Sign-in activity': 1}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-15 20:19:45.715</td>\n",
       "      <td>2019-10-15 20:19:45.715</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>167.220.2.123</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>MICROSOFT-CORP-AS - Microsoft Corporation, US</td>\n",
       "      <td>2</td>\n",
       "      <td>{'Sign-in activity': 2}</td>\n",
       "      <td>[Azure Portal]</td>\n",
       "      <td>2019-10-17 15:33:57.417</td>\n",
       "      <td>2019-10-17 15:34:04.089</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>185.4.132.135</td>\n",
       "      <td>GR</td>\n",
       "      <td>Greece</td>\n",
       "      <td>Nafplion</td>\n",
       "      <td>TOPHOST, GR</td>\n",
       "      <td>4</td>\n",
       "      <td>{'Sign-in activity': 4}</td>\n",
       "      <td>[Office 365 Exchange Online]</td>\n",
       "      <td>2019-09-24 23:09:28.253</td>\n",
       "      <td>2019-09-24 23:09:32.785</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>198.98.58.135</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Buffalo</td>\n",
       "      <td>PONYNET - FranTech Solutions, US</td>\n",
       "      <td>2</td>\n",
       "      <td>{'Sign-in activity': 2}</td>\n",
       "      <td>[Office 365 Exchange Online]</td>\n",
       "      <td>2019-09-28 17:32:59.827</td>\n",
       "      <td>2019-09-28 17:32:59.827</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20.190.128.101</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>San Antonio</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>1</td>\n",
       "      <td>{'FilePreviewed': 1}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-19 19:16:16.000</td>\n",
       "      <td>2019-09-19 19:16:16.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20.190.128.103</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>San Antonio</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>5</td>\n",
       "      <td>{'FilePreviewed': 5}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-19 19:16:14.000</td>\n",
       "      <td>2019-09-19 19:16:14.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20.190.129.100</td>\n",
       "      <td>IE</td>\n",
       "      <td>Ireland</td>\n",
       "      <td>Dublin</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>4</td>\n",
       "      <td>{'FilePreviewed': 4}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-20 18:20:46.000</td>\n",
       "      <td>2019-09-20 18:20:48.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>217.115.10.132</td>\n",
       "      <td>DE</td>\n",
       "      <td>Germany</td>\n",
       "      <td>Berlin</td>\n",
       "      <td>NETSIGN, DE</td>\n",
       "      <td>2</td>\n",
       "      <td>{'Sign-in activity': 2}</td>\n",
       "      <td>[Office 365 Exchange Online]</td>\n",
       "      <td>2019-09-24 23:06:14.437</td>\n",
       "      <td>2019-09-24 23:06:14.437</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>23.129.64.152</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Seattle</td>\n",
       "      <td>EMERALD-ONION - Emerald Onion, US</td>\n",
       "      <td>32</td>\n",
       "      <td>{'FileAccessed': 18, 'FilePreviewed': 7, 'PageViewed': 4, 'SearchQueryPerformed': 3}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-18 17:01:25.000</td>\n",
       "      <td>2019-09-18 17:03:03.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>23.129.64.193</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Seattle</td>\n",
       "      <td>EMERALD-ONION - Emerald Onion, US</td>\n",
       "      <td>4</td>\n",
       "      <td>{'Sign-in activity': 4}</td>\n",
       "      <td>[Office 365 Exchange Online]</td>\n",
       "      <td>2019-09-27 17:26:43.304</td>\n",
       "      <td>2019-09-27 17:26:49.681</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.117.152.107</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Washington</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>17</td>\n",
       "      <td>{'SearchQueryPerformed': 17}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-16 17:42:17.000</td>\n",
       "      <td>2019-09-18 17:02:37.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.126.9.49</td>\n",
       "      <td>NL</td>\n",
       "      <td>Netherlands</td>\n",
       "      <td>Amsterdam</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>2</td>\n",
       "      <td>{'FilePreviewed': 2}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-10-16 18:09:38.000</td>\n",
       "      <td>2019-10-16 18:09:38.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.126.9.50</td>\n",
       "      <td>NL</td>\n",
       "      <td>Netherlands</td>\n",
       "      <td>Amsterdam</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>5</td>\n",
       "      <td>{'FilePreviewed': 5}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-16 17:42:18.000</td>\n",
       "      <td>2019-09-16 17:42:23.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>40.126.9.51</td>\n",
       "      <td>NL</td>\n",
       "      <td>Netherlands</td>\n",
       "      <td>Amsterdam</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>4</td>\n",
       "      <td>{'FilePreviewed': 4}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-10-16 18:09:36.000</td>\n",
       "      <td>2019-10-16 18:09:36.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>50.35.65.178</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Redmond</td>\n",
       "      <td>FRONTIER-FRTR - Frontier Communications of America, Inc., US</td>\n",
       "      <td>27</td>\n",
       "      <td>{'Create Saved Search': 12, 'Update Case Investigation': 6, 'Sign-in activity': 5, 'Gets workflo...</td>\n",
       "      <td>[Azure Portal, Microsoft.Logic, Microsoft.OperationalInsights, Microsoft.SecurityInsights]</td>\n",
       "      <td>2019-10-15 12:18:55.118</td>\n",
       "      <td>2019-10-24 23:19:31.193</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>52.109.6.30</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Boydton</td>\n",
       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US</td>\n",
       "      <td>7</td>\n",
       "      <td>{'FileAccessed': 7}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-19 19:16:23.000</td>\n",
       "      <td>2019-10-16 18:09:42.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>66.146.193.33</td>\n",
       "      <td>US</td>\n",
       "      <td>United States</td>\n",
       "      <td>Chicago</td>\n",
       "      <td>ONSH-NET-CHGO-BLK01 - OnShore, Inc., US</td>\n",
       "      <td>33</td>\n",
       "      <td>{'FileAccessed': 17, 'FileDeleted': 9, 'PageViewed': 4, 'FilePreviewed': 2, 'FolderDeleted': 1}</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-19 19:17:59.000</td>\n",
       "      <td>2019-09-19 19:22:05.000</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>92.62.139.103</td>\n",
       "      <td>LT</td>\n",
       "      <td>Republic of Lithuania</td>\n",
       "      <td>Kaunas</td>\n",
       "      <td>BALTNETA Customers AS, LT</td>\n",
       "      <td>100</td>\n",
       "      <td>{'FileAccessed': 35, 'FilePreviewed': 27, 'PageViewed': 16, 'SearchQueryPerformed': 14, 'FileDow...</td>\n",
       "      <td>[SharePoint]</td>\n",
       "      <td>2019-09-16 18:05:57.000</td>\n",
       "      <td>2019-09-16 18:18:07.000</td>\n",
       "    </tr>\n",
       "  </tbody>\n",
       "</table>\n",
       "</div>"
      ],
      "text/plain": [
       "                                                                                                                                                              TotalOperations  \\\n",
       "UserPrincipalName                 IPAddress       CountryCode CountryName           City        ASNDesc                                                                         \n",
       "alexw@m365x648731.onmicrosoft.com 104.41.146.53   US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     7   \n",
       "                                  109.70.100.24   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                                       6   \n",
       "                                  109.70.100.26   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                                      17   \n",
       "                                  131.107.147.105 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                              36   \n",
       "                                  131.107.147.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                              40   \n",
       "                                  131.107.159.143 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               1   \n",
       "                                  131.107.159.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               1   \n",
       "                                  131.107.159.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               3   \n",
       "                                  131.107.160.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               1   \n",
       "                                  131.107.160.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               2   \n",
       "                                  131.107.160.77  US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               5   \n",
       "                                  131.107.174.123 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               4   \n",
       "                                  131.107.174.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               1   \n",
       "                                  131.107.174.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               3   \n",
       "                                  167.220.2.105   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               1   \n",
       "                                  167.220.2.123   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                               2   \n",
       "                                  185.4.132.135   GR          Greece                Nafplion    TOPHOST, GR                                                                 4   \n",
       "                                  198.98.58.135   US          United States         Buffalo     PONYNET - FranTech Solutions, US                                            2   \n",
       "                                  20.190.128.101  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     1   \n",
       "                                  20.190.128.103  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     5   \n",
       "                                  20.190.129.100  IE          Ireland               Dublin      MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     4   \n",
       "                                  217.115.10.132  DE          Germany               Berlin      NETSIGN, DE                                                                 2   \n",
       "                                  23.129.64.152   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                                          32   \n",
       "                                  23.129.64.193   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                                           4   \n",
       "                                  40.117.152.107  US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                    17   \n",
       "                                  40.126.9.49     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     2   \n",
       "                                  40.126.9.50     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     5   \n",
       "                                  40.126.9.51     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     4   \n",
       "                                  50.35.65.178    US          United States         Redmond     FRONTIER-FRTR - Frontier Communications of America, Inc., US               27   \n",
       "                                  52.109.6.30     US          United States         Boydton     MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                     7   \n",
       "                                  66.146.193.33   US          United States         Chicago     ONSH-NET-CHGO-BLK01 - OnShore, Inc., US                                    33   \n",
       "                                  92.62.139.103   LT          Republic of Lithuania Kaunas      BALTNETA Customers AS, LT                                                 100   \n",
       "\n",
       "                                                                                                                                                                                                                                                       Operations  \\\n",
       "UserPrincipalName                 IPAddress       CountryCode CountryName           City        ASNDesc                                                                                                                                                             \n",
       "alexw@m365x648731.onmicrosoft.com 104.41.146.53   US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                               {'SearchQueryPerformed': 7}   \n",
       "                                  109.70.100.24   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                                                                                                     {'Sign-in activity': 6}   \n",
       "                                  109.70.100.26   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                                                                                {'Sign-in activity': 10, 'FilePreviewed': 7}   \n",
       "                                  131.107.147.105 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                 {'Create Saved Search': 14, 'Update Case Investigation': 12, 'Sign-in activity': 6, 'Gets workfl...   \n",
       "                                  131.107.147.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                 {'Update Case Investigation': 34, 'Update Cases': 4, 'Gets workflow recommend operation groups': 2}   \n",
       "                                  131.107.159.143 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 1}   \n",
       "                                  131.107.159.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 1}   \n",
       "                                  131.107.159.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 3}   \n",
       "                                  131.107.160.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 1}   \n",
       "                                  131.107.160.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 2}   \n",
       "                                  131.107.160.77  US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 5}   \n",
       "                                  131.107.174.123 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                    {'Update Case Investigation': 4}   \n",
       "                                  131.107.174.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 1}   \n",
       "                                  131.107.174.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 3}   \n",
       "                                  167.220.2.105   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 1}   \n",
       "                                  167.220.2.123   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                             {'Sign-in activity': 2}   \n",
       "                                  185.4.132.135   GR          Greece                Nafplion    TOPHOST, GR                                                                                                                               {'Sign-in activity': 4}   \n",
       "                                  198.98.58.135   US          United States         Buffalo     PONYNET - FranTech Solutions, US                                                                                                          {'Sign-in activity': 2}   \n",
       "                                  20.190.128.101  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                      {'FilePreviewed': 1}   \n",
       "                                  20.190.128.103  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                      {'FilePreviewed': 5}   \n",
       "                                  20.190.129.100  IE          Ireland               Dublin      MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                      {'FilePreviewed': 4}   \n",
       "                                  217.115.10.132  DE          Germany               Berlin      NETSIGN, DE                                                                                                                               {'Sign-in activity': 2}   \n",
       "                                  23.129.64.152   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                                            {'FileAccessed': 18, 'FilePreviewed': 7, 'PageViewed': 4, 'SearchQueryPerformed': 3}   \n",
       "                                  23.129.64.193   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                                                                                                         {'Sign-in activity': 4}   \n",
       "                                  40.117.152.107  US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                              {'SearchQueryPerformed': 17}   \n",
       "                                  40.126.9.49     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                      {'FilePreviewed': 2}   \n",
       "                                  40.126.9.50     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                      {'FilePreviewed': 5}   \n",
       "                                  40.126.9.51     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                      {'FilePreviewed': 4}   \n",
       "                                  50.35.65.178    US          United States         Redmond     FRONTIER-FRTR - Frontier Communications of America, Inc., US  {'Create Saved Search': 12, 'Update Case Investigation': 6, 'Sign-in activity': 5, 'Gets workflo...   \n",
       "                                  52.109.6.30     US          United States         Boydton     MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                       {'FileAccessed': 7}   \n",
       "                                  66.146.193.33   US          United States         Chicago     ONSH-NET-CHGO-BLK01 - OnShore, Inc., US                           {'FileAccessed': 17, 'FileDeleted': 9, 'PageViewed': 4, 'FilePreviewed': 2, 'FolderDeleted': 1}   \n",
       "                                  92.62.139.103   LT          Republic of Lithuania Kaunas      BALTNETA Customers AS, LT                                     {'FileAccessed': 35, 'FilePreviewed': 27, 'PageViewed': 16, 'SearchQueryPerformed': 14, 'FileDow...   \n",
       "\n",
       "                                                                                                                                                                                                                                                     AppResources  \\\n",
       "UserPrincipalName                 IPAddress       CountryCode CountryName           City        ASNDesc                                                                                                                                                             \n",
       "alexw@m365x648731.onmicrosoft.com 104.41.146.53   US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  109.70.100.24   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                                                                                                [Office 365 Exchange Online]   \n",
       "                                  109.70.100.26   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                                                                   [O365 Suite UX, Office 365 SharePoint Online, SharePoint]   \n",
       "                                  131.107.147.105 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                 [Azure Notebooks, Azure Portal, Microsoft.OperationalInsights, Microsoft.Logic, Microsoft.Securi...   \n",
       "                                  131.107.147.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                       [Microsoft.SecurityInsights, Microsoft.Logic]   \n",
       "                                  131.107.159.143 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  131.107.159.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  131.107.159.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  131.107.160.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  131.107.160.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  131.107.160.77  US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  131.107.174.123 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                        [Microsoft.SecurityInsights]   \n",
       "                                  131.107.174.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  131.107.174.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  167.220.2.105   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  167.220.2.123   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                                                                                                      [Azure Portal]   \n",
       "                                  185.4.132.135   GR          Greece                Nafplion    TOPHOST, GR                                                                                                                          [Office 365 Exchange Online]   \n",
       "                                  198.98.58.135   US          United States         Buffalo     PONYNET - FranTech Solutions, US                                                                                                     [Office 365 Exchange Online]   \n",
       "                                  20.190.128.101  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  20.190.128.103  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  20.190.129.100  IE          Ireland               Dublin      MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  217.115.10.132  DE          Germany               Berlin      NETSIGN, DE                                                                                                                          [Office 365 Exchange Online]   \n",
       "                                  23.129.64.152   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                                                                                                                    [SharePoint]   \n",
       "                                  23.129.64.193   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                                                                                                    [Office 365 Exchange Online]   \n",
       "                                  40.117.152.107  US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  40.126.9.49     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  40.126.9.50     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  40.126.9.51     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  50.35.65.178    US          United States         Redmond     FRONTIER-FRTR - Frontier Communications of America, Inc., US           [Azure Portal, Microsoft.Logic, Microsoft.OperationalInsights, Microsoft.SecurityInsights]   \n",
       "                                  52.109.6.30     US          United States         Boydton     MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US                                                                                              [SharePoint]   \n",
       "                                  66.146.193.33   US          United States         Chicago     ONSH-NET-CHGO-BLK01 - OnShore, Inc., US                                                                                                              [SharePoint]   \n",
       "                                  92.62.139.103   LT          Republic of Lithuania Kaunas      BALTNETA Customers AS, LT                                                                                                                            [SharePoint]   \n",
       "\n",
       "                                                                                                                                                                          FirstLogon  \\\n",
       "UserPrincipalName                 IPAddress       CountryCode CountryName           City        ASNDesc                                                                                \n",
       "alexw@m365x648731.onmicrosoft.com 104.41.146.53   US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-19 19:16:20.000   \n",
       "                                  109.70.100.24   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                        2019-09-25 16:21:43.562   \n",
       "                                  109.70.100.26   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                        2019-09-19 19:15:59.381   \n",
       "                                  131.107.147.105 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-14 21:23:46.112   \n",
       "                                  131.107.147.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-15 15:58:35.552   \n",
       "                                  131.107.159.143 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 16:27:42.396   \n",
       "                                  131.107.159.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-29 23:41:38.870   \n",
       "                                  131.107.159.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 15:27:34.722   \n",
       "                                  131.107.160.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-29 23:44:32.382   \n",
       "                                  131.107.160.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 20:39:51.333   \n",
       "                                  131.107.160.77  US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-15 15:45:44.295   \n",
       "                                  131.107.174.123 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 15:49:17.520   \n",
       "                                  131.107.174.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-29 23:40:25.427   \n",
       "                                  131.107.174.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 18:06:33.396   \n",
       "                                  167.220.2.105   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-15 20:19:45.715   \n",
       "                                  167.220.2.123   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 15:33:57.417   \n",
       "                                  185.4.132.135   GR          Greece                Nafplion    TOPHOST, GR                                                  2019-09-24 23:09:28.253   \n",
       "                                  198.98.58.135   US          United States         Buffalo     PONYNET - FranTech Solutions, US                             2019-09-28 17:32:59.827   \n",
       "                                  20.190.128.101  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-19 19:16:16.000   \n",
       "                                  20.190.128.103  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-19 19:16:14.000   \n",
       "                                  20.190.129.100  IE          Ireland               Dublin      MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-20 18:20:46.000   \n",
       "                                  217.115.10.132  DE          Germany               Berlin      NETSIGN, DE                                                  2019-09-24 23:06:14.437   \n",
       "                                  23.129.64.152   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                            2019-09-18 17:01:25.000   \n",
       "                                  23.129.64.193   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                            2019-09-27 17:26:43.304   \n",
       "                                  40.117.152.107  US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-16 17:42:17.000   \n",
       "                                  40.126.9.49     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-10-16 18:09:38.000   \n",
       "                                  40.126.9.50     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-16 17:42:18.000   \n",
       "                                  40.126.9.51     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-10-16 18:09:36.000   \n",
       "                                  50.35.65.178    US          United States         Redmond     FRONTIER-FRTR - Frontier Communications of America, Inc., US 2019-10-15 12:18:55.118   \n",
       "                                  52.109.6.30     US          United States         Boydton     MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-19 19:16:23.000   \n",
       "                                  66.146.193.33   US          United States         Chicago     ONSH-NET-CHGO-BLK01 - OnShore, Inc., US                      2019-09-19 19:17:59.000   \n",
       "                                  92.62.139.103   LT          Republic of Lithuania Kaunas      BALTNETA Customers AS, LT                                    2019-09-16 18:05:57.000   \n",
       "\n",
       "                                                                                                                                                                           LastLogon  \n",
       "UserPrincipalName                 IPAddress       CountryCode CountryName           City        ASNDesc                                                                               \n",
       "alexw@m365x648731.onmicrosoft.com 104.41.146.53   US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-20 18:20:49.000  \n",
       "                                  109.70.100.24   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                        2019-09-29 17:35:00.099  \n",
       "                                  109.70.100.26   AT          Austria               Vienna      APPLIEDPRIVACY-AS, AT                                        2019-09-20 18:20:50.000  \n",
       "                                  131.107.147.105 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-16 00:02:03.868  \n",
       "                                  131.107.147.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-23 16:39:05.220  \n",
       "                                  131.107.159.143 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 16:27:42.396  \n",
       "                                  131.107.159.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-29 23:41:38.870  \n",
       "                                  131.107.159.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-22 15:26:25.738  \n",
       "                                  131.107.160.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-29 23:44:32.382  \n",
       "                                  131.107.160.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-18 15:42:59.049  \n",
       "                                  131.107.160.77  US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-23 16:38:09.019  \n",
       "                                  131.107.174.123 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 15:52:18.166  \n",
       "                                  131.107.174.181 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-29 23:40:25.427  \n",
       "                                  131.107.174.205 US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 18:11:01.639  \n",
       "                                  167.220.2.105   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-15 20:19:45.715  \n",
       "                                  167.220.2.123   US          United States         Redmond     MICROSOFT-CORP-AS - Microsoft Corporation, US                2019-10-17 15:34:04.089  \n",
       "                                  185.4.132.135   GR          Greece                Nafplion    TOPHOST, GR                                                  2019-09-24 23:09:32.785  \n",
       "                                  198.98.58.135   US          United States         Buffalo     PONYNET - FranTech Solutions, US                             2019-09-28 17:32:59.827  \n",
       "                                  20.190.128.101  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-19 19:16:16.000  \n",
       "                                  20.190.128.103  US          United States         San Antonio MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-19 19:16:14.000  \n",
       "                                  20.190.129.100  IE          Ireland               Dublin      MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-20 18:20:48.000  \n",
       "                                  217.115.10.132  DE          Germany               Berlin      NETSIGN, DE                                                  2019-09-24 23:06:14.437  \n",
       "                                  23.129.64.152   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                            2019-09-18 17:03:03.000  \n",
       "                                  23.129.64.193   US          United States         Seattle     EMERALD-ONION - Emerald Onion, US                            2019-09-27 17:26:49.681  \n",
       "                                  40.117.152.107  US          United States         Washington  MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-18 17:02:37.000  \n",
       "                                  40.126.9.49     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-10-16 18:09:38.000  \n",
       "                                  40.126.9.50     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-09-16 17:42:23.000  \n",
       "                                  40.126.9.51     NL          Netherlands           Amsterdam   MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-10-16 18:09:36.000  \n",
       "                                  50.35.65.178    US          United States         Redmond     FRONTIER-FRTR - Frontier Communications of America, Inc., US 2019-10-24 23:19:31.193  \n",
       "                                  52.109.6.30     US          United States         Boydton     MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US      2019-10-16 18:09:42.000  \n",
       "                                  66.146.193.33   US          United States         Chicago     ONSH-NET-CHGO-BLK01 - OnShore, Inc., US                      2019-09-19 19:22:05.000  \n",
       "                                  92.62.139.103   LT          Republic of Lithuania Kaunas      BALTNETA Customers AS, LT                                    2019-09-16 18:18:07.000  "
      ]
     },
     "execution_count": 103,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "all_az_geo = check_geo_whois(src_ip_addrs_az.iloc[0:50], az_all_data, \"IPAddress\")\n",
    "\n",
    "md(\"Geolocations and ASN Owner for source IP addresses. Information only\", \"bold\")\n",
    "\n",
    "(all_az_geo[~all_az_geo[\"CountryName\"].isna()]\n",
    " .groupby([\"UserPrincipalName\", \"IPAddress\", \"CountryCode\",\"CountryName\", \"City\", \"ASNDesc\"])\n",
    " .agg(\n",
    "     TotalOperations=pd.NamedAgg(column=\"SourceSystem\", aggfunc=\"count\"),\n",
    "     Operations=pd.NamedAgg(column=\"Operation\", aggfunc=lambda x: x.value_counts().to_dict()),\n",
    "     AppResources=pd.NamedAgg(column=\"AppResourceProvider\", aggfunc=lambda x: x.unique().tolist()),\n",
    "     FirstLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"min\"),\n",
    "     LastLogon=pd.NamedAgg(column=\"TimeGenerated\", aggfunc=\"max\"),\n",
    "  )\n",
    ")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Additional alerts for source IP addresses"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 104,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-31T00:01:17.332134Z",
     "start_time": "2019-10-31T00:01:10.488413Z"
    }
   },
   "outputs": [
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold;color: red;font-size: 130%'>13 additional alerts have been triggered from one or more source IPs.</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/markdown": [
       "<p style='font-weight: bold;color: red'> You should investigate these IPs using the 'Entity Explorer - IP Address' notebook</p>"
      ],
      "text/plain": [
       "<IPython.core.display.Markdown object>"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    },
    {
     "data": {
      "text/html": [
       "<div>\n",
       "<style scoped>\n",
       "    .dataframe tbody tr th:only-of-type {\n",
       "        vertical-align: middle;\n",
       "    }\n",
       "\n",
       "    .dataframe tbody tr th {\n",
       "        vertical-align: top;\n",
       "    }\n",
       "\n",
       "    .dataframe thead th {\n",
       "        text-align: right;\n",
       "    }\n",
       "</style>\n",
       "<table border=\"1\" class=\"dataframe\">\n",
       "  <thead>\n",
       "    <tr style=\"text-align: right;\">\n",
       "      <th></th>\n",
       "      <th>TenantId</th>\n",
       "      <th>TimeGenerated</th>\n",
       "      <th>AlertDisplayName</th>\n",
       "      <th>AlertName</th>\n",
       "      <th>Severity</th>\n",
       "      <th>Description</th>\n",
       "      <th>ProviderName</th>\n",
       "      <th>VendorName</th>\n",
       "      <th>VendorOriginalId</th>\n",
       "      <th>SystemAlertId</th>\n",
       "      <th>ResourceId</th>\n",
       "      <th>SourceComputerId</th>\n",
       "      <th>AlertType</th>\n",
       "      <th>ConfidenceLevel</th>\n",
       "      <th>ConfidenceScore</th>\n",
       "      <th>IsIncident</th>\n",
       "      <th>StartTimeUtc</th>\n",
       "      <th>EndTimeUtc</th>\n",
       "      <th>ProcessingEndTime</th>\n",
       "      <th>RemediationSteps</th>\n",
       "      <th>ExtendedProperties</th>\n",
       "      <th>Entities</th>\n",
       "      <th>SourceSystem</th>\n",
       "      <th>WorkspaceSubscriptionId</th>\n",
       "      <th>WorkspaceResourceGroup</th>\n",
       "      <th>ExtendedLinks</th>\n",
       "      <th>ProductName</th>\n",
       "      <th>ProductComponentName</th>\n",
       "      <th>Type</th>\n",
       "      <th>SystemAlertId1</th>\n",
       "      <th>ExtendedProperties1</th>\n",
       "      <th>Entities1</th>\n",
       "      <th>MatchingIps</th>\n",
       "    </tr>\n",
       "  </thead>\n",
       "  <tbody>\n",
       "    <tr>\n",
       "      <td>19</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 22:11:41</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>2df2d792-aca7-43b5-9e31-fa4e0618ad8c</td>\n",
       "      <td>61787eba-f903-4b71-b211-dc1d6ec9b5f8</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 21:56:35</td>\n",
       "      <td>2019-10-16 22:06:35</td>\n",
       "      <td>2019-10-16 22:11:41</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>61787eba-f903-4b71-b211-dc1d6ec9b5f8</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>20</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 22:03:33</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>1d2be0b9-aded-4750-a372-47fbf1bf98b6</td>\n",
       "      <td>2519550e-4850-4616-974f-422b4867a161</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 21:48:26</td>\n",
       "      <td>2019-10-16 21:58:26</td>\n",
       "      <td>2019-10-16 22:03:33</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>2519550e-4850-4616-974f-422b4867a161</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>21</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 22:21:52</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>227353f7-f56b-4500-b843-564dec775729</td>\n",
       "      <td>695d982e-de0b-4dad-90fb-5ddc9ece3344</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 22:06:35</td>\n",
       "      <td>2019-10-16 22:16:35</td>\n",
       "      <td>2019-10-16 22:21:52</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>695d982e-de0b-4dad-90fb-5ddc9ece3344</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>22</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 22:48:10</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>8168f50f-5776-4f3b-99a0-0d32b8fb9ecd</td>\n",
       "      <td>3d0e8da1-c877-48db-a36f-978828669c25</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 21:43:04</td>\n",
       "      <td>2019-10-16 22:43:04</td>\n",
       "      <td>2019-10-16 22:48:10</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>3d0e8da1-c877-48db-a36f-978828669c25</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>23</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 22:33:12</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>3ef5d7e4-dae9-4a97-b51f-74ee823362d5</td>\n",
       "      <td>7aef8c9f-6e0f-49cd-b651-2327f9a1c801</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 22:18:05</td>\n",
       "      <td>2019-10-16 22:28:05</td>\n",
       "      <td>2019-10-16 22:33:12</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>7aef8c9f-6e0f-49cd-b651-2327f9a1c801</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>26</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-09-27 08:23:08</td>\n",
       "      <td>Activity from infrequent country</td>\n",
       "      <td>Activity from infrequent country</td>\n",
       "      <td>Medium</td>\n",
       "      <td>Megan Bowen (meganb@m365x648731.onmicrosoft.com) performed an activity. No activity was performe...</td>\n",
       "      <td>MCAS</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>B048A8BF-01C1-3C1A-9985-66191429FD36</td>\n",
       "      <td>4ea929d7-94f2-25b3-da0a-0247f9f7c206</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>MCAS_ALERT_ANUBIS_DETECTION_NEW_COUNTRY</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-09-27 08:18:42</td>\n",
       "      <td>2019-09-27 08:18:42</td>\n",
       "      <td>2019-09-27 08:23:07</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Cloud Applications\": \"Microsoft Azure\",\\r\\n  \"Countries\": \"US\",\\r\\n  \"IP Addresses\": \"50...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"50.35.65.178\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {...</td>\n",
       "      <td>Detection</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://m365x648731.portal.cloudappsecurity.com/#/policy/?id=eq(5d77739...</td>\n",
       "      <td>Microsoft Cloud App Security</td>\n",
       "      <td></td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>4ea929d7-94f2-25b3-da0a-0247f9f7c206</td>\n",
       "      <td>{\\r\\n  \"Cloud Applications\": \"Microsoft Azure\",\\r\\n  \"Countries\": \"US\",\\r\\n  \"IP Addresses\": \"50...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"50.35.65.178\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {...</td>\n",
       "      <td>[50.35.65.178]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>56</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 20:11:36</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>e4d06ca1-3bf4-4e8b-a6da-787091dc63ae</td>\n",
       "      <td>42925d1c-236c-4175-a2a6-39643b223902</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 19:06:30</td>\n",
       "      <td>2019-10-16 20:06:30</td>\n",
       "      <td>2019-10-16 20:11:36</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>42925d1c-236c-4175-a2a6-39643b223902</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>57</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 20:19:18</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>4dcea248-aebc-4b38-a1e3-575afe5a0277</td>\n",
       "      <td>b8eb1175-5262-434c-9de2-8b5854693c1f</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 19:14:11</td>\n",
       "      <td>2019-10-16 20:14:11</td>\n",
       "      <td>2019-10-16 20:19:18</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>b8eb1175-5262-434c-9de2-8b5854693c1f</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>58</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 20:29:17</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>52ba3b53-76b7-47f4-a8ca-707785c9315c</td>\n",
       "      <td>944e2de6-8c77-43b8-ac1e-feb2e893d33d</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 19:24:12</td>\n",
       "      <td>2019-10-16 20:24:12</td>\n",
       "      <td>2019-10-16 20:29:17</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>944e2de6-8c77-43b8-ac1e-feb2e893d33d</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>59</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 20:49:18</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>643a03f9-4899-4a0e-90a0-4c59cf30f183</td>\n",
       "      <td>22db1193-9161-43db-bf1c-6c489878a1f2</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 19:44:12</td>\n",
       "      <td>2019-10-16 20:44:12</td>\n",
       "      <td>2019-10-16 20:49:18</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>22db1193-9161-43db-bf1c-6c489878a1f2</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>61</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 20:59:20</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>c39ce083-84a2-4fc4-8805-2e74b42de9bd</td>\n",
       "      <td>a358c066-810d-4db7-a272-cc9e79b7d2f9</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 19:54:12</td>\n",
       "      <td>2019-10-16 20:54:12</td>\n",
       "      <td>2019-10-16 20:59:20</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>a358c066-810d-4db7-a272-cc9e79b7d2f9</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>63</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 20:01:35</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>80cf53be-6612-4288-bc38-d9cf6104c950</td>\n",
       "      <td>fdba59d6-731a-43e9-888b-97690a90a64c</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 18:56:30</td>\n",
       "      <td>2019-10-16 19:56:30</td>\n",
       "      <td>2019-10-16 20:01:35</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>fdba59d6-731a-43e9-888b-97690a90a64c</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "    <tr>\n",
       "      <td>64</td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n",
       "      <td>2019-10-16 20:39:19</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>High</td>\n",
       "      <td>Access from a suspicious IP leading to suspicious endpoint activity</td>\n",
       "      <td>ASI Scheduled Alerts</td>\n",
       "      <td>Microsoft</td>\n",
       "      <td>de87dbd4-aafd-40f5-aa5a-54f3006d044e</td>\n",
       "      <td>a399a710-351b-42b0-97c9-9f0d1a6ec972</td>\n",
       "      <td></td>\n",
       "      <td></td>\n",
       "      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c</td>\n",
       "      <td>Unknown</td>\n",
       "      <td>NaN</td>\n",
       "      <td>False</td>\n",
       "      <td>2019-10-16 19:34:12</td>\n",
       "      <td>2019-10-16 20:34:12</td>\n",
       "      <td>2019-10-16 20:39:19</td>\n",
       "      <td></td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>Detection</td>\n",
       "      <td>1c4b4612-7123-47db-bb74-f3b6fde75431</td>\n",
       "      <td>RedmondSentinelDemoRG</td>\n",
       "      <td></td>\n",
       "      <td>Azure Sentinel</td>\n",
       "      <td>Scheduled Alerts</td>\n",
       "      <td>SecurityAlert</td>\n",
       "      <td>a399a710-351b-42b0-97c9-9f0d1a6ec972</td>\n",
       "      <td>{\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...</td>\n",
       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...</td>\n",
       "      <td>[176.10.99.200]</td>\n",
       "    </tr>\n",
       "  </tbody>\n",
       "</table>\n",
       "</div>"
      ],
      "text/plain": [
       "                                TenantId       TimeGenerated  \\\n",
       "19  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 22:11:41   \n",
       "20  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 22:03:33   \n",
       "21  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 22:21:52   \n",
       "22  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 22:48:10   \n",
       "23  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 22:33:12   \n",
       "26  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-09-27 08:23:08   \n",
       "56  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 20:11:36   \n",
       "57  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 20:19:18   \n",
       "58  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 20:29:17   \n",
       "59  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 20:49:18   \n",
       "61  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 20:59:20   \n",
       "63  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 20:01:35   \n",
       "64  a927809c-8142-43e1-96b3-4ad87cfe95a3 2019-10-16 20:39:19   \n",
       "\n",
       "                                                       AlertDisplayName  \\\n",
       "19  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "20  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "21  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "22  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "23  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "26                                     Activity from infrequent country   \n",
       "56  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "57  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "58  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "59  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "61  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "63  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "64  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "\n",
       "                                                              AlertName  \\\n",
       "19  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "20  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "21  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "22  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "23  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "26                                     Activity from infrequent country   \n",
       "56  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "57  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "58  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "59  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "61  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "63  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "64  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "\n",
       "   Severity  \\\n",
       "19     High   \n",
       "20     High   \n",
       "21     High   \n",
       "22     High   \n",
       "23     High   \n",
       "26   Medium   \n",
       "56     High   \n",
       "57     High   \n",
       "58     High   \n",
       "59     High   \n",
       "61     High   \n",
       "63     High   \n",
       "64     High   \n",
       "\n",
       "                                                                                            Description  \\\n",
       "19                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "20                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "21                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "22                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "23                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "26  Megan Bowen (meganb@m365x648731.onmicrosoft.com) performed an activity. No activity was performe...   \n",
       "56                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "57                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "58                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "59                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "61                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "63                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "64                                  Access from a suspicious IP leading to suspicious endpoint activity   \n",
       "\n",
       "            ProviderName VendorName                      VendorOriginalId  \\\n",
       "19  ASI Scheduled Alerts  Microsoft  2df2d792-aca7-43b5-9e31-fa4e0618ad8c   \n",
       "20  ASI Scheduled Alerts  Microsoft  1d2be0b9-aded-4750-a372-47fbf1bf98b6   \n",
       "21  ASI Scheduled Alerts  Microsoft  227353f7-f56b-4500-b843-564dec775729   \n",
       "22  ASI Scheduled Alerts  Microsoft  8168f50f-5776-4f3b-99a0-0d32b8fb9ecd   \n",
       "23  ASI Scheduled Alerts  Microsoft  3ef5d7e4-dae9-4a97-b51f-74ee823362d5   \n",
       "26                  MCAS  Microsoft  B048A8BF-01C1-3C1A-9985-66191429FD36   \n",
       "56  ASI Scheduled Alerts  Microsoft  e4d06ca1-3bf4-4e8b-a6da-787091dc63ae   \n",
       "57  ASI Scheduled Alerts  Microsoft  4dcea248-aebc-4b38-a1e3-575afe5a0277   \n",
       "58  ASI Scheduled Alerts  Microsoft  52ba3b53-76b7-47f4-a8ca-707785c9315c   \n",
       "59  ASI Scheduled Alerts  Microsoft  643a03f9-4899-4a0e-90a0-4c59cf30f183   \n",
       "61  ASI Scheduled Alerts  Microsoft  c39ce083-84a2-4fc4-8805-2e74b42de9bd   \n",
       "63  ASI Scheduled Alerts  Microsoft  80cf53be-6612-4288-bc38-d9cf6104c950   \n",
       "64  ASI Scheduled Alerts  Microsoft  de87dbd4-aafd-40f5-aa5a-54f3006d044e   \n",
       "\n",
       "                           SystemAlertId ResourceId SourceComputerId  \\\n",
       "19  61787eba-f903-4b71-b211-dc1d6ec9b5f8                               \n",
       "20  2519550e-4850-4616-974f-422b4867a161                               \n",
       "21  695d982e-de0b-4dad-90fb-5ddc9ece3344                               \n",
       "22  3d0e8da1-c877-48db-a36f-978828669c25                               \n",
       "23  7aef8c9f-6e0f-49cd-b651-2327f9a1c801                               \n",
       "26  4ea929d7-94f2-25b3-da0a-0247f9f7c206                               \n",
       "56  42925d1c-236c-4175-a2a6-39643b223902                               \n",
       "57  b8eb1175-5262-434c-9de2-8b5854693c1f                               \n",
       "58  944e2de6-8c77-43b8-ac1e-feb2e893d33d                               \n",
       "59  22db1193-9161-43db-bf1c-6c489878a1f2                               \n",
       "61  a358c066-810d-4db7-a272-cc9e79b7d2f9                               \n",
       "63  fdba59d6-731a-43e9-888b-97690a90a64c                               \n",
       "64  a399a710-351b-42b0-97c9-9f0d1a6ec972                               \n",
       "\n",
       "                                                                    AlertType  \\\n",
       "19  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "20  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "21  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "22  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "23  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "26                                    MCAS_ALERT_ANUBIS_DETECTION_NEW_COUNTRY   \n",
       "56  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "57  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "58  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "59  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "61  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "63  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "64  a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c   \n",
       "\n",
       "   ConfidenceLevel  ConfidenceScore  IsIncident        StartTimeUtc  \\\n",
       "19         Unknown              NaN       False 2019-10-16 21:56:35   \n",
       "20         Unknown              NaN       False 2019-10-16 21:48:26   \n",
       "21         Unknown              NaN       False 2019-10-16 22:06:35   \n",
       "22         Unknown              NaN       False 2019-10-16 21:43:04   \n",
       "23         Unknown              NaN       False 2019-10-16 22:18:05   \n",
       "26         Unknown              NaN       False 2019-09-27 08:18:42   \n",
       "56         Unknown              NaN       False 2019-10-16 19:06:30   \n",
       "57         Unknown              NaN       False 2019-10-16 19:14:11   \n",
       "58         Unknown              NaN       False 2019-10-16 19:24:12   \n",
       "59         Unknown              NaN       False 2019-10-16 19:44:12   \n",
       "61         Unknown              NaN       False 2019-10-16 19:54:12   \n",
       "63         Unknown              NaN       False 2019-10-16 18:56:30   \n",
       "64         Unknown              NaN       False 2019-10-16 19:34:12   \n",
       "\n",
       "            EndTimeUtc   ProcessingEndTime RemediationSteps  \\\n",
       "19 2019-10-16 22:06:35 2019-10-16 22:11:41                    \n",
       "20 2019-10-16 21:58:26 2019-10-16 22:03:33                    \n",
       "21 2019-10-16 22:16:35 2019-10-16 22:21:52                    \n",
       "22 2019-10-16 22:43:04 2019-10-16 22:48:10                    \n",
       "23 2019-10-16 22:28:05 2019-10-16 22:33:12                    \n",
       "26 2019-09-27 08:18:42 2019-09-27 08:23:07                    \n",
       "56 2019-10-16 20:06:30 2019-10-16 20:11:36                    \n",
       "57 2019-10-16 20:14:11 2019-10-16 20:19:18                    \n",
       "58 2019-10-16 20:24:12 2019-10-16 20:29:17                    \n",
       "59 2019-10-16 20:44:12 2019-10-16 20:49:18                    \n",
       "61 2019-10-16 20:54:12 2019-10-16 20:59:20                    \n",
       "63 2019-10-16 19:56:30 2019-10-16 20:01:35                    \n",
       "64 2019-10-16 20:34:12 2019-10-16 20:39:19                    \n",
       "\n",
       "                                                                                     ExtendedProperties  \\\n",
       "19  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "20  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "21  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "22  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...   \n",
       "23  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...   \n",
       "26  {\\r\\n  \"Cloud Applications\": \"Microsoft Azure\",\\r\\n  \"Countries\": \"US\",\\r\\n  \"IP Addresses\": \"50...   \n",
       "56  {\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...   \n",
       "57  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "58  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "59  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "61  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "63  {\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...   \n",
       "64  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "\n",
       "                                                                                               Entities  \\\n",
       "19  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "20  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "21  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...   \n",
       "22  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...   \n",
       "23  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...   \n",
       "26  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"50.35.65.178\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {...   \n",
       "56  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "57  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "58  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "59  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "61  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "63  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "64  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "\n",
       "   SourceSystem               WorkspaceSubscriptionId WorkspaceResourceGroup  \\\n",
       "19    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "20    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "21    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "22    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "23    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "26    Detection                                                                \n",
       "56    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "57    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "58    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "59    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "61    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "63    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "64    Detection  1c4b4612-7123-47db-bb74-f3b6fde75431  RedmondSentinelDemoRG   \n",
       "\n",
       "                                                                                          ExtendedLinks  \\\n",
       "19                                                                                                        \n",
       "20                                                                                                        \n",
       "21                                                                                                        \n",
       "22                                                                                                        \n",
       "23                                                                                                        \n",
       "26  [\\r\\n  {\\r\\n    \"Href\": \"https://m365x648731.portal.cloudappsecurity.com/#/policy/?id=eq(5d77739...   \n",
       "56                                                                                                        \n",
       "57                                                                                                        \n",
       "58                                                                                                        \n",
       "59                                                                                                        \n",
       "61                                                                                                        \n",
       "63                                                                                                        \n",
       "64                                                                                                        \n",
       "\n",
       "                     ProductName ProductComponentName           Type  \\\n",
       "19                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "20                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "21                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "22                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "23                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "26  Microsoft Cloud App Security                       SecurityAlert   \n",
       "56                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "57                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "58                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "59                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "61                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "63                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "64                Azure Sentinel     Scheduled Alerts  SecurityAlert   \n",
       "\n",
       "                          SystemAlertId1  \\\n",
       "19  61787eba-f903-4b71-b211-dc1d6ec9b5f8   \n",
       "20  2519550e-4850-4616-974f-422b4867a161   \n",
       "21  695d982e-de0b-4dad-90fb-5ddc9ece3344   \n",
       "22  3d0e8da1-c877-48db-a36f-978828669c25   \n",
       "23  7aef8c9f-6e0f-49cd-b651-2327f9a1c801   \n",
       "26  4ea929d7-94f2-25b3-da0a-0247f9f7c206   \n",
       "56  42925d1c-236c-4175-a2a6-39643b223902   \n",
       "57  b8eb1175-5262-434c-9de2-8b5854693c1f   \n",
       "58  944e2de6-8c77-43b8-ac1e-feb2e893d33d   \n",
       "59  22db1193-9161-43db-bf1c-6c489878a1f2   \n",
       "61  a358c066-810d-4db7-a272-cc9e79b7d2f9   \n",
       "63  fdba59d6-731a-43e9-888b-97690a90a64c   \n",
       "64  a399a710-351b-42b0-97c9-9f0d1a6ec972   \n",
       "\n",
       "                                                                                    ExtendedProperties1  \\\n",
       "19  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "20  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "21  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "22  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...   \n",
       "23  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit...   \n",
       "26  {\\r\\n  \"Cloud Applications\": \"Microsoft Azure\",\\r\\n  \"Countries\": \"US\",\\r\\n  \"IP Addresses\": \"50...   \n",
       "56  {\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...   \n",
       "57  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "58  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "59  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "61  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "63  {\\r\\n  \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"...   \n",
       "64  {\\r\\n  \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe...   \n",
       "\n",
       "                                                                                              Entities1  \\\n",
       "19  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "20  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "21  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...   \n",
       "22  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...   \n",
       "23  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n  },...   \n",
       "26  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"50.35.65.178\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {...   \n",
       "56  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "57  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "58  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "59  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "61  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "63  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "64  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Type\": \"url\",\\r\\n    \"Url\": \"http://host.gomencom.website/Do...   \n",
       "\n",
       "        MatchingIps  \n",
       "19  [176.10.99.200]  \n",
       "20  [176.10.99.200]  \n",
       "21  [176.10.99.200]  \n",
       "22  [176.10.99.200]  \n",
       "23  [176.10.99.200]  \n",
       "26   [50.35.65.178]  \n",
       "56  [176.10.99.200]  \n",
       "57  [176.10.99.200]  \n",
       "58  [176.10.99.200]  \n",
       "59  [176.10.99.200]  \n",
       "61  [176.10.99.200]  \n",
       "63  [176.10.99.200]  \n",
       "64  [176.10.99.200]  "
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "ip_list = \",\".join(list(src_ip_addrs_az[\"IPAddress\"].unique()))\n",
    "related_ip_alerts_df = qry_prov.SecurityAlert.list_alerts_for_ip(\n",
    "    start=acct_query_params()[\"start\"],\n",
    "    end=acct_query_params()[\"end\"],\n",
    "    source_ip_list=ip_list\n",
    ")\n",
    "# remove Account and host alerts already seen\n",
    "related_ip_alerts_df = related_ip_alerts_df[~related_ip_alerts_df[\"SystemAlertId\"]\n",
    "                                            .isin(related_alerts[\"SystemAlertId\"])]\n",
    "if not related_ip_alerts_df.empty:\n",
    "    md(f\"{len(related_ip_alerts_df)} additional alerts have been \"\n",
    "       + \"triggered from one or more source IPs.\", \"bold, red, large\")\n",
    "    md(\" You should investigate these IPs using \"\n",
    "       + \"the 'Entity Explorer - IP Address' notebook\", \"bold, red\" )\n",
    "    display(related_ip_alerts_df)"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Appendices"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Available DataFrames"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-10-18T03:26:11.596865Z",
     "start_time": "2019-10-18T03:26:11.58687Z"
    },
    "scrolled": true
   },
   "outputs": [],
   "source": [
    "print('List of current DataFrames in Notebook')\n",
    "print('-' * 50)\n",
    "current_vars = list(locals().keys())\n",
    "for var_name in current_vars:\n",
    "    if isinstance(locals()[var_name], pd.DataFrame) and not var_name.startswith('_'):\n",
    "        print(var_name)"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### Saving data to Excel\n",
    "To save the contents of a pandas DataFrame to an Excel spreadsheet\n",
    "use the following syntax\n",
    "```\n",
    "writer = pd.ExcelWriter('myWorksheet.xlsx')\n",
    "my_data_frame.to_excel(writer,'Sheet1')\n",
    "writer.save()\n",
    "```"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Setup\n",
    "If you have not run this Notebook before please run this cell before running the rest of the Notebook."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {
    "ExecuteTime": {
     "end_time": "2019-09-16T14:59:27.997028Z",
     "start_time": "2019-09-16T14:59:25.603397Z"
    },
    "scrolled": true
   },
   "outputs": [],
   "source": [
    "import sys\n",
    "import warnings\n",
    "warnings.filterwarnings(\"ignore\",category=DeprecationWarning)\n",
    "\n",
    "\n",
    "MIN_REQ_PYTHON = (3,6)\n",
    "if sys.version_info < MIN_REQ_PYTHON:\n",
    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
    "    print('or later is selected as the active kernel.')\n",
    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
    "\n",
    "# Package Installs - try to avoid if they are already installed\n",
    "try:\n",
    "    import Kqlmagic\n",
    "    from ipwhois import IPWhois\n",
    "    print('If you answer \"n\" this cell will exit with an error in order to avoid the pip install calls,')\n",
    "    print('This error can safely be ignored.')\n",
    "    resp = input('msticpy and Kqlmagic packages are already loaded. Do you want to re-install? (y/n)')\n",
    "    if resp.strip().lower() != 'y':\n",
    "        sys.exit('pip install aborted - you may skip this error and continue.')\n",
    "    else:\n",
    "        print('After installation has completed, restart the current kernel and run '\n",
    "              'the notebook again skipping this cell.')\n",
    "except ImportError:\n",
    "    pass\n",
    "\n",
    "print('\\nPlease wait. Installing required packages. This may take a few minutes...')\n",
    "!pip install msticpy --upgrade --user\n",
    "!pip install ipwhois --upgrade --user\n",
    " \n",
    "# Uncomment to refresh the maxminddb database\n",
    "# !pip install maxminddb-geolite2 --upgrade \n",
    "print('To ensure that the latest versions of the installed libraries '\n",
    "      'are used, please restart the current kernel and run '\n",
    "      'the notebook again skipping this cell.')"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "### `msticpyconfig.yaml` configuration File\n",
    "You can configure primary and secondary TI providers and any required parameters in the `msticpyconfig.yaml` file. This is read from the current directory or you can set an environment variable (`MSTICPYCONFIG`) pointing to its location.\n",
    "\n",
    "To configure this file see the [ConfigureNotebookEnvironment notebook](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb)"
   ]
  }
 ],
 "metadata": {
  "celltoolbar": "Attachments",
  "hide_input": false,
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.7.4"
  },
  "toc": {
   "base_numbering": 1,
   "nav_menu": {},
   "number_sections": true,
   "sideBar": true,
   "skip_h1_title": true,
   "title_cell": "Contents",
   "title_sidebar": "Contents",
   "toc_cell": true,
   "toc_position": {
    "height": "calc(100% - 180px)",
    "left": "10px",
    "top": "150px",
    "width": "512px"
   },
   "toc_section_display": true,
   "toc_window_display": true
  },
  "varInspector": {
   "cols": {
    "lenName": 16,
    "lenType": 16,
    "lenVar": 40
   },
   "kernels_config": {
    "python": {
     "delete_cmd_postfix": "",
     "delete_cmd_prefix": "del ",
     "library": "var_list.py",
     "varRefreshCmd": "print(var_dic_list())"
    },
    "r": {
     "delete_cmd_postfix": ") ",
     "delete_cmd_prefix": "rm(",
     "library": "var_list.r",
     "varRefreshCmd": "cat(var_dic_list()) "
    }
   },
   "types_to_exclude": [
    "module",
    "function",
    "builtin_function_or_method",
    "instance",
    "_Feature"
   ],
   "window_display": false
  },
  "widgets": {
   "application/vnd.jupyter.widget-state+json": {
    "state": {
     "007091c30218497494a35dd3ffc35251": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "00ea98db21ca468ca0d9d647f17f37bc": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "035ff12b609d4f7da9a510b9c25c1d72": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_ed6a98c8255941e7baf94ebff51afb2d",
       "outputs": [
        {
         "data": {
          "text/markdown": "<p style='font-weight: bold'>ianh@m365x054215.onmicrosoft.com (source: O365Activity)</p>",
          "text/plain": "<IPython.core.display.Markdown object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>OfficeId</th>\n      <th>RecordType</th>\n      <th>TimeGenerated</th>\n      <th>Operation</th>\n      <th>OrganizationId</th>\n      <th>UserType</th>\n      <th>UserKey</th>\n      <th>AppResourceProvider</th>\n      <th>ResultStatus</th>\n      <th>ResourceId</th>\n      <th>UserId</th>\n      <th>IPAddress</th>\n      <th>Site_</th>\n      <th>ItemType</th>\n      <th>EventSource</th>\n      <th>Source_Name</th>\n      <th>UserAgent</th>\n      <th>MachineDomainInfo</th>\n      <th>MachineId</th>\n      <th>Site_Url</th>\n      <th>SourceRelativeUrl</th>\n      <th>SourceFileName</th>\n      <th>SourceFileExtension</th>\n      <th>DestinationRelativeUrl</th>\n      <th>DestinationFileName</th>\n      <th>...</th>\n      <th>LoginStatus</th>\n      <th>UserDomain</th>\n      <th>Actor</th>\n      <th>ActorContextId</th>\n      <th>ActorIpAddress</th>\n      <th>InterSystemsId</th>\n      <th>IntraSystemId</th>\n      <th>SupportTicketId</th>\n      <th>AADTarget</th>\n      <th>TargetContextId</th>\n      <th>DataCenterSecurityEventType</th>\n      <th>Start_Time</th>\n      <th>EffectiveOrganization</th>\n      <th>ElevationTime</th>\n      <th>ElevationApprover</th>\n      <th>ElevationApprovedTime</th>\n      <th>ElevationRequestId</th>\n      <th>ElevationRole</th>\n      <th>ElevationDuration</th>\n      <th>GenericInfo</th>\n      <th>TenantId</th>\n      <th>OfficeTenantId</th>\n      <th>SourceSystem</th>\n      <th>Type</th>\n      <th>UserPrincipalName</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>90</td>\n      <td>1827a799-9b5f-4082-b7c2-08d693b9fec0</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:53:57</td>\n      <td>FileUploaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>20.190.133.114</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>89</td>\n      <td>ea0dfabe-6ca3-4844-3dd4-08d693ba08e5</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:54:14</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>91</td>\n      <td>935acd8c-d863-42ca-e4a0-08d693ba0dc0</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:54:22</td>\n      <td>FileModified</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.158.170</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>84</td>\n      <td>5a043c42-2b3d-45ac-f185-08d693ba204e</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:54:53</td>\n      <td>FileModified</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.159.43</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>88</td>\n      <td>648e58df-14f2-49f2-bd80-08d693ba2400</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:54:59</td>\n      <td>FileUploaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.159.203</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Terms and Conditions.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>85</td>\n      <td>ae7d7ace-8fe1-4312-b264-08d693ba247e</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:55:00</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Terms and Conditions.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>87</td>\n      <td>c2019e59-aba1-4b2a-682d-08d693ba2633</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:55:03</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.159.203</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Terms and Conditions.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>80</td>\n      <td>36e891b6-7414-46dc-e76f-08d693ba639f</td>\n      <td>SharePoint</td>\n      <td>2019-02-16 02:56:46</td>\n      <td>PageViewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/_layouts/15/oned...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>Page</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>83</td>\n      <td>18c68639-c938-46de-6e0d-08d693ba6694</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:56:51</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Forms</td>\n      <td>Upload.aspx</td>\n      <td>aspx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>82</td>\n      <td>24133802-d613-4792-d05b-08d693ba6696</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:56:51</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Forms</td>\n      <td>EditForm.aspx</td>\n      <td>aspx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>81</td>\n      <td>72db453b-1b99-4d37-3292-08d693ba6699</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:56:51</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Forms</td>\n      <td>DispForm.aspx</td>\n      <td>aspx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>86</td>\n      <td>c82f7b30-c6dc-4214-4380-08d693ba67d6</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 02:56:53</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/User Photos/Profile Pictures/ianh_m365x054215_onmicrosoft_...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>94823fb0-11d5-4424-b933-8663eafa73a3</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/</td>\n      <td>User Photos/Profile Pictures</td>\n      <td>ianh_m365x054215_onmicrosoft_com_SThumb.jpg</td>\n      <td>jpg</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>104</td>\n      <td>d593ad26-d978-409d-2bb5-08d693bae0d4</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:00:16</td>\n      <td>FileUploaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document1.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>103</td>\n      <td>01beef88-e772-4fb7-f05a-08d693bae0d8</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:00:16</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document1.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>102</td>\n      <td>0c4afb68-27a9-4044-4d83-08d693bae2e8</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:00:19</td>\n      <td>FileModified</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.158.170</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document1.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>97</td>\n      <td>f0cf46cf-23db-4fd9-ee33-08d693baf24e</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:00:45</td>\n      <td>FileModifiedExtended</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.159.43</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document1.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>96</td>\n      <td>91d7343f-a4ae-44d3-5dfc-08d693baf2fd</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:00:46</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Extended Terms.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>98</td>\n      <td>a02ecb4d-9193-4f52-a22c-08d693baf297</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:00:46</td>\n      <td>FileUploaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.159.166</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Extended Terms.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>95</td>\n      <td>5b266285-7633-4362-eb31-08d693baf4e7</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:00:50</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.159.203</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Extended Terms.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>101</td>\n      <td>1eee2dca-752e-4d84-e02a-08d693bb0343</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:01:14</td>\n      <td>FileUploaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>20.190.133.115</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Book.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>100</td>\n      <td>579df58a-380c-401a-a274-08d693bb0483</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:01:16</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Book.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>94</td>\n      <td>89d902e8-26d9-4ff7-8a7e-08d693bb05ac</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:01:18</td>\n      <td>FileModified</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.126.127</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Book.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>92</td>\n      <td>3e9d7170-5ed8-4b45-0ff0-08d693bb1274</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:01:39</td>\n      <td>FileModifiedExtended</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.126.127</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Book.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>93</td>\n      <td>82a80319-3d31-42a5-9b6d-08d693bb12e1</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:01:40</td>\n      <td>FileUploaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>40.81.126.127</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>MSWAC</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Budget 2019.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>99</td>\n      <td>fdc8e70e-83f0-4f40-bd2f-08d693bb130f</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:01:40</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>131.107.147.209</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Budget 2019.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>2019-02-16 03:06:18</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>68</td>\n      <td>55d9a7c7-c31b-4865-9436-256252407703</td>\n      <td>AzureActiveDirectoryStsLogon</td>\n      <td>2019-02-16 03:43:14</td>\n      <td>UserLoginFailed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>100320003B5602FC@m365x054215.onmicrosoft.com</td>\n      <td>AzureActiveDirectory</td>\n      <td>Failed</td>\n      <td>00000002-0000-0000-c000-000000000000</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td>[\\r\\n  {\\r\\n    \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n    \"Type\": 0\\r\\n  },\\r\\n  {\\r\\...</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>23.97.60.214</td>\n      <td>c3d42f80-984c-49e4-84d4-accb5a5a825f</td>\n      <td>c02218e3-d179-46ac-ac77-c4fd6a320200</td>\n      <td></td>\n      <td>[\\r\\n  {\\r\\n    \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n    \"Type\": 0\\r\\n  }\\r\\n]</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>NaN</td>\n      <td>2019-02-16 04:10:48</td>\n      <td></td>\n      <td>2019-02-16 04:10:48</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>76</td>\n      <td>bf8f66bf-8964-4676-bfba-7c317454fcfa</td>\n      <td>AzureActiveDirectoryStsLogon</td>\n      <td>2019-02-16 03:43:25</td>\n      <td>UserLoginFailed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>100320003B5602FC@m365x054215.onmicrosoft.com</td>\n      <td>AzureActiveDirectory</td>\n      <td>Failed</td>\n      <td>00000002-0000-0000-c000-000000000000</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td>[\\r\\n  {\\r\\n    \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n    \"Type\": 0\\r\\n  },\\r\\n  {\\r\\...</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>23.97.60.214</td>\n      <td>c3d42f80-984c-49e4-84d4-accb5a5a825f</td>\n      <td>13b6bf66-c216-4c8c-bcd4-c7761a2e0200</td>\n      <td></td>\n      <td>[\\r\\n  {\\r\\n    \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n    \"Type\": 0\\r\\n  }\\r\\n]</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>NaN</td>\n      <td>2019-02-16 04:10:48</td>\n      <td></td>\n      <td>2019-02-16 04:10:48</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>67</td>\n      <td>c8466fb6-95f5-4644-9db1-9b0ee471abd4</td>\n      <td>AzureActiveDirectoryStsLogon</td>\n      <td>2019-02-16 03:43:50</td>\n      <td>UserLoginFailed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>100320003B5602FC@m365x054215.onmicrosoft.com</td>\n      <td>AzureActiveDirectory</td>\n      <td>Failed</td>\n      <td>00000002-0000-0000-c000-000000000000</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td>[\\r\\n  {\\r\\n    \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n    \"Type\": 0\\r\\n  },\\r\\n  {\\r\\...</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>23.97.60.214</td>\n      <td>c3d42f80-984c-49e4-84d4-accb5a5a825f</td>\n      <td>919e17a5-9f6c-4bcc-87e5-7bc4a13f0200</td>\n      <td></td>\n      <td>[\\r\\n  {\\r\\n    \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n    \"Type\": 0\\r\\n  }\\r\\n]</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>NaN</td>\n      <td>2019-02-16 04:10:48</td>\n      <td></td>\n      <td>2019-02-16 04:10:48</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>58</td>\n      <td>b799f496-12e2-43e2-0153-08d693c10ec2</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:30</td>\n      <td>FilePreviewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>20.190.140.50</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Terms and Conditions.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>31</td>\n      <td>80843a0e-5f5d-41a3-b3d9-08d693c10ef4</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:30</td>\n      <td>FilePreviewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>20.190.140.50</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>56</td>\n      <td>43b403d5-150e-49d8-87bb-08d693c10e92</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:30</td>\n      <td>FilePreviewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>20.190.140.50</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document1.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>30</td>\n      <td>b336877e-04c3-4981-3b68-08d693c10f1d</td>\n      <td>SharePoint</td>\n      <td>2019-02-16 03:44:31</td>\n      <td>PageViewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/_layouts/15/oned...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>Page</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>57</td>\n      <td>1972246f-d5f6-43fc-dadd-08d693c1100a</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:32</td>\n      <td>FilePreviewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>55</td>\n      <td>069a9542-bc4f-4850-001f-08d693c11014</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:32</td>\n      <td>FilePreviewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Terms and Conditions.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>54</td>\n      <td>dc4e9352-915f-4a09-24e5-08d693c10fb8</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:32</td>\n      <td>FilePreviewed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document1.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>4</td>\n      <td>15a0b86e-1d7f-4581-79a9-08d693c111bb</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:35</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Forms</td>\n      <td>DispForm.aspx</td>\n      <td>aspx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>5</td>\n      <td>0c07c626-95a6-4ddb-1890-08d693c111b9</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:35</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Forms</td>\n      <td>EditForm.aspx</td>\n      <td>aspx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>6</td>\n      <td>ab389151-c8ee-45ff-b5bd-08d693c111b6</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:35</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Forms</td>\n      <td>Upload.aspx</td>\n      <td>aspx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>7</td>\n      <td>9fd6d462-17af-4539-7cbb-08d693c11323</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:37</td>\n      <td>FileAccessed</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/User Photos/Profile Pictures/ianh_m365x054215_onmicrosoft_...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>94823fb0-11d5-4424-b933-8663eafa73a3</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/</td>\n      <td>User Photos/Profile Pictures</td>\n      <td>ianh_m365x054215_onmicrosoft_com_SThumb.jpg</td>\n      <td>jpg</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>53</td>\n      <td>709a549c-b747-44c4-dc40-08d693c11cdf</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:54</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Book.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>29</td>\n      <td>c1b5f773-b5bd-4333-4d12-08d693c11d3d</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:54</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Getting Started English.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>52</td>\n      <td>b56975a9-1a8f-4c84-dddd-08d693c11e85</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:56</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Getting Started French.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>28</td>\n      <td>636946bd-4558-4836-73df-08d693c11eea</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:57</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Getting Started German.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>51</td>\n      <td>4620ed55-ea54-4f13-48b9-08d693c11f74</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:58</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Getting Started Japanese.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>50</td>\n      <td>1dcf62a7-67d5-49d9-644a-08d693c12054</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:59</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Manual Addendum English.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>27</td>\n      <td>880d1425-bd87-4b6f-57b8-08d693c11fcf</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:44:59</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Getting Started Spanish.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>49</td>\n      <td>e742a1e9-d9e4-4d16-c1e5-08d693c120b3</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:00</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Manual Addendum German.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>25</td>\n      <td>84cbe412-b00e-49ae-4ab6-08d693c120c7</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:00</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Manual Addendum Japanese.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>26</td>\n      <td>d6c655c7-6da5-444b-1352-08d693c1206f</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:00</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Manual Addendum French.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>47</td>\n      <td>675c68e5-b826-4487-7efc-08d693c12153</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:01</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Manuals</td>\n      <td>Nakamichi_480_service_manual.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>48</td>\n      <td>05980b7f-27d0-4086-8390-08d693c120f6</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:01</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Absynth</td>\n      <td>Absynth 5 Manual Addendum Spanish.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>24</td>\n      <td>83332db6-a62c-4dfd-e57a-08d693c12121</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:01</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Manuals</td>\n      <td>MAudio-KS61ES_EN01.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>23</td>\n      <td>7fbff88a-bbf9-4cc0-41bc-08d693c121a0</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:02</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Manuals</td>\n      <td>Nakamichi_480_service_manual.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>46</td>\n      <td>c0924668-e962-49bf-ab30-08d693c12284</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:03</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Manuals</td>\n      <td>Nakamichi_CDP-2_service_manual.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>22</td>\n      <td>805770c0-3be4-47f9-5c6d-08d693c122be</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:04</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Manuals</td>\n      <td>Nakamichi_CDP-2_service_manual.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>45</td>\n      <td>d5656882-a44f-4919-3d71-08d693c1237a</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:05</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Manuals</td>\n      <td>Nakamichi_CR-3_service_manual.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>21</td>\n      <td>90c5b161-451b-4c88-eb68-08d693c123f1</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:06</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive 1.1.4 Manual Addendum English.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>20</td>\n      <td>0791c847-475d-48e1-8383-08d693c1246b</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:06</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive/License Agreement</td>\n      <td>EULA Native Instruments deutsch.rtf</td>\n      <td>rtf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>44</td>\n      <td>b08da3cb-5e37-49ce-0c7e-08d693c1244c</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:06</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive/License Agreement</td>\n      <td>EULA Native Instruments deutsch.rtf</td>\n      <td>rtf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>43</td>\n      <td>fcb00b0c-50b7-43ca-2b70-08d693c1250d</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:07</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive/License Agreement</td>\n      <td>EULA Native Instruments English.rtf</td>\n      <td>rtf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>19</td>\n      <td>2e0456e2-c6b2-4e1d-056d-08d693c1252f</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:08</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive/License Agreement</td>\n      <td>EULA Native Instruments English.rtf</td>\n      <td>rtf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>42</td>\n      <td>24c2e6e1-6de5-44bf-bfc7-08d693c125e3</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:09</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive/License Agreement</td>\n      <td>EULA Native Instruments Japanese.rtf</td>\n      <td>rtf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>18</td>\n      <td>4a3fadc6-3635-4542-3727-08d693c12603</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:09</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive/License Agreement</td>\n      <td>EULA Native Instruments Japanese.rtf</td>\n      <td>rtf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>41</td>\n      <td>bc5a4457-b2e4-4b69-18fd-08d693c126bf</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:10</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Getting Started English.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>17</td>\n      <td>4cd008e7-98da-48a6-0545-08d693c126f4</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:11</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Getting Started French.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>40</td>\n      <td>9a952e38-6fee-456e-4df6-08d693c12755</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:11</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Getting Started German.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>16</td>\n      <td>80041b7a-a9ad-41ef-9a60-08d693c127ab</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:12</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Getting Started Japanese.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>39</td>\n      <td>30576328-c871-4789-1fa2-08d693c12808</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:12</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Getting Started Spanish.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>14</td>\n      <td>cb0ef8e9-fdb3-4429-b7f3-08d693c1288b</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:13</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Addendum German.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>15</td>\n      <td>3d86465e-01a0-4991-94a6-08d693c12846</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:13</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Addendum English.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>38</td>\n      <td>30dff6e4-2199-439a-a544-08d693c1286e</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:13</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Addendum French.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>13</td>\n      <td>31adfd42-cf87-44f0-f084-08d693c128c4</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:14</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Addendum Spanish.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>37</td>\n      <td>7197f34b-8f0c-4ad5-f037-08d693c128ba</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:14</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Addendum Japanese.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>36</td>\n      <td>5a7fb393-eb78-4534-2705-08d693c12913</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:14</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual English.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>12</td>\n      <td>7a80f900-5593-4103-4906-08d693c129a0</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:15</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual French.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>35</td>\n      <td>f8b2d971-651c-44d6-18b5-08d693c12a49</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:16</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual German.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>11</td>\n      <td>769079c4-81b9-4836-76b2-08d693c12ad1</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:17</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Japanese.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>34</td>\n      <td>fa6f2bac-4628-452d-e48e-08d693c12b1a</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:18</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Japanese.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>3</td>\n      <td>8e4239eb-d72b-4d33-2ca2-08d693c12b16</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:18</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Japanese.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>10</td>\n      <td>25c2f107-0a63-4734-e0d6-08d693c12bde</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:19</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Massive Manual Spanish.pdf</td>\n      <td>pdf</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>33</td>\n      <td>d5282c43-9c29-4e5f-71e8-08d693c12c6d</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:20</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents/Documents/Massive</td>\n      <td>Readme.txt</td>\n      <td>txt</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>9</td>\n      <td>3d6e67d1-d61f-4db0-772d-08d693c12c96</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:20</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>8</td>\n      <td>75d9efdb-8c13-4c4a-734c-08d693c12cd4</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:20</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Terms and Conditions.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>2</td>\n      <td>464fb121-5147-4b1a-f34a-08d693c12c82</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:20</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Budget 2019.xlsx</td>\n      <td>xlsx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>32</td>\n      <td>c4d63cf4-c616-41cd-bcdc-08d693c12cb9</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:20</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Document1.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n    <tr>\n      <td>1</td>\n      <td>2f2a649f-51f1-4734-52d7-08d693c12cc3</td>\n      <td>SharePointFileOperation</td>\n      <td>2019-02-16 03:45:20</td>\n      <td>FileDownloaded</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>Regular</td>\n      <td>i:0h.f|membership|100320003b5602fc@live.com</td>\n      <td>OneDrive</td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n      <td>23.97.60.214</td>\n      <td>4f96a3b3-f5ae-4706-af77-7984baf27d79</td>\n      <td>File</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>OneDriveMpc/1.0</td>\n      <td></td>\n      <td></td>\n      <td>https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/</td>\n      <td>Documents</td>\n      <td>Extended Terms.docx</td>\n      <td>docx</td>\n      <td></td>\n      <td></td>\n      <td>...</td>\n      <td>NaN</td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>2019-02-16 03:57:58</td>\n      <td></td>\n      <td>NaT</td>\n      <td></td>\n      <td></td>\n      <td>NaN</td>\n      <td></td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>aa46238d-13fc-4314-8f0c-94044435adb1</td>\n      <td>OfficeActivityManager</td>\n      <td>OfficeActivity</td>\n      <td>ianh@m365x054215.onmicrosoft.com</td>\n    </tr>\n  </tbody>\n</table>\n<p>86 rows × 92 columns</p>\n</div>",
          "text/plain": "                                 OfficeId                    RecordType  \\\n90   1827a799-9b5f-4082-b7c2-08d693b9fec0       SharePointFileOperation   \n89   ea0dfabe-6ca3-4844-3dd4-08d693ba08e5       SharePointFileOperation   \n91   935acd8c-d863-42ca-e4a0-08d693ba0dc0       SharePointFileOperation   \n84   5a043c42-2b3d-45ac-f185-08d693ba204e       SharePointFileOperation   \n88   648e58df-14f2-49f2-bd80-08d693ba2400       SharePointFileOperation   \n85   ae7d7ace-8fe1-4312-b264-08d693ba247e       SharePointFileOperation   \n87   c2019e59-aba1-4b2a-682d-08d693ba2633       SharePointFileOperation   \n80   36e891b6-7414-46dc-e76f-08d693ba639f                    SharePoint   \n83   18c68639-c938-46de-6e0d-08d693ba6694       SharePointFileOperation   \n82   24133802-d613-4792-d05b-08d693ba6696       SharePointFileOperation   \n81   72db453b-1b99-4d37-3292-08d693ba6699       SharePointFileOperation   \n86   c82f7b30-c6dc-4214-4380-08d693ba67d6       SharePointFileOperation   \n104  d593ad26-d978-409d-2bb5-08d693bae0d4       SharePointFileOperation   \n103  01beef88-e772-4fb7-f05a-08d693bae0d8       SharePointFileOperation   \n102  0c4afb68-27a9-4044-4d83-08d693bae2e8       SharePointFileOperation   \n97   f0cf46cf-23db-4fd9-ee33-08d693baf24e       SharePointFileOperation   \n96   91d7343f-a4ae-44d3-5dfc-08d693baf2fd       SharePointFileOperation   \n98   a02ecb4d-9193-4f52-a22c-08d693baf297       SharePointFileOperation   \n95   5b266285-7633-4362-eb31-08d693baf4e7       SharePointFileOperation   \n101  1eee2dca-752e-4d84-e02a-08d693bb0343       SharePointFileOperation   \n100  579df58a-380c-401a-a274-08d693bb0483       SharePointFileOperation   \n94   89d902e8-26d9-4ff7-8a7e-08d693bb05ac       SharePointFileOperation   \n92   3e9d7170-5ed8-4b45-0ff0-08d693bb1274       SharePointFileOperation   \n93   82a80319-3d31-42a5-9b6d-08d693bb12e1       SharePointFileOperation   \n99   fdc8e70e-83f0-4f40-bd2f-08d693bb130f       SharePointFileOperation   \n68   55d9a7c7-c31b-4865-9436-256252407703  AzureActiveDirectoryStsLogon   \n76   bf8f66bf-8964-4676-bfba-7c317454fcfa  AzureActiveDirectoryStsLogon   \n67   c8466fb6-95f5-4644-9db1-9b0ee471abd4  AzureActiveDirectoryStsLogon   \n58   b799f496-12e2-43e2-0153-08d693c10ec2       SharePointFileOperation   \n31   80843a0e-5f5d-41a3-b3d9-08d693c10ef4       SharePointFileOperation   \n56   43b403d5-150e-49d8-87bb-08d693c10e92       SharePointFileOperation   \n30   b336877e-04c3-4981-3b68-08d693c10f1d                    SharePoint   \n57   1972246f-d5f6-43fc-dadd-08d693c1100a       SharePointFileOperation   \n55   069a9542-bc4f-4850-001f-08d693c11014       SharePointFileOperation   \n54   dc4e9352-915f-4a09-24e5-08d693c10fb8       SharePointFileOperation   \n4    15a0b86e-1d7f-4581-79a9-08d693c111bb       SharePointFileOperation   \n5    0c07c626-95a6-4ddb-1890-08d693c111b9       SharePointFileOperation   \n6    ab389151-c8ee-45ff-b5bd-08d693c111b6       SharePointFileOperation   \n7    9fd6d462-17af-4539-7cbb-08d693c11323       SharePointFileOperation   \n53   709a549c-b747-44c4-dc40-08d693c11cdf       SharePointFileOperation   \n29   c1b5f773-b5bd-4333-4d12-08d693c11d3d       SharePointFileOperation   \n52   b56975a9-1a8f-4c84-dddd-08d693c11e85       SharePointFileOperation   \n28   636946bd-4558-4836-73df-08d693c11eea       SharePointFileOperation   \n51   4620ed55-ea54-4f13-48b9-08d693c11f74       SharePointFileOperation   \n50   1dcf62a7-67d5-49d9-644a-08d693c12054       SharePointFileOperation   \n27   880d1425-bd87-4b6f-57b8-08d693c11fcf       SharePointFileOperation   \n49   e742a1e9-d9e4-4d16-c1e5-08d693c120b3       SharePointFileOperation   \n25   84cbe412-b00e-49ae-4ab6-08d693c120c7       SharePointFileOperation   \n26   d6c655c7-6da5-444b-1352-08d693c1206f       SharePointFileOperation   \n47   675c68e5-b826-4487-7efc-08d693c12153       SharePointFileOperation   \n48   05980b7f-27d0-4086-8390-08d693c120f6       SharePointFileOperation   \n24   83332db6-a62c-4dfd-e57a-08d693c12121       SharePointFileOperation   \n23   7fbff88a-bbf9-4cc0-41bc-08d693c121a0       SharePointFileOperation   \n46   c0924668-e962-49bf-ab30-08d693c12284       SharePointFileOperation   \n22   805770c0-3be4-47f9-5c6d-08d693c122be       SharePointFileOperation   \n45   d5656882-a44f-4919-3d71-08d693c1237a       SharePointFileOperation   \n21   90c5b161-451b-4c88-eb68-08d693c123f1       SharePointFileOperation   \n20   0791c847-475d-48e1-8383-08d693c1246b       SharePointFileOperation   \n44   b08da3cb-5e37-49ce-0c7e-08d693c1244c       SharePointFileOperation   \n43   fcb00b0c-50b7-43ca-2b70-08d693c1250d       SharePointFileOperation   \n19   2e0456e2-c6b2-4e1d-056d-08d693c1252f       SharePointFileOperation   \n42   24c2e6e1-6de5-44bf-bfc7-08d693c125e3       SharePointFileOperation   \n18   4a3fadc6-3635-4542-3727-08d693c12603       SharePointFileOperation   \n41   bc5a4457-b2e4-4b69-18fd-08d693c126bf       SharePointFileOperation   \n17   4cd008e7-98da-48a6-0545-08d693c126f4       SharePointFileOperation   \n40   9a952e38-6fee-456e-4df6-08d693c12755       SharePointFileOperation   \n16   80041b7a-a9ad-41ef-9a60-08d693c127ab       SharePointFileOperation   \n39   30576328-c871-4789-1fa2-08d693c12808       SharePointFileOperation   \n14   cb0ef8e9-fdb3-4429-b7f3-08d693c1288b       SharePointFileOperation   \n15   3d86465e-01a0-4991-94a6-08d693c12846       SharePointFileOperation   \n38   30dff6e4-2199-439a-a544-08d693c1286e       SharePointFileOperation   \n13   31adfd42-cf87-44f0-f084-08d693c128c4       SharePointFileOperation   \n37   7197f34b-8f0c-4ad5-f037-08d693c128ba       SharePointFileOperation   \n36   5a7fb393-eb78-4534-2705-08d693c12913       SharePointFileOperation   \n12   7a80f900-5593-4103-4906-08d693c129a0       SharePointFileOperation   \n35   f8b2d971-651c-44d6-18b5-08d693c12a49       SharePointFileOperation   \n11   769079c4-81b9-4836-76b2-08d693c12ad1       SharePointFileOperation   \n34   fa6f2bac-4628-452d-e48e-08d693c12b1a       SharePointFileOperation   \n3    8e4239eb-d72b-4d33-2ca2-08d693c12b16       SharePointFileOperation   \n10   25c2f107-0a63-4734-e0d6-08d693c12bde       SharePointFileOperation   \n33   d5282c43-9c29-4e5f-71e8-08d693c12c6d       SharePointFileOperation   \n9    3d6e67d1-d61f-4db0-772d-08d693c12c96       SharePointFileOperation   \n8    75d9efdb-8c13-4c4a-734c-08d693c12cd4       SharePointFileOperation   \n2    464fb121-5147-4b1a-f34a-08d693c12c82       SharePointFileOperation   \n32   c4d63cf4-c616-41cd-bcdc-08d693c12cb9       SharePointFileOperation   \n1    2f2a649f-51f1-4734-52d7-08d693c12cc3       SharePointFileOperation   \n\n          TimeGenerated             Operation  \\\n90  2019-02-16 02:53:57          FileUploaded   \n89  2019-02-16 02:54:14          FileAccessed   \n91  2019-02-16 02:54:22          FileModified   \n84  2019-02-16 02:54:53          FileModified   \n88  2019-02-16 02:54:59          FileUploaded   \n85  2019-02-16 02:55:00          FileAccessed   \n87  2019-02-16 02:55:03        FileDownloaded   \n80  2019-02-16 02:56:46            PageViewed   \n83  2019-02-16 02:56:51          FileAccessed   \n82  2019-02-16 02:56:51          FileAccessed   \n81  2019-02-16 02:56:51          FileAccessed   \n86  2019-02-16 02:56:53          FileAccessed   \n104 2019-02-16 03:00:16          FileUploaded   \n103 2019-02-16 03:00:16          FileAccessed   \n102 2019-02-16 03:00:19          FileModified   \n97  2019-02-16 03:00:45  FileModifiedExtended   \n96  2019-02-16 03:00:46          FileAccessed   \n98  2019-02-16 03:00:46          FileUploaded   \n95  2019-02-16 03:00:50        FileDownloaded   \n101 2019-02-16 03:01:14          FileUploaded   \n100 2019-02-16 03:01:16          FileAccessed   \n94  2019-02-16 03:01:18          FileModified   \n92  2019-02-16 03:01:39  FileModifiedExtended   \n93  2019-02-16 03:01:40          FileUploaded   \n99  2019-02-16 03:01:40          FileAccessed   \n68  2019-02-16 03:43:14       UserLoginFailed   \n76  2019-02-16 03:43:25       UserLoginFailed   \n67  2019-02-16 03:43:50       UserLoginFailed   \n58  2019-02-16 03:44:30         FilePreviewed   \n31  2019-02-16 03:44:30         FilePreviewed   \n56  2019-02-16 03:44:30         FilePreviewed   \n30  2019-02-16 03:44:31            PageViewed   \n57  2019-02-16 03:44:32         FilePreviewed   \n55  2019-02-16 03:44:32         FilePreviewed   \n54  2019-02-16 03:44:32         FilePreviewed   \n4   2019-02-16 03:44:35          FileAccessed   \n5   2019-02-16 03:44:35          FileAccessed   \n6   2019-02-16 03:44:35          FileAccessed   \n7   2019-02-16 03:44:37          FileAccessed   \n53  2019-02-16 03:44:54        FileDownloaded   \n29  2019-02-16 03:44:54        FileDownloaded   \n52  2019-02-16 03:44:56        FileDownloaded   \n28  2019-02-16 03:44:57        FileDownloaded   \n51  2019-02-16 03:44:58        FileDownloaded   \n50  2019-02-16 03:44:59        FileDownloaded   \n27  2019-02-16 03:44:59        FileDownloaded   \n49  2019-02-16 03:45:00        FileDownloaded   \n25  2019-02-16 03:45:00        FileDownloaded   \n26  2019-02-16 03:45:00        FileDownloaded   \n47  2019-02-16 03:45:01        FileDownloaded   \n48  2019-02-16 03:45:01        FileDownloaded   \n24  2019-02-16 03:45:01        FileDownloaded   \n23  2019-02-16 03:45:02        FileDownloaded   \n46  2019-02-16 03:45:03        FileDownloaded   \n22  2019-02-16 03:45:04        FileDownloaded   \n45  2019-02-16 03:45:05        FileDownloaded   \n21  2019-02-16 03:45:06        FileDownloaded   \n20  2019-02-16 03:45:06        FileDownloaded   \n44  2019-02-16 03:45:06        FileDownloaded   \n43  2019-02-16 03:45:07        FileDownloaded   \n19  2019-02-16 03:45:08        FileDownloaded   \n42  2019-02-16 03:45:09        FileDownloaded   \n18  2019-02-16 03:45:09        FileDownloaded   \n41  2019-02-16 03:45:10        FileDownloaded   \n17  2019-02-16 03:45:11        FileDownloaded   \n40  2019-02-16 03:45:11        FileDownloaded   \n16  2019-02-16 03:45:12        FileDownloaded   \n39  2019-02-16 03:45:12        FileDownloaded   \n14  2019-02-16 03:45:13        FileDownloaded   \n15  2019-02-16 03:45:13        FileDownloaded   \n38  2019-02-16 03:45:13        FileDownloaded   \n13  2019-02-16 03:45:14        FileDownloaded   \n37  2019-02-16 03:45:14        FileDownloaded   \n36  2019-02-16 03:45:14        FileDownloaded   \n12  2019-02-16 03:45:15        FileDownloaded   \n35  2019-02-16 03:45:16        FileDownloaded   \n11  2019-02-16 03:45:17        FileDownloaded   \n34  2019-02-16 03:45:18        FileDownloaded   \n3   2019-02-16 03:45:18        FileDownloaded   \n10  2019-02-16 03:45:19        FileDownloaded   \n33  2019-02-16 03:45:20        FileDownloaded   \n9   2019-02-16 03:45:20        FileDownloaded   \n8   2019-02-16 03:45:20        FileDownloaded   \n2   2019-02-16 03:45:20        FileDownloaded   \n32  2019-02-16 03:45:20        FileDownloaded   \n1   2019-02-16 03:45:20        FileDownloaded   \n\n                           OrganizationId UserType  \\\n90   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n89   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n91   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n84   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n88   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n85   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n87   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n80   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n83   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n82   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n81   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n86   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n104  aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n103  aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n102  aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n97   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n96   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n98   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n95   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n101  aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n100  aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n94   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n92   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n93   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n99   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n68   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n76   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n67   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n58   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n31   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n56   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n30   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n57   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n55   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n54   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n4    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n5    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n6    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n7    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n53   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n29   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n52   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n28   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n51   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n50   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n27   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n49   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n25   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n26   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n47   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n48   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n24   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n23   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n46   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n22   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n45   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n21   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n20   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n44   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n43   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n19   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n42   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n18   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n41   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n17   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n40   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n16   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n39   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n14   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n15   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n38   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n13   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n37   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n36   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n12   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n35   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n11   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n34   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n3    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n10   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n33   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n9    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n8    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n2    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n32   aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n1    aa46238d-13fc-4314-8f0c-94044435adb1  Regular   \n\n                                          UserKey   AppResourceProvider  \\\n90    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n89    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n91    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n84    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n88    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n85    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n87    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n80    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n83    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n82    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n81    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n86    i:0h.f|membership|100320003b5602fc@live.com            SharePoint   \n104   i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n103   i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n102   i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n97    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n96    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n98    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n95    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n101   i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n100   i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n94    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n92    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n93    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n99    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n68   100320003B5602FC@m365x054215.onmicrosoft.com  AzureActiveDirectory   \n76   100320003B5602FC@m365x054215.onmicrosoft.com  AzureActiveDirectory   \n67   100320003B5602FC@m365x054215.onmicrosoft.com  AzureActiveDirectory   \n58    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n31    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n56    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n30    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n57    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n55    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n54    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n4     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n5     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n6     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n7     i:0h.f|membership|100320003b5602fc@live.com            SharePoint   \n53    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n29    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n52    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n28    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n51    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n50    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n27    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n49    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n25    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n26    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n47    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n48    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n24    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n23    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n46    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n22    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n45    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n21    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n20    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n44    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n43    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n19    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n42    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n18    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n41    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n17    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n40    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n16    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n39    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n14    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n15    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n38    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n13    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n37    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n36    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n12    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n35    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n11    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n34    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n3     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n10    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n33    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n9     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n8     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n2     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n32    i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n1     i:0h.f|membership|100320003b5602fc@live.com              OneDrive   \n\n    ResultStatus  \\\n90                 \n89                 \n91                 \n84                 \n88                 \n85                 \n87                 \n80                 \n83                 \n82                 \n81                 \n86                 \n104                \n103                \n102                \n97                 \n96                 \n98                 \n95                 \n101                \n100                \n94                 \n92                 \n93                 \n99                 \n68        Failed   \n76        Failed   \n67        Failed   \n58                 \n31                 \n56                 \n30                 \n57                 \n55                 \n54                 \n4                  \n5                  \n6                  \n7                  \n53                 \n29                 \n52                 \n28                 \n51                 \n50                 \n27                 \n49                 \n25                 \n26                 \n47                 \n48                 \n24                 \n23                 \n46                 \n22                 \n45                 \n21                 \n20                 \n44                 \n43                 \n19                 \n42                 \n18                 \n41                 \n17                 \n40                 \n16                 \n39                 \n14                 \n15                 \n38                 \n13                 \n37                 \n36                 \n12                 \n35                 \n11                 \n34                 \n3                  \n10                 \n33                 \n9                  \n8                  \n2                  \n32                 \n1                  \n\n                                                                                              ResourceId  \\\n90   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n89   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n91   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n84   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n88   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...   \n85   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...   \n87   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...   \n80   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/_layouts/15/oned...   \n83   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...   \n82   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...   \n81   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...   \n86   https://m365x054215-my.sharepoint.com/User Photos/Profile Pictures/ianh_m365x054215_onmicrosoft_...   \n104  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n103  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n102  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n97   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n96   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...   \n98   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...   \n95   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...   \n101  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx   \n100  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx   \n94   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx   \n92   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx   \n93   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget...   \n99   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget...   \n68                                                                  00000002-0000-0000-c000-000000000000   \n76                                                                  00000002-0000-0000-c000-000000000000   \n67                                                                  00000002-0000-0000-c000-000000000000   \n58   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...   \n31   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n56   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n30   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/_layouts/15/oned...   \n57   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n55   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...   \n54   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n4    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...   \n5    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...   \n6    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/...   \n7    https://m365x054215-my.sharepoint.com/User Photos/Profile Pictures/ianh_m365x054215_onmicrosoft_...   \n53   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx   \n29   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n52   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n28   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n51   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n50   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n27   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n49   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n25   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n26   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n47   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n48   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n24   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n23   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n46   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n22   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n45   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n21   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n20   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n44   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n43   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n19   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n42   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n18   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n41   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n17   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n40   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n16   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n39   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n14   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n15   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n38   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n13   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n37   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n36   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n12   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n35   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n11   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n34   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n3    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n10   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n33   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n9    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n8    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ...   \n2    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget...   \n32   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume...   \n1    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend...   \n\n                               UserId        IPAddress  \\\n90   ianh@m365x054215.onmicrosoft.com   20.190.133.114   \n89   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n91   ianh@m365x054215.onmicrosoft.com    40.81.158.170   \n84   ianh@m365x054215.onmicrosoft.com     40.81.159.43   \n88   ianh@m365x054215.onmicrosoft.com    40.81.159.203   \n85   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n87   ianh@m365x054215.onmicrosoft.com    40.81.159.203   \n80   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n83   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n82   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n81   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n86   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n104  ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n103  ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n102  ianh@m365x054215.onmicrosoft.com    40.81.158.170   \n97   ianh@m365x054215.onmicrosoft.com     40.81.159.43   \n96   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n98   ianh@m365x054215.onmicrosoft.com    40.81.159.166   \n95   ianh@m365x054215.onmicrosoft.com    40.81.159.203   \n101  ianh@m365x054215.onmicrosoft.com   20.190.133.115   \n100  ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n94   ianh@m365x054215.onmicrosoft.com    40.81.126.127   \n92   ianh@m365x054215.onmicrosoft.com    40.81.126.127   \n93   ianh@m365x054215.onmicrosoft.com    40.81.126.127   \n99   ianh@m365x054215.onmicrosoft.com  131.107.147.209   \n68   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n76   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n67   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n58   ianh@m365x054215.onmicrosoft.com    20.190.140.50   \n31   ianh@m365x054215.onmicrosoft.com    20.190.140.50   \n56   ianh@m365x054215.onmicrosoft.com    20.190.140.50   \n30   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n57   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n55   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n54   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n4    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n5    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n6    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n7    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n53   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n29   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n52   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n28   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n51   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n50   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n27   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n49   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n25   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n26   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n47   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n48   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n24   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n23   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n46   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n22   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n45   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n21   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n20   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n44   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n43   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n19   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n42   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n18   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n41   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n17   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n40   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n16   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n39   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n14   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n15   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n38   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n13   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n37   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n36   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n12   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n35   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n11   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n34   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n3    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n10   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n33   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n9    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n8    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n2    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n32   ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n1    ianh@m365x054215.onmicrosoft.com     23.97.60.214   \n\n                                    Site_ ItemType EventSource Source_Name  \\\n90   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n89   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n91   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n84   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n88   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n85   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n87   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n80   4f96a3b3-f5ae-4706-af77-7984baf27d79     Page  SharePoint               \n83   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n82   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n81   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n86   94823fb0-11d5-4424-b933-8663eafa73a3     File  SharePoint               \n104  4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n103  4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n102  4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n97   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n96   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n98   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n95   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n101  4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n100  4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n94   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n92   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n93   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n99   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n68                                                                           \n76                                                                           \n67                                                                           \n58   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n31   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n56   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n30   4f96a3b3-f5ae-4706-af77-7984baf27d79     Page  SharePoint               \n57   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n55   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n54   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n4    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n5    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n6    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n7    94823fb0-11d5-4424-b933-8663eafa73a3     File  SharePoint               \n53   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n29   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n52   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n28   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n51   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n50   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n27   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n49   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n25   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n26   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n47   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n48   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n24   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n23   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n46   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n22   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n45   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n21   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n20   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n44   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n43   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n19   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n42   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n18   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n41   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n17   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n40   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n16   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n39   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n14   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n15   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n38   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n13   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n37   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n36   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n12   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n35   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n11   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n34   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n3    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n10   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n33   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n9    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n8    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n2    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n32   4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n1    4f96a3b3-f5ae-4706-af77-7984baf27d79     File  SharePoint               \n\n                                                                                               UserAgent  \\\n90   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n89   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n91                                                                                                 MSWAC   \n84                                                                                                 MSWAC   \n88                                                                                                 MSWAC   \n85   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n87                                                                                                 MSWAC   \n80   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n83   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n82   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n81   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n86   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n104  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n103  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n102                                                                                                MSWAC   \n97                                                                                                 MSWAC   \n96   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n98                                                                                                 MSWAC   \n95                                                                                                 MSWAC   \n101  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n100  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n94                                                                                                 MSWAC   \n92                                                                                                 MSWAC   \n93                                                                                                 MSWAC   \n99   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328...   \n68                                                                                                         \n76                                                                                                         \n67                                                                                                         \n58   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n31   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n56   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n30   Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n57                                                                                       OneDriveMpc/1.0   \n55                                                                                       OneDriveMpc/1.0   \n54                                                                                       OneDriveMpc/1.0   \n4    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n5    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n6    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n7    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316...   \n53                                                                                       OneDriveMpc/1.0   \n29                                                                                       OneDriveMpc/1.0   \n52                                                                                       OneDriveMpc/1.0   \n28                                                                                       OneDriveMpc/1.0   \n51                                                                                       OneDriveMpc/1.0   \n50                                                                                       OneDriveMpc/1.0   \n27                                                                                       OneDriveMpc/1.0   \n49                                                                                       OneDriveMpc/1.0   \n25                                                                                       OneDriveMpc/1.0   \n26                                                                                       OneDriveMpc/1.0   \n47                                                                                       OneDriveMpc/1.0   \n48                                                                                       OneDriveMpc/1.0   \n24                                                                                       OneDriveMpc/1.0   \n23                                                                                       OneDriveMpc/1.0   \n46                                                                                       OneDriveMpc/1.0   \n22                                                                                       OneDriveMpc/1.0   \n45                                                                                       OneDriveMpc/1.0   \n21                                                                                       OneDriveMpc/1.0   \n20                                                                                       OneDriveMpc/1.0   \n44                                                                                       OneDriveMpc/1.0   \n43                                                                                       OneDriveMpc/1.0   \n19                                                                                       OneDriveMpc/1.0   \n42                                                                                       OneDriveMpc/1.0   \n18                                                                                       OneDriveMpc/1.0   \n41                                                                                       OneDriveMpc/1.0   \n17                                                                                       OneDriveMpc/1.0   \n40                                                                                       OneDriveMpc/1.0   \n16                                                                                       OneDriveMpc/1.0   \n39                                                                                       OneDriveMpc/1.0   \n14                                                                                       OneDriveMpc/1.0   \n15                                                                                       OneDriveMpc/1.0   \n38                                                                                       OneDriveMpc/1.0   \n13                                                                                       OneDriveMpc/1.0   \n37                                                                                       OneDriveMpc/1.0   \n36                                                                                       OneDriveMpc/1.0   \n12                                                                                       OneDriveMpc/1.0   \n35                                                                                       OneDriveMpc/1.0   \n11                                                                                       OneDriveMpc/1.0   \n34                                                                                       OneDriveMpc/1.0   \n3                                                                                        OneDriveMpc/1.0   \n10                                                                                       OneDriveMpc/1.0   \n33                                                                                       OneDriveMpc/1.0   \n9                                                                                        OneDriveMpc/1.0   \n8                                                                                        OneDriveMpc/1.0   \n2                                                                                        OneDriveMpc/1.0   \n32                                                                                       OneDriveMpc/1.0   \n1                                                                                        OneDriveMpc/1.0   \n\n    MachineDomainInfo MachineId  \\\n90                                \n89                                \n91                                \n84                                \n88                                \n85                                \n87                                \n80                                \n83                                \n82                                \n81                                \n86                                \n104                               \n103                               \n102                               \n97                                \n96                                \n98                                \n95                                \n101                               \n100                               \n94                                \n92                                \n93                                \n99                                \n68                                \n76                                \n67                                \n58                                \n31                                \n56                                \n30                                \n57                                \n55                                \n54                                \n4                                 \n5                                 \n6                                 \n7                                 \n53                                \n29                                \n52                                \n28                                \n51                                \n50                                \n27                                \n49                                \n25                                \n26                                \n47                                \n48                                \n24                                \n23                                \n46                                \n22                                \n45                                \n21                                \n20                                \n44                                \n43                                \n19                                \n42                                \n18                                \n41                                \n17                                \n40                                \n16                                \n39                                \n14                                \n15                                \n38                                \n13                                \n37                                \n36                                \n12                                \n35                                \n11                                \n34                                \n3                                 \n10                                \n33                                \n9                                 \n8                                 \n2                                 \n32                                \n1                                 \n\n                                                                             Site_Url  \\\n90   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n89   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n91   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n84   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n88   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n85   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n87   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n80                                                                                      \n83   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n82   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n81   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n86                                             https://m365x054215-my.sharepoint.com/   \n104  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n103  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n102  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n97   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n96   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n98   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n95   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n101  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n100  https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n94   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n92   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n93   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n99   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n68                                                                                      \n76                                                                                      \n67                                                                                      \n58   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n31   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n56   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n30                                                                                      \n57   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n55   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n54   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n4    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n5    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n6    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n7                                              https://m365x054215-my.sharepoint.com/   \n53   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n29   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n52   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n28   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n51   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n50   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n27   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n49   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n25   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n26   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n47   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n48   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n24   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n23   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n46   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n22   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n45   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n21   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n20   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n44   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n43   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n19   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n42   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n18   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n41   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n17   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n40   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n16   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n39   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n14   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n15   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n38   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n13   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n37   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n36   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n12   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n35   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n11   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n34   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n3    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n10   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n33   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n9    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n8    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n2    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n32   https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n1    https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/   \n\n                                 SourceRelativeUrl  \\\n90                                       Documents   \n89                                       Documents   \n91                                       Documents   \n84                                       Documents   \n88                                       Documents   \n85                                       Documents   \n87                                       Documents   \n80                                                   \n83                                 Documents/Forms   \n82                                 Documents/Forms   \n81                                 Documents/Forms   \n86                    User Photos/Profile Pictures   \n104                                      Documents   \n103                                      Documents   \n102                                      Documents   \n97                                       Documents   \n96                                       Documents   \n98                                       Documents   \n95                                       Documents   \n101                                      Documents   \n100                                      Documents   \n94                                       Documents   \n92                                       Documents   \n93                                       Documents   \n99                                       Documents   \n68                                                   \n76                                                   \n67                                                   \n58                                       Documents   \n31                                       Documents   \n56                                       Documents   \n30                                                   \n57                                       Documents   \n55                                       Documents   \n54                                       Documents   \n4                                  Documents/Forms   \n5                                  Documents/Forms   \n6                                  Documents/Forms   \n7                     User Photos/Profile Pictures   \n53                                       Documents   \n29                     Documents/Documents/Absynth   \n52                     Documents/Documents/Absynth   \n28                     Documents/Documents/Absynth   \n51                     Documents/Documents/Absynth   \n50                     Documents/Documents/Absynth   \n27                     Documents/Documents/Absynth   \n49                     Documents/Documents/Absynth   \n25                     Documents/Documents/Absynth   \n26                     Documents/Documents/Absynth   \n47                     Documents/Documents/Manuals   \n48                     Documents/Documents/Absynth   \n24                     Documents/Documents/Manuals   \n23                     Documents/Documents/Manuals   \n46                     Documents/Documents/Manuals   \n22                     Documents/Documents/Manuals   \n45                     Documents/Documents/Manuals   \n21                     Documents/Documents/Massive   \n20   Documents/Documents/Massive/License Agreement   \n44   Documents/Documents/Massive/License Agreement   \n43   Documents/Documents/Massive/License Agreement   \n19   Documents/Documents/Massive/License Agreement   \n42   Documents/Documents/Massive/License Agreement   \n18   Documents/Documents/Massive/License Agreement   \n41                     Documents/Documents/Massive   \n17                     Documents/Documents/Massive   \n40                     Documents/Documents/Massive   \n16                     Documents/Documents/Massive   \n39                     Documents/Documents/Massive   \n14                     Documents/Documents/Massive   \n15                     Documents/Documents/Massive   \n38                     Documents/Documents/Massive   \n13                     Documents/Documents/Massive   \n37                     Documents/Documents/Massive   \n36                     Documents/Documents/Massive   \n12                     Documents/Documents/Massive   \n35                     Documents/Documents/Massive   \n11                     Documents/Documents/Massive   \n34                     Documents/Documents/Massive   \n3                      Documents/Documents/Massive   \n10                     Documents/Documents/Massive   \n33                     Documents/Documents/Massive   \n9                                        Documents   \n8                                        Documents   \n2                                        Documents   \n32                                       Documents   \n1                                        Documents   \n\n                                  SourceFileName SourceFileExtension  \\\n90                                 Document.docx                docx   \n89                                 Document.docx                docx   \n91                                 Document.docx                docx   \n84                                 Document.docx                docx   \n88                     Terms and Conditions.docx                docx   \n85                     Terms and Conditions.docx                docx   \n87                     Terms and Conditions.docx                docx   \n80                                                                     \n83                                   Upload.aspx                aspx   \n82                                 EditForm.aspx                aspx   \n81                                 DispForm.aspx                aspx   \n86   ianh_m365x054215_onmicrosoft_com_SThumb.jpg                 jpg   \n104                               Document1.docx                docx   \n103                               Document1.docx                docx   \n102                               Document1.docx                docx   \n97                                Document1.docx                docx   \n96                           Extended Terms.docx                docx   \n98                           Extended Terms.docx                docx   \n95                           Extended Terms.docx                docx   \n101                                    Book.xlsx                xlsx   \n100                                    Book.xlsx                xlsx   \n94                                     Book.xlsx                xlsx   \n92                                     Book.xlsx                xlsx   \n93                              Budget 2019.xlsx                xlsx   \n99                              Budget 2019.xlsx                xlsx   \n68                                                                     \n76                                                                     \n67                                                                     \n58                     Terms and Conditions.docx                docx   \n31                                 Document.docx                docx   \n56                                Document1.docx                docx   \n30                                                                     \n57                                 Document.docx                docx   \n55                     Terms and Conditions.docx                docx   \n54                                Document1.docx                docx   \n4                                  DispForm.aspx                aspx   \n5                                  EditForm.aspx                aspx   \n6                                    Upload.aspx                aspx   \n7    ianh_m365x054215_onmicrosoft_com_SThumb.jpg                 jpg   \n53                                     Book.xlsx                xlsx   \n29         Absynth 5 Getting Started English.pdf                 pdf   \n52          Absynth 5 Getting Started French.pdf                 pdf   \n28          Absynth 5 Getting Started German.pdf                 pdf   \n51        Absynth 5 Getting Started Japanese.pdf                 pdf   \n50         Absynth 5 Manual Addendum English.pdf                 pdf   \n27         Absynth 5 Getting Started Spanish.pdf                 pdf   \n49          Absynth 5 Manual Addendum German.pdf                 pdf   \n25        Absynth 5 Manual Addendum Japanese.pdf                 pdf   \n26          Absynth 5 Manual Addendum French.pdf                 pdf   \n47              Nakamichi_480_service_manual.pdf                 pdf   \n48         Absynth 5 Manual Addendum Spanish.pdf                 pdf   \n24                        MAudio-KS61ES_EN01.pdf                 pdf   \n23              Nakamichi_480_service_manual.pdf                 pdf   \n46            Nakamichi_CDP-2_service_manual.pdf                 pdf   \n22            Nakamichi_CDP-2_service_manual.pdf                 pdf   \n45             Nakamichi_CR-3_service_manual.pdf                 pdf   \n21     Massive 1.1.4 Manual Addendum English.pdf                 pdf   \n20           EULA Native Instruments deutsch.rtf                 rtf   \n44           EULA Native Instruments deutsch.rtf                 rtf   \n43           EULA Native Instruments English.rtf                 rtf   \n19           EULA Native Instruments English.rtf                 rtf   \n42          EULA Native Instruments Japanese.rtf                 rtf   \n18          EULA Native Instruments Japanese.rtf                 rtf   \n41           Massive Getting Started English.pdf                 pdf   \n17            Massive Getting Started French.pdf                 pdf   \n40            Massive Getting Started German.pdf                 pdf   \n16          Massive Getting Started Japanese.pdf                 pdf   \n39           Massive Getting Started Spanish.pdf                 pdf   \n14            Massive Manual Addendum German.pdf                 pdf   \n15           Massive Manual Addendum English.pdf                 pdf   \n38            Massive Manual Addendum French.pdf                 pdf   \n13           Massive Manual Addendum Spanish.pdf                 pdf   \n37          Massive Manual Addendum Japanese.pdf                 pdf   \n36                    Massive Manual English.pdf                 pdf   \n12                     Massive Manual French.pdf                 pdf   \n35                     Massive Manual German.pdf                 pdf   \n11                   Massive Manual Japanese.pdf                 pdf   \n34                   Massive Manual Japanese.pdf                 pdf   \n3                    Massive Manual Japanese.pdf                 pdf   \n10                    Massive Manual Spanish.pdf                 pdf   \n33                                    Readme.txt                 txt   \n9                                  Document.docx                docx   \n8                      Terms and Conditions.docx                docx   \n2                               Budget 2019.xlsx                xlsx   \n32                                Document1.docx                docx   \n1                            Extended Terms.docx                docx   \n\n    DestinationRelativeUrl DestinationFileName  ... LoginStatus UserDomain  \\\n90                                              ...         NaN              \n89                                              ...         NaN              \n91                                              ...         NaN              \n84                                              ...         NaN              \n88                                              ...         NaN              \n85                                              ...         NaN              \n87                                              ...         NaN              \n80                                              ...         NaN              \n83                                              ...         NaN              \n82                                              ...         NaN              \n81                                              ...         NaN              \n86                                              ...         NaN              \n104                                             ...         NaN              \n103                                             ...         NaN              \n102                                             ...         NaN              \n97                                              ...         NaN              \n96                                              ...         NaN              \n98                                              ...         NaN              \n95                                              ...         NaN              \n101                                             ...         NaN              \n100                                             ...         NaN              \n94                                              ...         NaN              \n92                                              ...         NaN              \n93                                              ...         NaN              \n99                                              ...         NaN              \n68                                              ...         NaN              \n76                                              ...         NaN              \n67                                              ...         NaN              \n58                                              ...         NaN              \n31                                              ...         NaN              \n56                                              ...         NaN              \n30                                              ...         NaN              \n57                                              ...         NaN              \n55                                              ...         NaN              \n54                                              ...         NaN              \n4                                               ...         NaN              \n5                                               ...         NaN              \n6                                               ...         NaN              \n7                                               ...         NaN              \n53                                              ...         NaN              \n29                                              ...         NaN              \n52                                              ...         NaN              \n28                                              ...         NaN              \n51                                              ...         NaN              \n50                                              ...         NaN              \n27                                              ...         NaN              \n49                                              ...         NaN              \n25                                              ...         NaN              \n26                                              ...         NaN              \n47                                              ...         NaN              \n48                                              ...         NaN              \n24                                              ...         NaN              \n23                                              ...         NaN              \n46                                              ...         NaN              \n22                                              ...         NaN              \n45                                              ...         NaN              \n21                                              ...         NaN              \n20                                              ...         NaN              \n44                                              ...         NaN              \n43                                              ...         NaN              \n19                                              ...         NaN              \n42                                              ...         NaN              \n18                                              ...         NaN              \n41                                              ...         NaN              \n17                                              ...         NaN              \n40                                              ...         NaN              \n16                                              ...         NaN              \n39                                              ...         NaN              \n14                                              ...         NaN              \n15                                              ...         NaN              \n38                                              ...         NaN              \n13                                              ...         NaN              \n37                                              ...         NaN              \n36                                              ...         NaN              \n12                                              ...         NaN              \n35                                              ...         NaN              \n11                                              ...         NaN              \n34                                              ...         NaN              \n3                                               ...         NaN              \n10                                              ...         NaN              \n33                                              ...         NaN              \n9                                               ...         NaN              \n8                                               ...         NaN              \n2                                               ...         NaN              \n32                                              ...         NaN              \n1                                               ...         NaN              \n\n                                                                                                   Actor  \\\n90                                                                                                         \n89                                                                                                         \n91                                                                                                         \n84                                                                                                         \n88                                                                                                         \n85                                                                                                         \n87                                                                                                         \n80                                                                                                         \n83                                                                                                         \n82                                                                                                         \n81                                                                                                         \n86                                                                                                         \n104                                                                                                        \n103                                                                                                        \n102                                                                                                        \n97                                                                                                         \n96                                                                                                         \n98                                                                                                         \n95                                                                                                         \n101                                                                                                        \n100                                                                                                        \n94                                                                                                         \n92                                                                                                         \n93                                                                                                         \n99                                                                                                         \n68   [\\r\\n  {\\r\\n    \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n    \"Type\": 0\\r\\n  },\\r\\n  {\\r\\...   \n76   [\\r\\n  {\\r\\n    \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n    \"Type\": 0\\r\\n  },\\r\\n  {\\r\\...   \n67   [\\r\\n  {\\r\\n    \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n    \"Type\": 0\\r\\n  },\\r\\n  {\\r\\...   \n58                                                                                                         \n31                                                                                                         \n56                                                                                                         \n30                                                                                                         \n57                                                                                                         \n55                                                                                                         \n54                                                                                                         \n4                                                                                                          \n5                                                                                                          \n6                                                                                                          \n7                                                                                                          \n53                                                                                                         \n29                                                                                                         \n52                                                                                                         \n28                                                                                                         \n51                                                                                                         \n50                                                                                                         \n27                                                                                                         \n49                                                                                                         \n25                                                                                                         \n26                                                                                                         \n47                                                                                                         \n48                                                                                                         \n24                                                                                                         \n23                                                                                                         \n46                                                                                                         \n22                                                                                                         \n45                                                                                                         \n21                                                                                                         \n20                                                                                                         \n44                                                                                                         \n43                                                                                                         \n19                                                                                                         \n42                                                                                                         \n18                                                                                                         \n41                                                                                                         \n17                                                                                                         \n40                                                                                                         \n16                                                                                                         \n39                                                                                                         \n14                                                                                                         \n15                                                                                                         \n38                                                                                                         \n13                                                                                                         \n37                                                                                                         \n36                                                                                                         \n12                                                                                                         \n35                                                                                                         \n11                                                                                                         \n34                                                                                                         \n3                                                                                                          \n10                                                                                                         \n33                                                                                                         \n9                                                                                                          \n8                                                                                                          \n2                                                                                                          \n32                                                                                                         \n1                                                                                                          \n\n                           ActorContextId ActorIpAddress  \\\n90                                                         \n89                                                         \n91                                                         \n84                                                         \n88                                                         \n85                                                         \n87                                                         \n80                                                         \n83                                                         \n82                                                         \n81                                                         \n86                                                         \n104                                                        \n103                                                        \n102                                                        \n97                                                         \n96                                                         \n98                                                         \n95                                                         \n101                                                        \n100                                                        \n94                                                         \n92                                                         \n93                                                         \n99                                                         \n68   aa46238d-13fc-4314-8f0c-94044435adb1   23.97.60.214   \n76   aa46238d-13fc-4314-8f0c-94044435adb1   23.97.60.214   \n67   aa46238d-13fc-4314-8f0c-94044435adb1   23.97.60.214   \n58                                                         \n31                                                         \n56                                                         \n30                                                         \n57                                                         \n55                                                         \n54                                                         \n4                                                          \n5                                                          \n6                                                          \n7                                                          \n53                                                         \n29                                                         \n52                                                         \n28                                                         \n51                                                         \n50                                                         \n27                                                         \n49                                                         \n25                                                         \n26                                                         \n47                                                         \n48                                                         \n24                                                         \n23                                                         \n46                                                         \n22                                                         \n45                                                         \n21                                                         \n20                                                         \n44                                                         \n43                                                         \n19                                                         \n42                                                         \n18                                                         \n41                                                         \n17                                                         \n40                                                         \n16                                                         \n39                                                         \n14                                                         \n15                                                         \n38                                                         \n13                                                         \n37                                                         \n36                                                         \n12                                                         \n35                                                         \n11                                                         \n34                                                         \n3                                                          \n10                                                         \n33                                                         \n9                                                          \n8                                                          \n2                                                          \n32                                                         \n1                                                          \n\n                           InterSystemsId  \\\n90                                          \n89                                          \n91                                          \n84                                          \n88                                          \n85                                          \n87                                          \n80                                          \n83                                          \n82                                          \n81                                          \n86                                          \n104                                         \n103                                         \n102                                         \n97                                          \n96                                          \n98                                          \n95                                          \n101                                         \n100                                         \n94                                          \n92                                          \n93                                          \n99                                          \n68   c3d42f80-984c-49e4-84d4-accb5a5a825f   \n76   c3d42f80-984c-49e4-84d4-accb5a5a825f   \n67   c3d42f80-984c-49e4-84d4-accb5a5a825f   \n58                                          \n31                                          \n56                                          \n30                                          \n57                                          \n55                                          \n54                                          \n4                                           \n5                                           \n6                                           \n7                                           \n53                                          \n29                                          \n52                                          \n28                                          \n51                                          \n50                                          \n27                                          \n49                                          \n25                                          \n26                                          \n47                                          \n48                                          \n24                                          \n23                                          \n46                                          \n22                                          \n45                                          \n21                                          \n20                                          \n44                                          \n43                                          \n19                                          \n42                                          \n18                                          \n41                                          \n17                                          \n40                                          \n16                                          \n39                                          \n14                                          \n15                                          \n38                                          \n13                                          \n37                                          \n36                                          \n12                                          \n35                                          \n11                                          \n34                                          \n3                                           \n10                                          \n33                                          \n9                                           \n8                                           \n2                                           \n32                                          \n1                                           \n\n                            IntraSystemId SupportTicketId  \\\n90                                                          \n89                                                          \n91                                                          \n84                                                          \n88                                                          \n85                                                          \n87                                                          \n80                                                          \n83                                                          \n82                                                          \n81                                                          \n86                                                          \n104                                                         \n103                                                         \n102                                                         \n97                                                          \n96                                                          \n98                                                          \n95                                                          \n101                                                         \n100                                                         \n94                                                          \n92                                                          \n93                                                          \n99                                                          \n68   c02218e3-d179-46ac-ac77-c4fd6a320200                   \n76   13b6bf66-c216-4c8c-bcd4-c7761a2e0200                   \n67   919e17a5-9f6c-4bcc-87e5-7bc4a13f0200                   \n58                                                          \n31                                                          \n56                                                          \n30                                                          \n57                                                          \n55                                                          \n54                                                          \n4                                                           \n5                                                           \n6                                                           \n7                                                           \n53                                                          \n29                                                          \n52                                                          \n28                                                          \n51                                                          \n50                                                          \n27                                                          \n49                                                          \n25                                                          \n26                                                          \n47                                                          \n48                                                          \n24                                                          \n23                                                          \n46                                                          \n22                                                          \n45                                                          \n21                                                          \n20                                                          \n44                                                          \n43                                                          \n19                                                          \n42                                                          \n18                                                          \n41                                                          \n17                                                          \n40                                                          \n16                                                          \n39                                                          \n14                                                          \n15                                                          \n38                                                          \n13                                                          \n37                                                          \n36                                                          \n12                                                          \n35                                                          \n11                                                          \n34                                                          \n3                                                           \n10                                                          \n33                                                          \n9                                                           \n8                                                           \n2                                                           \n32                                                          \n1                                                           \n\n                                                                                      AADTarget  \\\n90                                                                                                \n89                                                                                                \n91                                                                                                \n84                                                                                                \n88                                                                                                \n85                                                                                                \n87                                                                                                \n80                                                                                                \n83                                                                                                \n82                                                                                                \n81                                                                                                \n86                                                                                                \n104                                                                                               \n103                                                                                               \n102                                                                                               \n97                                                                                                \n96                                                                                                \n98                                                                                                \n95                                                                                                \n101                                                                                               \n100                                                                                               \n94                                                                                                \n92                                                                                                \n93                                                                                                \n99                                                                                                \n68   [\\r\\n  {\\r\\n    \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n    \"Type\": 0\\r\\n  }\\r\\n]   \n76   [\\r\\n  {\\r\\n    \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n    \"Type\": 0\\r\\n  }\\r\\n]   \n67   [\\r\\n  {\\r\\n    \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n    \"Type\": 0\\r\\n  }\\r\\n]   \n58                                                                                                \n31                                                                                                \n56                                                                                                \n30                                                                                                \n57                                                                                                \n55                                                                                                \n54                                                                                                \n4                                                                                                 \n5                                                                                                 \n6                                                                                                 \n7                                                                                                 \n53                                                                                                \n29                                                                                                \n52                                                                                                \n28                                                                                                \n51                                                                                                \n50                                                                                                \n27                                                                                                \n49                                                                                                \n25                                                                                                \n26                                                                                                \n47                                                                                                \n48                                                                                                \n24                                                                                                \n23                                                                                                \n46                                                                                                \n22                                                                                                \n45                                                                                                \n21                                                                                                \n20                                                                                                \n44                                                                                                \n43                                                                                                \n19                                                                                                \n42                                                                                                \n18                                                                                                \n41                                                                                                \n17                                                                                                \n40                                                                                                \n16                                                                                                \n39                                                                                                \n14                                                                                                \n15                                                                                                \n38                                                                                                \n13                                                                                                \n37                                                                                                \n36                                                                                                \n12                                                                                                \n35                                                                                                \n11                                                                                                \n34                                                                                                \n3                                                                                                 \n10                                                                                                \n33                                                                                                \n9                                                                                                 \n8                                                                                                 \n2                                                                                                 \n32                                                                                                \n1                                                                                                 \n\n                          TargetContextId DataCenterSecurityEventType  \\\n90                                                                NaN   \n89                                                                NaN   \n91                                                                NaN   \n84                                                                NaN   \n88                                                                NaN   \n85                                                                NaN   \n87                                                                NaN   \n80                                                                NaN   \n83                                                                NaN   \n82                                                                NaN   \n81                                                                NaN   \n86                                                                NaN   \n104                                                               NaN   \n103                                                               NaN   \n102                                                               NaN   \n97                                                                NaN   \n96                                                                NaN   \n98                                                                NaN   \n95                                                                NaN   \n101                                                               NaN   \n100                                                               NaN   \n94                                                                NaN   \n92                                                                NaN   \n93                                                                NaN   \n99                                                                NaN   \n68   aa46238d-13fc-4314-8f0c-94044435adb1                         NaN   \n76   aa46238d-13fc-4314-8f0c-94044435adb1                         NaN   \n67   aa46238d-13fc-4314-8f0c-94044435adb1                         NaN   \n58                                                                NaN   \n31                                                                NaN   \n56                                                                NaN   \n30                                                                NaN   \n57                                                                NaN   \n55                                                                NaN   \n54                                                                NaN   \n4                                                                 NaN   \n5                                                                 NaN   \n6                                                                 NaN   \n7                                                                 NaN   \n53                                                                NaN   \n29                                                                NaN   \n52                                                                NaN   \n28                                                                NaN   \n51                                                                NaN   \n50                                                                NaN   \n27                                                                NaN   \n49                                                                NaN   \n25                                                                NaN   \n26                                                                NaN   \n47                                                                NaN   \n48                                                                NaN   \n24                                                                NaN   \n23                                                                NaN   \n46                                                                NaN   \n22                                                                NaN   \n45                                                                NaN   \n21                                                                NaN   \n20                                                                NaN   \n44                                                                NaN   \n43                                                                NaN   \n19                                                                NaN   \n42                                                                NaN   \n18                                                                NaN   \n41                                                                NaN   \n17                                                                NaN   \n40                                                                NaN   \n16                                                                NaN   \n39                                                                NaN   \n14                                                                NaN   \n15                                                                NaN   \n38                                                                NaN   \n13                                                                NaN   \n37                                                                NaN   \n36                                                                NaN   \n12                                                                NaN   \n35                                                                NaN   \n11                                                                NaN   \n34                                                                NaN   \n3                                                                 NaN   \n10                                                                NaN   \n33                                                                NaN   \n9                                                                 NaN   \n8                                                                 NaN   \n2                                                                 NaN   \n32                                                                NaN   \n1                                                                 NaN   \n\n             Start_Time  EffectiveOrganization       ElevationTime  \\\n90  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n89  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n91  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n84  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n88  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n85  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n87  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n80  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n83  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n82  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n81  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n86  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n104 2019-02-16 03:06:18                        2019-02-16 03:06:18   \n103 2019-02-16 03:06:18                        2019-02-16 03:06:18   \n102 2019-02-16 03:06:18                        2019-02-16 03:06:18   \n97  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n96  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n98  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n95  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n101 2019-02-16 03:06:18                        2019-02-16 03:06:18   \n100 2019-02-16 03:06:18                        2019-02-16 03:06:18   \n94  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n92  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n93  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n99  2019-02-16 03:06:18                        2019-02-16 03:06:18   \n68  2019-02-16 04:10:48                        2019-02-16 04:10:48   \n76  2019-02-16 04:10:48                        2019-02-16 04:10:48   \n67  2019-02-16 04:10:48                        2019-02-16 04:10:48   \n58  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n31  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n56  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n30  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n57  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n55  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n54  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n4   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n5   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n6   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n7   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n53  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n29  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n52  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n28  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n51  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n50  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n27  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n49  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n25  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n26  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n47  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n48  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n24  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n23  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n46  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n22  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n45  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n21  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n20  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n44  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n43  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n19  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n42  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n18  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n41  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n17  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n40  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n16  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n39  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n14  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n15  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n38  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n13  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n37  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n36  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n12  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n35  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n11  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n34  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n3   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n10  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n33  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n9   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n8   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n2   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n32  2019-02-16 03:57:58                        2019-02-16 03:57:58   \n1   2019-02-16 03:57:58                        2019-02-16 03:57:58   \n\n    ElevationApprover ElevationApprovedTime ElevationRequestId ElevationRole  \\\n90                                      NaT                                    \n89                                      NaT                                    \n91                                      NaT                                    \n84                                      NaT                                    \n88                                      NaT                                    \n85                                      NaT                                    \n87                                      NaT                                    \n80                                      NaT                                    \n83                                      NaT                                    \n82                                      NaT                                    \n81                                      NaT                                    \n86                                      NaT                                    \n104                                     NaT                                    \n103                                     NaT                                    \n102                                     NaT                                    \n97                                      NaT                                    \n96                                      NaT                                    \n98                                      NaT                                    \n95                                      NaT                                    \n101                                     NaT                                    \n100                                     NaT                                    \n94                                      NaT                                    \n92                                      NaT                                    \n93                                      NaT                                    \n99                                      NaT                                    \n68                                      NaT                                    \n76                                      NaT                                    \n67                                      NaT                                    \n58                                      NaT                                    \n31                                      NaT                                    \n56                                      NaT                                    \n30                                      NaT                                    \n57                                      NaT                                    \n55                                      NaT                                    \n54                                      NaT                                    \n4                                       NaT                                    \n5                                       NaT                                    \n6                                       NaT                                    \n7                                       NaT                                    \n53                                      NaT                                    \n29                                      NaT                                    \n52                                      NaT                                    \n28                                      NaT                                    \n51                                      NaT                                    \n50                                      NaT                                    \n27                                      NaT                                    \n49                                      NaT                                    \n25                                      NaT                                    \n26                                      NaT                                    \n47                                      NaT                                    \n48                                      NaT                                    \n24                                      NaT                                    \n23                                      NaT                                    \n46                                      NaT                                    \n22                                      NaT                                    \n45                                      NaT                                    \n21                                      NaT                                    \n20                                      NaT                                    \n44                                      NaT                                    \n43                                      NaT                                    \n19                                      NaT                                    \n42                                      NaT                                    \n18                                      NaT                                    \n41                                      NaT                                    \n17                                      NaT                                    \n40                                      NaT                                    \n16                                      NaT                                    \n39                                      NaT                                    \n14                                      NaT                                    \n15                                      NaT                                    \n38                                      NaT                                    \n13                                      NaT                                    \n37                                      NaT                                    \n36                                      NaT                                    \n12                                      NaT                                    \n35                                      NaT                                    \n11                                      NaT                                    \n34                                      NaT                                    \n3                                       NaT                                    \n10                                      NaT                                    \n33                                      NaT                                    \n9                                       NaT                                    \n8                                       NaT                                    \n2                                       NaT                                    \n32                                      NaT                                    \n1                                       NaT                                    \n\n    ElevationDuration GenericInfo                              TenantId  \\\n90                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n89                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n91                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n84                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n88                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n85                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n87                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n80                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n83                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n82                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n81                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n86                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n104               NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n103               NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n102               NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n97                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n96                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n98                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n95                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n101               NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n100               NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n94                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n92                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n93                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n99                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n68                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n76                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n67                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n58                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n31                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n56                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n30                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n57                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n55                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n54                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n4                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n5                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n6                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n7                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n53                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n29                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n52                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n28                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n51                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n50                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n27                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n49                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n25                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n26                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n47                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n48                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n24                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n23                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n46                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n22                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n45                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n21                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n20                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n44                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n43                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n19                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n42                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n18                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n41                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n17                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n40                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n16                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n39                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n14                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n15                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n38                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n13                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n37                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n36                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n12                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n35                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n11                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n34                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n3                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n10                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n33                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n9                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n8                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n2                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n32                NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n1                 NaN              52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                           OfficeTenantId           SourceSystem  \\\n90   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n89   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n91   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n84   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n88   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n85   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n87   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n80   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n83   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n82   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n81   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n86   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n104  aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n103  aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n102  aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n97   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n96   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n98   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n95   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n101  aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n100  aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n94   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n92   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n93   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n99   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n68   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n76   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n67   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n58   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n31   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n56   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n30   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n57   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n55   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n54   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n4    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n5    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n6    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n7    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n53   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n29   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n52   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n28   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n51   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n50   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n27   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n49   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n25   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n26   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n47   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n48   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n24   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n23   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n46   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n22   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n45   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n21   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n20   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n44   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n43   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n19   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n42   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n18   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n41   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n17   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n40   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n16   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n39   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n14   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n15   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n38   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n13   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n37   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n36   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n12   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n35   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n11   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n34   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n3    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n10   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n33   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n9    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n8    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n2    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n32   aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n1    aa46238d-13fc-4314-8f0c-94044435adb1  OfficeActivityManager   \n\n               Type                 UserPrincipalName  \n90   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n89   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n91   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n84   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n88   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n85   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n87   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n80   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n83   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n82   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n81   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n86   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n104  OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n103  OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n102  OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n97   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n96   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n98   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n95   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n101  OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n100  OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n94   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n92   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n93   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n99   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n68   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n76   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n67   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n58   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n31   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n56   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n30   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n57   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n55   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n54   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n4    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n5    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n6    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n7    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n53   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n29   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n52   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n28   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n51   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n50   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n27   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n49   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n25   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n26   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n47   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n48   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n24   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n23   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n46   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n22   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n45   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n21   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n20   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n44   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n43   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n19   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n42   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n18   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n41   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n17   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n40   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n16   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n39   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n14   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n15   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n38   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n13   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n37   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n36   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n12   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n35   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n11   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n34   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n3    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n10   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n33   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n9    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n8    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n2    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n32   OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n1    OfficeActivity  ianh@m365x054215.onmicrosoft.com  \n\n[86 rows x 92 columns]"
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "042d89a616e0468eb79c505a751258c0": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "04f7a2f424f54ac2b956167469b1cd88": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "050e929313c3440f8329396036a2dc65": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "95%"
      }
     },
     "0586b50b9e894ce7944273d97d34caa4": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "05a92bb65d9246a2841d47a500d39a9d": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "07328251bfa3446a82bbba4527308200": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "07c679b1e50440bfabddead283a2d811": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HTMLModel",
      "state": {
       "layout": "IPY_MODEL_678db23681c84eebb2fb9d2ba1013f0a",
       "style": "IPY_MODEL_61620a56073a455b991f6b52414f0bc7",
       "value": "<h4>Set query time boundaries</h4>"
      }
     },
     "08361f899242436493d71a3786a5f510": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DatePickerModel",
      "state": {
       "description": "Origin Date",
       "disabled": false,
       "layout": "IPY_MODEL_32ffb6921bac4c30896e0c7df60e23fc",
       "style": "IPY_MODEL_b93f7519aca5444484086e83de06a40a",
       "value": {
        "date": 30,
        "month": 9,
        "year": 2019
       }
      }
     },
     "09851848b0ef4029b95ef2a957d3b686": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_8e8360f4978a42288f5332afda82c476",
       "style": "IPY_MODEL_10749afbda824b9f8fe5482a9d1737aa"
      }
     },
     "09a3ca78764140b38b641c4dfe24fc76": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_ac836793d41e4863a2a0681aead7a405",
       "style": "IPY_MODEL_88b48ca013a5425a9e6ad53f8f975c69"
      }
     },
     "0b1b9ae1e3ef411791f420b8ec7917f2": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Enter the Account name to search for:",
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_62f1c23c5ba84655ad3bf862086f3567",
       "value": "ianh"
      }
     },
     "0bcdf7317509446a93eaefacb3825972": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "0c3c0974d2834914b1504afd0beae39d": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "AlexW   WindowsHostLogon (Last activity: 2019-10-28 16:12:44.620000)",
        "alexw@M365x648731.onmicrosoft.com   WindowsHostLogon (Last activity: 2019-09-20 16:28:20.420000)",
        "alexw@m365x648731.onmicrosoft.com   O365Activity (Last activity: 2019-10-16 18:09:42)",
        "alexw@m365x648731.onmicrosoft.com   AADLogon (Last activity: 2019-10-29 23:44:32.382000)",
        "AlexW@M365x648731.OnMicrosoft.com   AzureActivity (Last activity: 2019-10-23 16:39:05.220000)"
       ],
       "description": "Select an account to explore",
       "index": 2,
       "layout": "IPY_MODEL_1482d40c460b42da878246193f7d8044",
       "style": "IPY_MODEL_8e29d9e0f49d4e17b9bd516742d3cfc1"
      }
     },
     "0eb7a91d868b45559619c089fb79ec0f": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "10028a8e935f4baa8603aad13d55f966": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "10749afbda824b9f8fe5482a9d1737aa": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "10f1e3780a9145cdbcaa275a0fa266e7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "110966f8eafc41278b92312f26d0096d": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "11bd4a1fe4c94900bfb6617099102bdc": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "11e01bc6c6b44a9d97f14acbdb791e86": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "12e3c37a4c704006b53670859a507c75": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_87b5702a04874a64bb23b66a4f98731e",
       "value": true
      }
     },
     "13d89f2c53e94cce932de8cede43678a": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "SecurityAlert - 787646c14107  2019-02-25 19:45:17.982000",
        "SSH BF TEST  2019-02-25 16:39:31.141000"
       ],
       "description": "Select an item",
       "index": 0,
       "layout": "IPY_MODEL_23587ac1b6a244dbb003beb319e70b4d",
       "style": "IPY_MODEL_2a125d9c7768422a8600ce7f45512f73"
      }
     },
     "142cb3167f4a41aba4094932462ad439": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Enter the Account name to search for:",
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_29a721a8672f4eaeac3fb52a19143ba7"
      }
     },
     "1482d40c460b42da878246193f7d8044": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "14a0a076de014377b4222277ad91e1d6": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "1509689085784331b6a66bd38787ca33": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_007091c30218497494a35dd3ffc35251",
       "style": "IPY_MODEL_e922261b9df54e4c92c22c5676bbec62"
      }
     },
     "151bfa41a4f54e2fad5fd527fb9a3c91": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_ac02efe8753c495cbd01c8027f5b7675",
       "outputs": [
        {
         "name": "stdout",
         "output_type": "stream",
         "text": "b0493469-b0c7-4666-acb8-787646c14107\n"
        }
       ]
      }
     },
     "1533869f497d40738af8117817df8abf": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "2019-09-16 17:41:30  Activity from a Tor IP address (alexw) [id:6e9a1a98-8be0-32c0-4eb6-492eb864df4a]",
        "2019-09-16 17:43:36  Activity from infrequent country (alexw) [id:a9ec17e2-695d-55c2-2559-db2500634922]",
        "2019-09-16 17:43:36  Activity from a Tor IP address (alexw) [id:87e4808e-a8db-9749-59ef-58f584cc0f9c]",
        "2019-09-16 18:06:04  Activity from a Tor IP address (alexw) [id:7a8f88f0-6470-a86b-9e6c-426c4eb7e504]",
        "2019-09-16 18:08:01  Activity from a Tor IP address (alexw) [id:8d824f66-fe30-46a7-704b-32c0bc15690a]",
        "2019-09-16 18:11:40  Activity from a Tor IP address (alexw) [id:e779d270-c511-8168-711c-2196d42d496c]",
        "2019-09-16 18:12:51  Activity from a Tor IP address (alexw) [id:bace9664-451a-4703-d1a1-193602db4ce9]",
        "2019-09-16 18:14:06  Activity from a Tor IP address (alexw) [id:dabf2400-4d0f-8d1a-bdef-b687c78e042d]",
        "2019-09-16 18:16:29  Activity from a Tor IP address (alexw) [id:3df0fd2a-a2bd-11b8-08fa-4c47805c61c4]",
        "2019-09-16 18:16:38  Activity from a Tor IP address (alexw) [id:1462459b-f0c0-730d-a0c5-c040865781c5]",
        "2019-09-16 18:17:33  Mass download by a single user (alexw) [id:764ffd06-691f-11d6-e47d-d8846357fe3d]",
        "2019-09-16 18:41:42  Activity from a Tor IP address (alexw) [id:646e3d4a-03e8-b63b-6820-8748246258f7]",
        "2019-09-16 18:58:35  Activity from a Tor IP address (alexw) [id:66cae451-cc77-a169-d3b8-be381aef1063]",
        "2019-09-16 20:10:14  Activity from a Tor IP address (alexw) [id:4695a6ca-2c00-6f5c-614e-fb68a264153e]",
        "2019-09-16 20:42:09  Activity from a Tor IP address (alexw) [id:6d090d4f-fab0-09b9-91e5-954e4283b789]",
        "2019-09-16 20:48:22  Publicly shared confidential files (alexw) [id:d42fd7b0-6904-54d1-e75c-4c74a253ad9b]",
        "2019-09-16 20:48:22  Publicly shared confidential files (alexw) [id:6bda7486-2ccb-3e09-c4e0-bc453e021432]",
        "2019-09-16 20:48:22  Publicly shared confidential files (alexw) [id:914eac72-4e7c-0e95-4b27-5a47e84fd97b]",
        "2019-09-16 20:48:22  Publicly shared confidential files (alexw) [id:7490aadd-7038-4889-1e64-17d97691e921]",
        "2019-09-18 16:08:45  Anonymous IP address (alexw) [id:2dc37dba-7728-4a05-ab55-7759ae4c5399]",
        "2019-09-18 17:01:30  Activity from a Tor IP address (alexw) [id:2de3fee4-062a-0068-83ff-201db9ac8ea1]",
        "2019-09-18 17:01:30  Activity from a Tor IP address (alexw) [id:b1207139-0834-92c7-66a7-0407034919be]",
        "2019-09-18 17:10:17  Activity from a Tor IP address (alexw) [id:0cd73e6f-5648-827f-60c7-a468d3611345]",
        "2019-09-19 19:15:59  Activity from a Tor IP address (alexw) [id:32e144f0-1c19-f86f-25ec-bca44a826703]",
        "2019-09-19 19:15:59  Anonymous IP address (alexw) [id:2268e6eb-2bce-8956-7156-7f9da2ced0b2]",
        "2019-09-19 19:16:03  Anonymous IP address (alexw) [id:b710e388-5455-aaa1-676a-bd8fe040a891]",
        "2019-09-19 19:17:54  Anonymous IP address (alexw) [id:feb2cffb-6b45-0246-a20a-326102637dab]",
        "2019-09-19 19:18:15  Activity from a Tor IP address (alexw) [id:19fbc0af-020e-5d8e-0a81-6a2f56b24bf3]",
        "2019-09-19 19:27:59  Activity from a Tor IP address (alexw) [id:d2cc6e5e-2216-2556-a0b7-e2569acb7604]",
        "2019-09-19 20:20:38  Mass delete (alexw) [id:c204576b-5a78-e390-67e9-c6bef9896e0a]",
        "2019-09-19 20:20:39  Activity from a Tor IP address (alexw) [id:2a7963fa-8d7c-9bcd-8be9-aac5dee53214]",
        "2019-09-19 20:22:57  Activity from a Tor IP address (alexw) [id:58168942-58b1-2a86-33da-d56e0cc1b379]",
        "2019-09-19 23:16:09  Powershell Empire cmdlets seen in command line data (alexw) [id:63612a52-a9ee-4af0-8690-605986ee588e]",
        "2019-09-20 16:22:48  PowerShell downloads - From Hunting Queries (alexw) [id:adfb4239-dfb0-4075-b30b-2ae37e9d2378]",
        "2019-09-20 17:43:57  PowerShell downloads - From Hunting Queries (alexw) [id:923e019d-0921-44ac-aceb-c6c22279a52d]",
        "2019-09-20 18:20:22  Anonymous IP address (alexw) [id:1920ef92-ca75-f744-1cb9-ad516e0b4803]",
        "2019-09-20 18:20:22  Activity from a Tor IP address (alexw) [id:5608a786-30a9-279b-a6de-8915ecc4861f]",
        "2019-09-20 18:20:28  Anonymous IP address (alexw) [id:aca55f15-8a47-1c7f-28e1-1ff1b34bacb4]",
        "2019-09-20 20:09:25  Activity from a Tor IP address (alexw) [id:e1a95e63-c363-dda2-32d9-60d8c6684f3d]",
        "2019-09-20 20:09:55  Anonymous IP address (alexw) [id:300a2588-acf4-bf04-c368-014609c6fc92]",
        "2019-09-20 20:10:07  Anonymous IP address (alexw) [id:c017ac58-82e4-43e0-c115-d009884b2b68]",
        "2019-09-20 20:11:38  Powershell Empire cmdlets seen in command line (alexw) [id:2d132959-c0ac-4969-b205-c292b18eb386]",
        "2019-09-20 20:11:57  Activity from a Tor IP address (alexw) [id:7dfc5ef4-957d-e0a5-a4a8-0f9079e10913]",
        "2019-09-20 20:11:57  Suspicious inbox forwarding (alexw) [id:c3f8c47d-6d3f-6c60-69f0-4d2cbfd9b313]",
        "2019-09-20 20:50:24  PowerShell Downloads (alexw) [id:e4272f16-c4b5-4cf1-8265-4b898cd650a8]",
        "2019-09-20 20:52:05  Encoded Powershell Run - Custom Alert (alexw) [id:92166e25-12d0-4a84-b9b3-708ccb16f11c]",
        "2019-09-20 20:56:01  Masquerading as System Files (custom) (alexw) [id:0b3d392d-ce63-4544-a5c6-5a60e81bee61]",
        "2019-09-20 21:24:38  PowerShell Downloads (alexw) [id:bb605588-d1b1-4661-92ae-559fc9e89d19]",
        "2019-09-20 21:28:54  Masquerading as System Files (custom) (alexw) [id:f0cbba9e-30f2-4e56-bb83-fe07c052acff]",
        "2019-09-20 21:30:45  Masquerading as System Files (custom) (alexw) [id:f3ab7b7b-388c-4d23-8c1b-d80efa4f10f4]",
        "2019-09-20 21:37:31  Encoded Powershell Run - Custom Alert (alexw) [id:eb70f1be-6389-44a4-9cd0-5d2714f28c35]",
        "2019-09-20 22:43:58  PowerShell downloads - From Hunting Queries (alexw) [id:75fff00f-8fb9-4d5a-b315-d54d34263fe7]",
        "2019-09-20 23:16:10  Powershell Empire cmdlets seen in command line data (alexw) [id:14ba0ee8-cb84-44c8-9067-1c99b1cc5ef9]",
        "2019-09-20 23:24:38  PowerShell Downloads (alexw) [id:1c5f0a91-1a55-4fa1-9e7c-efa2469e40f4]",
        "2019-09-20 23:30:45  Masquerading as System Files (custom) (alexw) [id:64cefa80-6a69-4dcc-98f9-d0c622bd70a4]",
        "2019-09-20 23:37:31  Encoded Powershell Run - Custom Alert (alexw) [id:554621f1-be22-4b38-b0c6-a5248250a5bc]",
        "2019-09-22 20:11:38  Powershell Empire cmdlets seen in command line (alexw) [id:627c3c49-20f6-4013-a611-346a072e23b7]",
        "2019-09-22 23:16:11  Powershell Empire cmdlets seen in command line data (alexw) [id:49e48cff-9df4-4e7f-af60-949fd83b2b29]",
        "2019-09-23 15:43:59  PowerShell downloads - From Hunting Queries (alexw) [id:c88768be-3772-4ff3-8ee4-45383162eaed]",
        "2019-09-23 18:24:43  PowerShell Downloads (alexw) [id:3738974d-f3df-4f85-a3d1-30bb7cb65471]",
        "2019-09-23 18:30:49  Masquerading as System Files (custom) (alexw) [id:2fa3c427-8ec2-47c2-b1d7-ebcb87d50918]",
        "2019-09-23 18:37:35  Encoded Powershell Run - Custom Alert (alexw) [id:4a0e573d-c5d7-4bd6-892d-9fae41bc1b79]",
        "2019-09-23 20:11:39  Powershell Empire cmdlets seen in command line (alexw) [id:ab2a5d2a-bfd1-483a-bbbe-d591717ca38e]",
        "2019-09-23 21:30:49  Masquerading as System Files (custom) (alexw) [id:fb9169c7-48e0-405b-8f45-5987f6415d6f]",
        "2019-09-23 22:35:09  Powershell Empire cmdlets seen in command line (alexw) [id:6eb7c0be-3794-41b9-8481-20e17f1eebd6]",
        "2019-09-24 01:43:59  PowerShell downloads - From Hunting Queries (alexw) [id:e137cba8-4b4b-49df-9a69-de8ee811b348]",
        "2019-09-24 02:24:44  PowerShell Downloads (alexw) [id:a0c77cd1-6acb-4493-84c6-7d5fc3b04d40]",
        "2019-09-24 02:30:50  Masquerading as System Files (custom) (alexw) [id:67e40f5b-c85b-487f-8ae2-13e7d7274767]",
        "2019-09-24 02:37:36  Encoded Powershell Run - Custom Alert (alexw) [id:5b84f53e-c459-4198-a033-2607bd36b8ba]",
        "2019-09-24 20:30:51  Masquerading as System Files (custom) (alexw) [id:686e3a3f-2221-43fd-8695-4f3337096704]",
        "2019-09-24 23:06:14  Activity from a Tor IP address (alexw) [id:3b7405cd-829d-6ad4-4949-bf8c68860959]",
        "2019-09-24 23:06:14  Anonymous IP address (alexw) [id:5f7050e9-dafb-528e-6206-f27b03298b50]",
        "2019-09-24 23:09:28  Anonymous IP address (alexw) [id:09c804f7-f629-c65b-816d-e8361e34fad0]",
        "2019-09-24 23:09:28  Activity from a Tor IP address (alexw) [id:9f3d0c6c-521a-bfac-daf5-42f46643a091]",
        "2019-09-24 23:09:32  Anonymous IP address (alexw) [id:c9560e81-86cc-a4d3-dfb9-3d5cdd0bcfd0]",
        "2019-09-24 23:10:35  Activity from a Tor IP address (alexw) [id:073aed5a-de40-0d20-1226-4676ff1588c3]",
        "2019-09-25 16:21:43  Activity from a Tor IP address (alexw) [id:1254b298-bfd1-9721-b4b2-29ee196ad350]",
        "2019-09-25 16:21:43  Anonymous IP address (alexw) [id:154002e9-0dc9-5bae-caa2-c29b9624f6d8]",
        "2019-09-25 16:21:49  Anonymous IP address (alexw) [id:fcb6df89-7c0f-61be-8ba0-6092044b1bc3]",
        "2019-09-26 16:22:14  Anonymous IP address (alexw) [id:b8e8a51e-4939-a5b1-bfc0-ef7a07ae9234]",
        "2019-09-27 17:26:43  Anonymous IP address (alexw) [id:b514cc54-afb1-9919-6bf4-b7f88e2cd256]",
        "2019-09-27 17:26:49  Anonymous IP address (alexw) [id:ebbdacec-8b6e-8ae1-e6cf-003acb20e742]",
        "2019-09-28 17:32:59  Anonymous IP address (alexw) [id:24c06a99-1e2b-f08d-9774-e51b4cddc5a7]",
        "2019-09-29 17:35:00  Anonymous IP address (alexw) [id:4b5c028b-21fc-1a3a-d60e-276759210c8e]",
        "2019-10-01 18:28:24  PowerShell Downloads (alexw) [id:d41bef8d-4578-49c2-9791-3b89bdceebdb]",
        "2019-10-01 18:30:55  PowerShell downloads - From Hunting Queries (alexw) [id:b4b903d2-9d80-4769-8e5c-a59cb345253b]",
        "2019-10-01 18:32:48  Encoded Powershell Run - Custom Alert (alexw) [id:061d830f-31d0-4e0f-9f45-6b05254712a6]",
        "2019-10-03 20:21:15  PowerShell downloads - From Hunting Queries (alexw) [id:f811a0f7-bfba-4f84-9230-6c6e663a02c5]",
        "2019-10-03 20:23:07  Encoded Powershell Run - Custom Alert (alexw) [id:8e6ffcc6-e1cb-4166-89ff-49e440dd6beb]",
        "2019-10-03 20:26:18  PowerShell Downloads (alexw) [id:1ef941a0-269c-4251-90c1-dd164731237a]",
        "2019-10-08 21:17:09  PowerShell Downloads (alexw) [id:21a0ed91-2b3e-432d-886b-6753f5ae7964]",
        "2019-10-08 21:22:05  PowerShell downloads - From Hunting Queries (alexw) [id:1e76bbae-520f-42a3-bd0e-5c009afb7b21]",
        "2019-10-10 15:31:36  UnfamiliarLocation (alexw) [id:ee35b20b-2f5f-56f1-88d0-a6bb9bc5fe14]",
        "2019-10-10 15:31:36  UnfamiliarLocation (alexw) [id:ee35b20b-2f5f-56f1-88d0-a6bb9bc5fe14]",
        "2019-10-10 16:16:59  Mass download (alexw) [id:6bf910d0-71b0-f4b6-91af-40809899d214]",
        "2019-10-10 16:16:59  Mass download (alexw) [id:6bf910d0-71b0-f4b6-91af-40809899d214]",
        "2019-10-10 22:35:21  Powershell Empire cmdlets seen in command line (alexw) [id:0b6ee87e-2151-49f8-aad5-317cbec7bdbd]",
        "2019-10-11 22:06:32  PowerShell Downloads (alexw) [id:1a60f273-dcc6-41ba-98ed-4f92438bf266]",
        "2019-10-11 22:09:24  Encoded Powershell Run - Custom Alert (alexw) [id:e202d07a-fc31-4dc8-bc52-330246970e97]",
        "2019-10-11 22:11:32  PowerShell downloads - From Hunting Queries (alexw) [id:56d398e3-9f19-4819-abbf-8f02b8687276]",
        "2019-10-11 22:12:51  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-11 22:13:14  Suspicious Powershell commandline (alexw) [id:ff0843ab-0cbb-a55b-2466-05ac9ef59439]",
        "2019-10-11 22:13:14  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-11 22:13:14  Suspicious behavior by cmd.exe was observed (alexw) [id:3459510a-a6ff-66ac-3f91-89b8b5dd50e0]",
        "2019-10-11 22:13:14  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-11 22:13:37  A malicious PowerShell Cmdlet was invoked on the machine (alexw) [id:7905302d-13db-4efa-c4be-fd5df3bdca60]",
        "2019-10-11 22:13:39  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-11 22:13:39  Network connection to a risky host (alexw) [id:954c4ff6-9f17-42a6-4c02-643bd2873461]",
        "2019-10-11 22:13:39  Network connection to a risky host (alexw) [id:954c4ff6-9f17-42a6-4c02-643bd2873461]",
        "2019-10-11 22:13:43  Suspicious behavior by cmd.exe was observed (alexw) [id:3459510a-a6ff-66ac-3f91-89b8b5dd50e0]",
        "2019-10-11 22:13:51  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:51  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:13:52  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-11 22:14:03  An active 'Mikatz' high-severity malware was detected (alexw) [id:49df9a29-da06-3b13-0e69-baed02b71094]",
        "2019-10-11 22:14:03  An active 'Mikatz' high-severity malware was detected (alexw) [id:49df9a29-da06-3b13-0e69-baed02b71094]",
        "2019-10-11 22:15:49  Suspicious Powershell commandline (alexw) [id:9ce93ab6-c2b6-fc04-b372-068b25633f0a]",
        "2019-10-11 22:15:49  Suspicious behavior by cmd.exe was observed (alexw) [id:3459510a-a6ff-66ac-3f91-89b8b5dd50e0]",
        "2019-10-11 22:15:49  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-11 22:15:49  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-11 22:15:53  Suspicious behavior by cmd.exe was observed (alexw) [id:3459510a-a6ff-66ac-3f91-89b8b5dd50e0]",
        "2019-10-11 22:15:53  Suspicious registration of an accessibility debugger under the IFEO registry key (alexw) [id:39cdc76c-c90d-6a56-4c5a-e755c783afba]",
        "2019-10-11 22:15:53  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-11 22:15:53  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-11 22:15:53  Suspicious behavior by cmd.exe was observed (alexw) [id:3459510a-a6ff-66ac-3f91-89b8b5dd50e0]",
        "2019-10-11 22:16:11  Sensitive credential memory read (alexw) [id:116fe987-3859-09b1-f9c4-2e4c250bb052]",
        "2019-10-11 22:16:11  Sensitive credential memory read (alexw) [id:116fe987-3859-09b1-f9c4-2e4c250bb052]",
        "2019-10-15 12:18:55  Activity from infrequent country (alexw) [id:7b975100-bea1-8c8a-6181-aaee531a7f2b]",
        "2019-10-16 17:38:48  MDATP Detections (alexw) [id:48390bca-521f-4689-8b98-e9c07d23b915]",
        "2019-10-16 17:43:48  MDATP Detections (alexw) [id:d7baa736-e549-4d45-b706-b1c03fd15762]",
        "2019-10-16 17:48:48  MDATP Detections (alexw) [id:4b0fcec3-3afd-4a7c-a4b5-0013f8e11616]",
        "2019-10-16 17:49:25  Suspicious Powershell Command Line in MDATP (alexw) [id:3dc58f57-fc9c-4d0e-b06b-a44014602ea0]",
        "2019-10-16 17:54:25  Suspicious Powershell Command Line in MDATP (alexw) [id:63597b16-89f2-4ab7-a8bc-4ae50eae8714]",
        "2019-10-16 17:59:26  Suspicious Powershell Command Line in MDATP (alexw) [id:7b4b38a2-6816-4e3f-bdf2-171b0c3d441d]",
        "2019-10-16 18:04:26  Suspicious Powershell Command Line in MDATP (alexw) [id:701548d7-ff3e-498e-8e9a-115adc4fe342]",
        "2019-10-16 18:09:20  Activity from a Tor IP address (alexw) [id:ceba73c1-8dce-da4b-f9d6-03dadc4f666a]",
        "2019-10-16 18:09:20  Anonymous IP address (alexw) [id:cbb3c135-c5b3-f418-e961-d75211bd0cf1]",
        "2019-10-16 18:09:24  Anonymous IP address (alexw) [id:37f76fb6-093e-30b3-7952-d2956cf5c197]",
        "2019-10-16 18:09:26  Suspicious Powershell Command Line in MDATP (alexw) [id:4aac2c7d-0a35-4b28-aea1-2cd498a2eb84]",
        "2019-10-16 18:14:26  Suspicious Powershell Command Line in MDATP (alexw) [id:b6f5a6c6-d92b-43fc-8854-e5f30c8fbba5]",
        "2019-10-16 18:19:26  Suspicious Powershell Command Line in MDATP (alexw) [id:19aa204b-c703-4e29-939a-b5c8ee3cc14e]",
        "2019-10-16 18:24:26  Suspicious Powershell Command Line in MDATP (alexw) [id:8a0c8e63-112b-4a21-b32e-8c9b29667180]",
        "2019-10-16 18:29:26  Suspicious Powershell Command Line in MDATP (alexw) [id:d5a200bc-568d-4a47-9210-a08ee606cae9]",
        "2019-10-16 18:34:26  Suspicious Powershell Command Line in MDATP (alexw) [id:0b909c03-2541-4ab3-aa90-d0e4ea992c10]",
        "2019-10-16 18:39:26  Suspicious Powershell Command Line in MDATP (alexw) [id:47be70a8-6dd3-417b-a36c-b90bd467ae16]",
        "2019-10-16 18:44:26  Suspicious Powershell Command Line in MDATP (alexw) [id:2482d836-a3ef-43e6-9cb0-bbc386864217]",
        "2019-10-16 18:49:26  Suspicious Powershell Command Line in MDATP (alexw) [id:2ea5f992-242d-4f82-979a-b1b2a1eb4a1b]",
        "2019-10-16 18:54:26  Suspicious Powershell Command Line in MDATP (alexw) [id:406ac73b-a258-4d53-83bd-954a712fdd7d]",
        "2019-10-16 18:59:26  Suspicious Powershell Command Line in MDATP (alexw) [id:d0148d06-3d12-4c69-9e3b-6dadb93ab97f]",
        "2019-10-16 19:04:26  Suspicious Powershell Command Line in MDATP (alexw) [id:72c25713-c786-4a75-90e8-471b4c5fdbe2]",
        "2019-10-16 19:09:26  Suspicious Powershell Command Line in MDATP (alexw) [id:7c7e7c3f-257b-47b9-a3d2-1ad4d1b2c893]",
        "2019-10-16 19:14:26  Suspicious Powershell Command Line in MDATP (alexw) [id:388cb372-ee56-4a05-a2d8-010fd089ffe9]",
        "2019-10-16 19:19:26  Suspicious Powershell Command Line in MDATP (alexw) [id:43a39441-0058-45fb-becc-8789ee21ccc5]",
        "2019-10-16 19:24:27  Suspicious Powershell Command Line in MDATP (alexw) [id:fcfd7311-9e20-42ae-8702-623fbec44e8d]",
        "2019-10-16 19:29:27  Suspicious Powershell Command Line in MDATP (alexw) [id:9213e3d8-9474-4763-a2e3-ec9caa8a80a9]",
        "2019-10-16 19:34:27  Suspicious Powershell Command Line in MDATP (alexw) [id:5f6ac114-8f0b-4d77-a91a-cfde92f9e1b1]",
        "2019-10-16 19:39:27  Suspicious Powershell Command Line in MDATP (alexw) [id:f54ffe4a-02b4-406a-a79b-a0a7b3cb2688]",
        "2019-10-16 19:44:27  Suspicious Powershell Command Line in MDATP (alexw) [id:fa294432-32a7-4a86-af70-e9c38d8d6eca]",
        "2019-10-16 19:47:17  PowerShell Downloads (alexw) [id:b11258ab-3234-4974-af2e-f26acb71d591]",
        "2019-10-16 19:49:27  Suspicious Powershell Command Line in MDATP (alexw) [id:43f60c98-a1ee-48d9-9ef9-b8e7dcd64428]",
        "2019-10-16 19:50:11  Encoded Powershell Run - Custom Alert (alexw) [id:e649e8c0-4c1d-4717-9a9e-97aa414f2ca0]",
        "2019-10-16 19:52:23  PowerShell downloads - From Hunting Queries (alexw) [id:f638ee74-7a7a-40ff-b7ef-e74d8cd6760c]",
        "2019-10-16 19:54:27  Suspicious Powershell Command Line in MDATP (alexw) [id:4f66c926-0dc4-42d5-801f-7303f113d401]",
        "2019-10-16 19:56:48  Suspicious Powershell commandline (alexw) [id:ff0843ab-0cbb-a55b-2466-05ac9ef59439]",
        "2019-10-16 19:57:15  A malicious PowerShell Cmdlet was invoked on the machine (alexw) [id:7905302d-13db-4efa-c4be-fd5df3bdca60]",
        "2019-10-16 19:57:15  A script with suspicious content was observed (alexw) [id:111fdd59-0f28-3673-81b1-d37aace9ca6b]",
        "2019-10-16 19:57:36  Network connection to a risky host (alexw) [id:954c4ff6-9f17-42a6-4c02-643bd2873461]",
        "2019-10-16 19:57:36  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-16 19:57:36  Network connection to a risky host (alexw) [id:954c4ff6-9f17-42a6-4c02-643bd2873461]",
        "2019-10-16 19:59:27  Suspicious Powershell Command Line in MDATP (alexw) [id:166ba256-c5fb-48c6-b650-1b6cfdf599c3]",
        "2019-10-16 20:04:27  Suspicious Powershell Command Line in MDATP (alexw) [id:db78db44-88d6-4d7d-aa75-6d3feccd2bbc]",
        "2019-10-16 20:09:27  Suspicious Powershell Command Line in MDATP (alexw) [id:9e8fc0da-e378-49be-983a-b05a0568820e]",
        "2019-10-16 20:14:27  Suspicious Powershell Command Line in MDATP (alexw) [id:8bb0038b-a9b6-423c-b4ed-f3db8044544d]",
        "2019-10-16 20:19:27  Suspicious Powershell Command Line in MDATP (alexw) [id:05b9ae8e-d5b9-45ad-b56e-f1b010701967]",
        "2019-10-16 20:24:27  Suspicious Powershell Command Line in MDATP (alexw) [id:a8d61952-881a-494a-b9eb-bb15d561a6c9]",
        "2019-10-16 20:29:27  Suspicious Powershell Command Line in MDATP (alexw) [id:29d43330-57a6-4d13-bce0-3069e744bf9a]",
        "2019-10-16 20:34:27  Suspicious Powershell Command Line in MDATP (alexw) [id:866a0a95-8849-48d8-9842-a77a5f9c7972]",
        "2019-10-16 20:39:27  Suspicious Powershell Command Line in MDATP (alexw) [id:b609dab6-0027-44a2-97fb-6437c2871066]",
        "2019-10-16 20:44:27  Suspicious Powershell Command Line in MDATP (alexw) [id:32ca76ec-38d5-431c-87d8-310a665dfaae]",
        "2019-10-16 20:49:28  Suspicious Powershell Command Line in MDATP (alexw) [id:69b03a61-cc69-408c-a6cf-1285bd490cbc]",
        "2019-10-16 20:54:28  Suspicious Powershell Command Line in MDATP (alexw) [id:8fb13a7a-6ed4-452c-a260-aa14f1865e96]",
        "2019-10-16 20:59:28  Suspicious Powershell Command Line in MDATP (alexw) [id:58551fe2-8f9c-43c3-aed8-7ceb7c8c2e65]",
        "2019-10-16 21:04:28  Suspicious Powershell Command Line in MDATP (alexw) [id:bcd35be0-b01d-435c-9b65-b03fd2ed8079]",
        "2019-10-16 21:09:28  Suspicious Powershell Command Line in MDATP (alexw) [id:34f163fd-5745-4da9-bbee-f13d90db62aa]",
        "2019-10-16 21:14:28  Suspicious Powershell Command Line in MDATP (alexw) [id:78ca30ec-547b-4754-8cd7-6257cff77809]",
        "2019-10-16 21:19:28  Suspicious Powershell Command Line in MDATP (alexw) [id:58c7cd60-0550-4e99-962b-4563b391d739]",
        "2019-10-16 21:24:28  Suspicious Powershell Command Line in MDATP (alexw) [id:fcdd0bd5-7e94-48b6-bd52-951296201506]",
        "2019-10-16 21:29:28  Suspicious Powershell Command Line in MDATP (alexw) [id:4b8d0dea-6c4a-421a-9c8f-b7c4fad39ba4]",
        "2019-10-16 21:34:28  Suspicious Powershell Command Line in MDATP (alexw) [id:9df374d4-a29d-4bff-ac09-953b165aaece]",
        "2019-10-16 21:39:28  Suspicious Powershell Command Line in MDATP (alexw) [id:dbe2ba55-c3a9-4de5-a743-72eaace61439]",
        "2019-10-16 21:44:28  Suspicious Powershell Command Line in MDATP (alexw) [id:5546bb7d-cd28-4f31-8203-0e4af93be33f]",
        "2019-10-16 21:49:28  Suspicious Powershell Command Line in MDATP (alexw) [id:0e16855a-cbda-423f-ba82-1f376262cb22]",
        "2019-10-16 21:54:28  Suspicious Powershell Command Line in MDATP (alexw) [id:cb01e838-c963-4189-934c-ba6aac41e3c8]",
        "2019-10-16 21:59:28  Suspicious Powershell Command Line in MDATP (alexw) [id:abb77372-3efe-4a2d-b6ab-730db4080b4a]",
        "2019-10-16 22:04:28  Suspicious Powershell Command Line in MDATP (alexw) [id:b6ec7abe-b986-4213-ae33-997dac174e44]",
        "2019-10-16 22:09:28  Suspicious Powershell Command Line in MDATP (alexw) [id:a4a1c2b1-0802-447b-9f14-aa1c37e5df80]",
        "2019-10-16 22:14:28  Suspicious Powershell Command Line in MDATP (alexw) [id:d78a626b-b2c4-4cc1-8416-9f49050ead4e]",
        "2019-10-16 22:19:29  Suspicious Powershell Command Line in MDATP (alexw) [id:d3c5a4e4-ff53-4a00-9b8a-a71bf70ceeaf]",
        "2019-10-16 22:20:12  Encoded Powershell Run - Custom Alert (alexw) [id:8b3d08dd-d718-409b-ba92-3692481441d9]",
        "2019-10-16 22:22:24  PowerShell downloads - From Hunting Queries (alexw) [id:07d9262b-7610-4e9a-aca8-0d2bccdf8b48]",
        "2019-10-16 22:24:29  Suspicious Powershell Command Line in MDATP (alexw) [id:4f71a893-8f76-44f2-8b80-4b49a5d3b010]",
        "2019-10-16 22:27:18  PowerShell Downloads (alexw) [id:2f7cde0f-dd98-4fa4-81c3-7db5f28a33d6]",
        "2019-10-16 22:29:29  Suspicious Powershell Command Line in MDATP (alexw) [id:1085e41f-c9c1-4343-bf6d-c8e67f99346c]",
        "2019-10-16 22:30:09  Suspicious Powershell commandline (alexw) [id:86028bd5-2024-8d25-a72f-9b18f47a8ca7]",
        "2019-10-16 22:30:09  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-16 22:30:09  Suspicious Powershell commandline (alexw) [id:ff0843ab-0cbb-a55b-2466-05ac9ef59439]",
        "2019-10-17 15:30:19  Encoded Powershell Run - Custom Alert (alexw) [id:aa8bc655-b377-45f8-a117-dbe92adae71f]",
        "2019-10-17 15:32:30  PowerShell downloads - From Hunting Queries (alexw) [id:06be2212-5b25-4b4e-9ec9-6ab47ae94f7a]",
        "2019-10-17 15:35:45  Suspicious Powershell Command Line in MDATP (alexw) [id:3363a192-0f94-42b4-b6c5-7ce9b114998b]",
        "2019-10-17 15:37:25  PowerShell Downloads (alexw) [id:b0f24e6d-394e-468d-a8bd-73db650b704e]",
        "2019-10-17 15:37:38  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-17 15:37:38  Suspicious Powershell commandline (alexw) [id:ff0843ab-0cbb-a55b-2466-05ac9ef59439]",
        "2019-10-17 15:37:38  Suspicious Powershell commandline (alexw) [id:344cc23c-015d-f52d-6325-be9a60d10eb1]",
        "2019-10-17 17:20:45  Suspicious Powershell Command Line in MDATP (alexw) [id:bed61330-e15d-4ff2-96bd-a36a435f837e]",
        "2019-10-17 17:57:58  MDATP Suspicious Powershell Command Line (alexw) [id:c59aedf5-e104-4e62-93b5-7277a0b0ee07]",
        "2019-10-17 17:59:49  MDATP Suspicious Powershell Command Line (alexw) [id:10327c91-a505-458b-a76c-4f34081238d5]",
        "2019-10-17 18:13:48  Suspicious behavior by cmd.exe was observed (alexw) [id:c39d2d55-83d8-4cf1-f315-cdd6a5878e72]",
        "2019-10-17 18:13:48  Suspicious Powershell commandline (alexw) [id:ff0843ab-0cbb-a55b-2466-05ac9ef59439]",
        "2019-10-17 18:13:48  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-17 18:13:48  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-17 18:14:26  Suspicious behavior by cmd.exe was observed (alexw) [id:c39d2d55-83d8-4cf1-f315-cdd6a5878e72]",
        "2019-10-17 18:14:26  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-17 18:14:26  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-17 18:14:26  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-17 18:14:26  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-17 18:14:26  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-17 18:14:38  An active 'Mikatz' high-severity malware was detected (alexw) [id:49df9a29-da06-3b13-0e69-baed02b71094]",
        "2019-10-17 18:14:47  Suspicious sequence of exploration activities (alexw) [id:cfa74431-c107-6a4a-a508-dabc6875eed0]",
        "2019-10-17 18:14:47  New group added suspiciously (alexw) [id:5fd7fded-cbae-eb18-b889-90d3bddd8c03]",
        "2019-10-17 18:14:47  Suspicious behavior by cmd.exe was observed (alexw) [id:c39d2d55-83d8-4cf1-f315-cdd6a5878e72]",
        "2019-10-17 18:14:47  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-17 18:14:55  Suspicious sequence of exploration activities (alexw) [id:9929826b-87ed-51c6-4ccf-9f6eac22515c]",
        "2019-10-17 18:15:00  Suspicious sequence of exploration activities (alexw) [id:9929826b-87ed-51c6-4ccf-9f6eac22515c]",
        "2019-10-17 18:15:00  A user was added to an administrative group (alexw) [id:69514370-30a5-4aa6-136b-6777152883b6]",
        "2019-10-17 18:15:00  A user was added to an administrative group (alexw) [id:69514370-30a5-4aa6-136b-6777152883b6]",
        "2019-10-17 18:15:00  New group added suspiciously (alexw) [id:5fd7fded-cbae-eb18-b889-90d3bddd8c03]",
        "2019-10-17 18:15:13  Suspicious sequence of exploration activities (alexw) [id:cfa74431-c107-6a4a-a508-dabc6875eed0]",
        "2019-10-17 18:15:43  Suspicious sequence of exploration activities (alexw) [id:cfa74431-c107-6a4a-a508-dabc6875eed0]",
        "2019-10-17 18:15:43  Suspicious sequence of exploration activities (alexw) [id:cfa74431-c107-6a4a-a508-dabc6875eed0]",
        "2019-10-17 18:15:48  Suspicious sequence of exploration activities (alexw) [id:9929826b-87ed-51c6-4ccf-9f6eac22515c]",
        "2019-10-17 18:15:48  Suspicious sequence of exploration activities (alexw) [id:cfa74431-c107-6a4a-a508-dabc6875eed0]",
        "2019-10-17 18:15:48  Suspicious sequence of exploration activities (alexw) [id:9929826b-87ed-51c6-4ccf-9f6eac22515c]",
        "2019-10-17 18:15:49  Suspicious sequence of exploration activities (alexw) [id:9929826b-87ed-51c6-4ccf-9f6eac22515c]",
        "2019-10-17 18:16:12  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-17 18:16:12  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-17 18:16:12  Suspicious behavior by cmd.exe was observed (alexw) [id:c39d2d55-83d8-4cf1-f315-cdd6a5878e72]",
        "2019-10-17 18:16:12  Suspicious Powershell commandline (alexw) [id:9ce93ab6-c2b6-fc04-b372-068b25633f0a]",
        "2019-10-17 18:16:13  Sensitive credential memory read (alexw) [id:116fe987-3859-09b1-f9c4-2e4c250bb052]",
        "2019-10-17 18:16:13  Sensitive credential memory read (alexw) [id:116fe987-3859-09b1-f9c4-2e4c250bb052]",
        "2019-10-17 18:16:24  Suspicious registration of an accessibility debugger under the IFEO registry key (alexw) [id:39cdc76c-c90d-6a56-4c5a-e755c783afba]",
        "2019-10-17 18:16:24  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-17 18:16:24  Suspicious behavior by cmd.exe was observed (alexw) [id:c39d2d55-83d8-4cf1-f315-cdd6a5878e72]",
        "2019-10-17 18:16:24  Sticky Keys binary hijack detected (alexw) [id:fb86ba32-bb9f-9821-42d3-9cb1d4e817c0]",
        "2019-10-17 18:16:24  Sticky Keys binary hijack detected (alexw) [id:fb86ba32-bb9f-9821-42d3-9cb1d4e817c0]",
        "2019-10-17 18:16:28  Malicious credential theft tool execution detected (alexw) [id:0b551f8b-5edb-7fd5-fdbe-a43496b3b321]",
        "2019-10-18 20:52:05  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-18 20:52:21  Suspicious behavior by cmd.exe was observed (alexw) [id:f561ff5f-4dc3-1d5f-e495-cc1e4c97ba1d]",
        "2019-10-18 20:52:21  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-18 20:52:21  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-18 20:52:21  Suspicious Powershell commandline (alexw) [id:ff0843ab-0cbb-a55b-2466-05ac9ef59439]",
        "2019-10-18 20:52:45  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-18 20:52:46  A malicious PowerShell Cmdlet was invoked on the machine (alexw) [id:7905302d-13db-4efa-c4be-fd5df3bdca60]",
        "2019-10-18 20:53:01  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-18 20:53:01  Suspicious access to LSASS service (alexw) [id:2abb0ebe-06f9-ada2-9bdd-59ec758239f8]",
        "2019-10-18 20:53:13  An active 'Mikatz' high-severity malware was detected (alexw) [id:49df9a29-da06-3b13-0e69-baed02b71094]",
        "2019-10-18 20:53:22  Suspicious behavior by cmd.exe was observed (alexw) [id:f561ff5f-4dc3-1d5f-e495-cc1e4c97ba1d]",
        "2019-10-18 20:54:55  Suspicious behavior by cmd.exe was observed (alexw) [id:f561ff5f-4dc3-1d5f-e495-cc1e4c97ba1d]",
        "2019-10-18 20:54:55  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]",
        "2019-10-18 20:54:55  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-18 20:54:55  Suspicious Powershell commandline (alexw) [id:9ce93ab6-c2b6-fc04-b372-068b25633f0a]",
        "2019-10-18 20:54:59  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-18 20:54:59  Suspicious behavior by a svchost.exe was observed (alexw) [id:8000c97e-9762-f524-703c-239f26b53c9d]",
        "2019-10-18 20:54:59  Suspicious registration of an accessibility debugger under the IFEO registry key (alexw) [id:39cdc76c-c90d-6a56-4c5a-e755c783afba]",
        "2019-10-18 20:54:59  Suspicious behavior by cmd.exe was observed (alexw) [id:f561ff5f-4dc3-1d5f-e495-cc1e4c97ba1d]",
        "2019-10-18 20:54:59  Suspicious behavior by cmd.exe was observed (alexw) [id:f561ff5f-4dc3-1d5f-e495-cc1e4c97ba1d]",
        "2019-10-18 20:56:14  Sensitive credential memory read (alexw) [id:116fe987-3859-09b1-f9c4-2e4c250bb052]",
        "2019-10-18 20:56:14  Sensitive credential memory read (alexw) [id:116fe987-3859-09b1-f9c4-2e4c250bb052]",
        "2019-10-18 21:09:36  Suspicious Powershell commandline (alexw) [id:ff0843ab-0cbb-a55b-2466-05ac9ef59439]",
        "2019-10-18 21:09:36  Suspicious Powershell commandline (alexw) [id:eac458a4-8b7e-302b-812b-bde81848ed32]"
       ],
       "description": "Select alert :",
       "index": 1,
       "layout": "IPY_MODEL_e12ead97fdd640ae83befc64b5ffdb2c",
       "style": "IPY_MODEL_cb5c1d924c3f4831a576b136ed2248c2"
      }
     },
     "16f070f0418449bc929e084b27fecded": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_f1c34ead896147df902c9a52f06fcf72",
        "IPY_MODEL_e41ba284c5af4ec881fa96801093aa40",
        "IPY_MODEL_49355ad784594baf9e87891305acca4f"
       ],
       "layout": "IPY_MODEL_c19d64f7a2e24650bfe688dc6fcf41f6"
      }
     },
     "17d453399714410fb83541ba912d353d": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "196603ac0fff46ab8dca4c0ea20928b7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "1a1e0fce7b5243758e9871320bb00006": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "1a500406a8e344eaa4e8e102c1b5ff90": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "80%"
      }
     },
     "1bb1eaf1165a4875abeeedbbfe2cc0e5": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "1bf816e2f4314909a591763f3632296c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "1cf206bf8d6246f5947070c97574894f": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query end time (UTC) :  ",
       "layout": "IPY_MODEL_339f5ef30e6b4998b14a74f98fa71996",
       "style": "IPY_MODEL_4d2296cf1fef4280b3c4e0af39087a1e",
       "value": "2019-11-07 01:09:45.438269"
      }
     },
     "1d0c25caec174a93b32c81e5427e3176": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "1dc2385aa1e2460ba65eccea79414eeb": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "1e0b7f71263b44fcacf50ee9426de6b3": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_7a887505ac244c8ab531ee2c4f213b22",
       "style": "IPY_MODEL_71c38c8b0b404e8aae49f5de620c646f"
      }
     },
     "1e338166903a41289e32c51325e8d9a9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_7b6b417531ec4beba5fc54997ed975fc",
        "IPY_MODEL_574fd44d172e43f8b6b38e081baf9cb4"
       ],
       "layout": "IPY_MODEL_82e49bd68b364d35a4beb7459e41aeac"
      }
     },
     "1eab24cf9acb42e195e5e03281476196": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "20aa4f78c25e4e1caf9d8dea2d06b9b3": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HTMLModel",
      "state": {
       "layout": "IPY_MODEL_04f7a2f424f54ac2b956167469b1cd88",
       "style": "IPY_MODEL_624838029e57464ea8cc82dca802cca7",
       "value": "<h4>Set query time boundaries</h4>"
      }
     },
     "21671f28362340ce8fb246d5af4cae04": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "220281bdd8fe459aa5ccd341000d8bfc": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "2208c543b3024a18922a9942fdb90631": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_e3fcda15a5744838a7f8e0af30ccc460",
       "outputs": [
        {
         "data": {
          "text/markdown": "<p style='font-weight: bold'>alexw@m365x648731.onmicrosoft.com (source: AADLogon)</p>",
          "text/plain": "<IPython.core.display.Markdown object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TimeGenerated</th>\n      <th>UserPrincipalName</th>\n      <th>Identity</th>\n      <th>IPAddress</th>\n      <th>LocationDetails</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>0</td>\n      <td>2019-10-29 23:40:25.427</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>Alex Wilber</td>\n      <td>131.107.174.181</td>\n      <td>{\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68...</td>\n    </tr>\n    <tr>\n      <td>1</td>\n      <td>2019-10-29 23:41:38.870</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>Alex Wilber</td>\n      <td>131.107.159.181</td>\n      <td>{\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68...</td>\n    </tr>\n    <tr>\n      <td>2</td>\n      <td>2019-10-29 23:44:32.382</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>Alex Wilber</td>\n      <td>131.107.160.181</td>\n      <td>{\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68...</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "            TimeGenerated                  UserPrincipalName     Identity  \\\n0 2019-10-29 23:40:25.427  alexw@m365x648731.onmicrosoft.com  Alex Wilber   \n1 2019-10-29 23:41:38.870  alexw@m365x648731.onmicrosoft.com  Alex Wilber   \n2 2019-10-29 23:44:32.382  alexw@m365x648731.onmicrosoft.com  Alex Wilber   \n\n         IPAddress  \\\n0  131.107.174.181   \n1  131.107.159.181   \n2  131.107.160.181   \n\n                                                                                       LocationDetails  \n0  {\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68...  \n1  {\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68...  \n2  {\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68...  "
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "22eba104dbc14c0e8cf6ee1933812705": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SliderStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "2352b267b6a94e3e9e2293ee891b7c6a": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "23587ac1b6a244dbb003beb319e70b4d": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "243f9f7d45274e3592c71d2a85a09ed4": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "26930b25f1b54e97b4a3572846aa9b39": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "2706db4f94ff4620bd32b12687efebf5": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "27396b8ce3f34eedb8b707e4b7b9d144": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "2757a6fe686d4729a09e65abdc398c21": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "80%"
      }
     },
     "294712131c9e4398b5508a14515e7bd5": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_dac07fcc7eea45bdb2450d85767210c6",
       "style": "IPY_MODEL_de6cab36cc2945f493a178d889a45586"
      }
     },
     "2986210cf54b4119a535c0d22af52ad7": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_bf2154c20bdd490a8847e3bfc196f213",
       "outputs": [
        {
         "data": {
          "text/markdown": "<p style='font-weight: bold'>ian (source: WindowsHostLogon)</p>",
          "text/plain": "<IPython.core.display.Markdown object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TargetUserName</th>\n      <th>TargetDomainName</th>\n      <th>LogonType</th>\n      <th>Computer</th>\n      <th>LogonStatus</th>\n      <th>TimeGenerated</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>TargetUserSid</th>\n      <th>EventID</th>\n      <th>IpAddress</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>4</td>\n      <td>ian</td>\n      <td>MSTICAlertsWin1</td>\n      <td>4</td>\n      <td>MSTICAlertsWin1</td>\n      <td>failed</td>\n      <td>2019-02-15 04:09:38.523</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>S-1-0-0</td>\n      <td>4625</td>\n      <td>-</td>\n    </tr>\n    <tr>\n      <td>3</td>\n      <td>ian</td>\n      <td>MSTICAlertsWin1</td>\n      <td>2</td>\n      <td>MSTICAlertsWin1</td>\n      <td>failed</td>\n      <td>2019-02-16 00:06:02.193</td>\n      <td>ian</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-0-0</td>\n      <td>4625</td>\n      <td>-</td>\n    </tr>\n    <tr>\n      <td>1</td>\n      <td>ian</td>\n      <td>MSTICAlertsWin1</td>\n      <td>3</td>\n      <td>MSTICAlertsWin1</td>\n      <td>success</td>\n      <td>2019-02-16 03:24:45.260</td>\n      <td>-</td>\n      <td>-</td>\n      <td>S-1-5-21-996632719-2361334927-4038480536-1120</td>\n      <td>4624</td>\n      <td>23.97.60.214</td>\n    </tr>\n    <tr>\n      <td>2</td>\n      <td>ian</td>\n      <td>MSTICAlertsWin1</td>\n      <td>10</td>\n      <td>MSTICAlertsWin1</td>\n      <td>success</td>\n      <td>2019-02-16 03:24:49.500</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>S-1-5-21-996632719-2361334927-4038480536-1120</td>\n      <td>4624</td>\n      <td>23.97.60.214</td>\n    </tr>\n    <tr>\n      <td>0</td>\n      <td>ian</td>\n      <td>MSTICAlertsWin1</td>\n      <td>4</td>\n      <td>MSTICAlertsWin1</td>\n      <td>success</td>\n      <td>2019-02-25 18:32:40.620</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>S-1-5-21-996632719-2361334927-4038480536-1120</td>\n      <td>4624</td>\n      <td>-</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "  TargetUserName TargetDomainName  LogonType         Computer LogonStatus  \\\n4            ian  MSTICAlertsWin1          4  MSTICAlertsWin1      failed   \n3            ian  MSTICAlertsWin1          2  MSTICAlertsWin1      failed   \n1            ian  MSTICAlertsWin1          3  MSTICAlertsWin1     success   \n2            ian  MSTICAlertsWin1         10  MSTICAlertsWin1     success   \n0            ian  MSTICAlertsWin1          4  MSTICAlertsWin1     success   \n\n            TimeGenerated   SubjectUserName SubjectDomainName  \\\n4 2019-02-15 04:09:38.523  MSTICAlertsWin1$         WORKGROUP   \n3 2019-02-16 00:06:02.193               ian   MSTICAlertsWin1   \n1 2019-02-16 03:24:45.260                 -                 -   \n2 2019-02-16 03:24:49.500  MSTICAlertsWin1$         WORKGROUP   \n0 2019-02-25 18:32:40.620  MSTICAlertsWin1$         WORKGROUP   \n\n                                   TargetUserSid  EventID     IpAddress  \n4                                        S-1-0-0     4625             -  \n3                                        S-1-0-0     4625             -  \n1  S-1-5-21-996632719-2361334927-4038480536-1120     4624  23.97.60.214  \n2  S-1-5-21-996632719-2361334927-4038480536-1120     4624  23.97.60.214  \n0  S-1-5-21-996632719-2361334927-4038480536-1120     4624             -  "
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "29a721a8672f4eaeac3fb52a19143ba7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "29cec641c72f433ba12931e0744b0bbb": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "2a10f5ce9b604a92b2427a09cd715014": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "2a125d9c7768422a8600ce7f45512f73": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "2a19ef556e58416488b8e9e55a87e5b9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "2b5652b58aa64561a110e0d6a8e5a745": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_3d88cc5c3b6d462fa995cacbbe929721",
        "IPY_MODEL_b59ec5b1430a4af891f0471565b1f530",
        "IPY_MODEL_8eb3ed63c8e644828cf80888a6133c52"
       ],
       "layout": "IPY_MODEL_72d5cf7c05794e1baeb07d5a8f515283"
      }
     },
     "2b7bad34fbe443298eca32688b2d5529": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_61c6f57d253e4062a4050bceeb4f8e74",
        "IPY_MODEL_1533869f497d40738af8117817df8abf",
        "IPY_MODEL_36c467dcef5a466394f0d3be780853fd"
       ],
       "layout": "IPY_MODEL_793500a391424d288a55cf40a05185ec"
      }
     },
     "2be0f3bf6cf447038a9ffbae86423b0b": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "2c7a6db919364353b2ad5bf0f108c46f": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_ae285b6e22414be7be1231ed2ab6948b",
       "outputs": [
        {
         "name": "stdout",
         "output_type": "stream",
         "text": "ALEX WindowsHostLogon <class 'str'>\n"
        },
        {
         "ename": "AttributeError",
         "evalue": "'str' object has no attribute 'value'",
         "output_type": "error",
         "traceback": [
          "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
          "\u001b[1;31mAttributeError\u001b[0m                            Traceback (most recent call last)",
          "\u001b[1;32m~\\AppData\\Roaming\\Python\\Python37\\site-packages\\msticpy\\nbtools\\nbwidgets.py\u001b[0m in \u001b[0;36m_show_top_item\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m    894\u001b[0m             \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_w_output\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mclear_output\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    895\u001b[0m             \u001b[1;32mwith\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_w_output\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 896\u001b[1;33m                 \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mitem_action\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    897\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    898\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n",
          "\u001b[1;32m<string>\u001b[0m in \u001b[0;36mdisplay_activity\u001b[1;34m(selected_item)\u001b[0m\n",
          "\u001b[1;32m<string>\u001b[0m in \u001b[0;36mselected_account\u001b[1;34m(selected_acct)\u001b[0m\n",
          "\u001b[1;31mAttributeError\u001b[0m: 'str' object has no attribute 'value'"
         ]
        }
       ]
      }
     },
     "2d7b4222a5814b47ae4f368b98807d70": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "95%"
      }
     },
     "2e1d183418ec4e2d92c030d20438dc87": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "2ed67edca35c46379aafe39af8a90300": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "2f43cd6461984778b027a00630622292": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "2f5237042d4249cd9fc19e5eef55bd5f": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_9e9b2211085a44509583508fa0632f03",
        "IPY_MODEL_cd930803359a45fdb790421af5b6fc49",
        "IPY_MODEL_d53a26d939a14868a5dc9e95c75d2c02"
       ],
       "layout": "IPY_MODEL_1bb1eaf1165a4875abeeedbbfe2cc0e5"
      }
     },
     "304f50bcff6f479e853a23ec532eea5d": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Time (24hr)",
       "layout": "IPY_MODEL_3470075458b84b45af925362a4a929e8",
       "style": "IPY_MODEL_cbd22ab1115e40d893314c47433eb47e",
       "value": "21:55:47.669836"
      }
     },
     "30cdcb2290e24418a77b48d11cd1fd41": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "32ffb6921bac4c30896e0c7df60e23fc": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "339f5ef30e6b4998b14a74f98fa71996": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "3470075458b84b45af925362a4a929e8": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "36c467dcef5a466394f0d3be780853fd": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_67df7ce9c1804bc3a89a07ea29891e81",
       "outputs": [
        {
         "data": {
          "text/html": "\n            <h3>Alert: 'Activity from infrequent country'</h3><br>time=<b>2019-09-16 17:43:36</b>,\n            entity=<b>alexw</b>, id=<b>a9ec17e2-695d-55c2-2559-db2500634922</b>\n            <br/>\n            <table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>221</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>TenantId</th>\n      <td>a927809c-8142-43e1-96b3-4ad87cfe95a3</td>\n    </tr>\n    <tr>\n      <th>TimeGenerated</th>\n      <td>2019-09-16 18:22:32</td>\n    </tr>\n    <tr>\n      <th>AlertDisplayName</th>\n      <td>Activity from infrequent country</td>\n    </tr>\n    <tr>\n      <th>AlertName</th>\n      <td>Activity from infrequent country</td>\n    </tr>\n    <tr>\n      <th>Severity</th>\n      <td>Medium</td>\n    </tr>\n    <tr>\n      <th>Description</th>\n      <td>Alex Wilber (alexw@m365x648731.onmicrosoft.com) performed an activity. No activity was performed in Switzerland in the past 6 days. Additional risks in this user session: The user created or updated an inbox forwarding rule that forwards all incoming email to meganb@m365x648731.onmicrosoft.com. 2a02:418:6017::148 is a Tor IP address. ISP Nine Internet Solutions AG was used for the first time in 6 days in your organization.</td>\n    </tr>\n    <tr>\n      <th>ProviderName</th>\n      <td>MCAS</td>\n    </tr>\n    <tr>\n      <th>VendorName</th>\n      <td>Microsoft</td>\n    </tr>\n    <tr>\n      <th>VendorOriginalId</th>\n      <td>FAF12F23-A98B-3A0E-97BA-0591954352F6</td>\n    </tr>\n    <tr>\n      <th>SystemAlertId</th>\n      <td>a9ec17e2-695d-55c2-2559-db2500634922</td>\n    </tr>\n    <tr>\n      <th>ResourceId</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>SourceComputerId</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>AlertType</th>\n      <td>MCAS_ALERT_ANUBIS_DETECTION_NEW_COUNTRY</td>\n    </tr>\n    <tr>\n      <th>ConfidenceLevel</th>\n      <td>Unknown</td>\n    </tr>\n    <tr>\n      <th>ConfidenceScore</th>\n      <td>NaN</td>\n    </tr>\n    <tr>\n      <th>IsIncident</th>\n      <td>False</td>\n    </tr>\n    <tr>\n      <th>StartTimeUtc</th>\n      <td>2019-09-16 17:43:36</td>\n    </tr>\n    <tr>\n      <th>EndTimeUtc</th>\n      <td>2019-09-16 17:43:36</td>\n    </tr>\n    <tr>\n      <th>ProcessingEndTime</th>\n      <td>2019-09-16 18:22:31</td>\n    </tr>\n    <tr>\n      <th>RemediationSteps</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>ExtendedProperties</th>\n      <td>{'Cloud Applications': 'Microsoft Exchange Online', 'Countries': 'CH', 'IP Addresses': '2a02:418:6017::148'}</td>\n    </tr>\n    <tr>\n      <th>Entities</th>\n      <td>[{'$id': '3', 'AppId': 20893, 'Name': 'Microsoft Exchange Online', 'InstanceName': 'Microsoft Exchange Online', 'Type': 'cloud-application'}, {'$id': '4', 'Name': 'alexw', 'UPNSuffix': 'm365x648731.onmicrosoft.com', 'AadUserId': '433ccf60-f7b1-48c1-943b-6b736fbfbd00', 'Type': 'account'}, {'$id': '5', 'Address': '2a02:418:6017::148', 'Type': 'ip'}]</td>\n    </tr>\n    <tr>\n      <th>SourceSystem</th>\n      <td>Detection</td>\n    </tr>\n    <tr>\n      <th>WorkspaceSubscriptionId</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>WorkspaceResourceGroup</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>ExtendedLinks</th>\n      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://m365x648731.portal.cloudappsecurity.com/#/policy/?id=eq(5d77739530c3ee203cd8bedb,)\",\\r\\n    \"Category\": null,\\r\\n    \"Label\": \"Cloud App Security policy ID\",\\r\\n    \"Type\": \"webLink\"\\r\\n  },\\r\\n  {\\r\\n    \"Href\": \"https://m365x648731.portal.cloudappsecurity.com/#/alerts/5d7fd2e4161b26b87295b35c\",\\r\\n    \"Category\": null,\\r\\n    \"Label\": \"Cloud App Security alert ID\",\\r\\n    \"Type\": \"webLink\"\\r\\n  }\\r\\n]</td>\n    </tr>\n    <tr>\n      <th>ProductName</th>\n      <td>Microsoft Cloud App Security</td>\n    </tr>\n    <tr>\n      <th>ProductComponentName</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>Type</th>\n      <td>SecurityAlert</td>\n    </tr>\n    <tr>\n      <th>Computer</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>src_hostname</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>src_accountname</th>\n      <td>alexw</td>\n    </tr>\n    <tr>\n      <th>src_procname</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>host_match</th>\n      <td>False</td>\n    </tr>\n    <tr>\n      <th>acct_match</th>\n      <td>True</td>\n    </tr>\n    <tr>\n      <th>proc_match</th>\n      <td>False</td>\n    </tr>\n    <tr>\n      <th>CompromisedEntity</th>\n      <td>alexw</td>\n    </tr>\n  </tbody>\n</table><br/><h3>ExtendedProperties:</h3><table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>0</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>Cloud Applications</th>\n      <td>Microsoft Exchange Online</td>\n    </tr>\n    <tr>\n      <th>Countries</th>\n      <td>CH</td>\n    </tr>\n    <tr>\n      <th>IP Addresses</th>\n      <td>2a02:418:6017::148</td>\n    </tr>\n  </tbody>\n</table><h3>Entity counts: </h3>unknownentity: 1, account: 1, ipaddress: 1",
          "text/plain": "<IPython.core.display.HTML object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "name": "stdout",
         "output_type": "stream",
         "text": "{ '$id': '3',\n  'AdditionalData': {},\n  'AppId': 20893,\n  'InstanceName': 'Microsoft Exchange Online',\n  'Name': 'Microsoft Exchange Online',\n  'Type': 'unknownentity'}\n{ 'AadUserId': '433ccf60-f7b1-48c1-943b-6b736fbfbd00',\n  'AdditionalData': {},\n  'Name': 'alexw',\n  'Type': 'account',\n  'UPNSuffix': 'm365x648731.onmicrosoft.com'}\n{'AdditionalData': {}, 'Address': '2a02:418:6017::148', 'Type': 'ipaddress'}\n"
        }
       ]
      }
     },
     "3a3165abb4c64e2e95f7766a4f597c3a": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "3a7373d1181a4222a4e56d66f7302fa6": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "80%"
      }
     },
     "3b44d9c85b924309908090f1df5e40d9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Time (24hr)",
       "layout": "IPY_MODEL_6cb71568dbff485da83712f158a2d829",
       "style": "IPY_MODEL_b71f43581d024eac8cf8443cbbe82362",
       "value": "01:18:51.536875"
      }
     },
     "3c46f79d13c24bb79d89fcb7f191a612": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_7c2718a66a6b445286ddd77b4554d2b4",
       "style": "IPY_MODEL_2a19ef556e58416488b8e9e55a87e5b9"
      }
     },
     "3c5571f44bde48c3bbb5214527d7f9c4": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "3c9c7ea6e8674bd1ac567921651a285c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "3d88cc5c3b6d462fa995cacbbe929721": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "IntRangeSliderModel",
      "state": {
       "_model_name": "IntRangeSliderModel",
       "_view_name": "IntRangeSliderView",
       "description": "Time Range (day):",
       "layout": "IPY_MODEL_3a7373d1181a4222a4e56d66f7302fa6",
       "max": 7,
       "min": -200,
       "style": "IPY_MODEL_da7d189d5c284e5fa166bd6ca76bc2bd",
       "value": [
        -70,
        7
       ]
      }
     },
     "3d8cf09c286b40fa9c95fd7c03da955c": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "95%"
      }
     },
     "3de22fc97aed49778c70e3aae0dfb0f8": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "3e2961c891a54301adba7431dc008d33": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query start time (UTC):",
       "layout": "IPY_MODEL_2a10f5ce9b604a92b2427a09cd715014",
       "style": "IPY_MODEL_ae051caaebe546f694679f13bbb09a4d",
       "value": "2019-09-25 01:09:45.438269"
      }
     },
     "4004c0fd79d7453fb615f913f73e9e1f": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "402ddfe359744e6eb6e0cbb9630801a9": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "408989bdbd914c6c91f6185196587518": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "41d8f6b3ae1b4f419c87b1e11c7cb7e9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "421f27b541e346d795cc19fd6c29bb4c": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "4496bb9a60c34cde9ddc2935016038f1": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "44f7feaec4b74d90b57c7be96303a634": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_eedbd1ec35524ee4a213788b7f7046ad",
        "IPY_MODEL_c1eca92f047f473088cfa375d5147a60",
        "IPY_MODEL_2986210cf54b4119a535c0d22af52ad7"
       ],
       "layout": "IPY_MODEL_2e1d183418ec4e2d92c030d20438dc87"
      }
     },
     "46c05422174940e392024737f47bde92": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_2706db4f94ff4620bd32b12687efebf5"
      }
     },
     "47977cbd8e02463abdc4832c489f9cde": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "488d7b188c7f43f8b6229c6517137e45": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_26930b25f1b54e97b4a3572846aa9b39",
       "style": "IPY_MODEL_93a439ecb4684b3d9db2a8d344887a04"
      }
     },
     "48e5c53ef5f748759e7e396f1e184020": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_f77e0b6fd3644871bc08e707e1d81d48",
        "IPY_MODEL_fb807bb93bd84e528caab6ec18d5e649",
        "IPY_MODEL_035ff12b609d4f7da9a510b9c25c1d72"
       ],
       "layout": "IPY_MODEL_586e9c7f952f436f8dea4a01e89ed3c2"
      }
     },
     "49355ad784594baf9e87891305acca4f": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_54188b46923d43b4ba5bb1e6e90dfd84",
       "outputs": [
        {
         "name": "stdout",
         "output_type": "stream",
         "text": "ALEX WindowsHostLogon <class 'str'>\n"
        },
        {
         "data": {
          "text/markdown": "<p style='font-weight: bold'>ALEX (source: WindowsHostLogon)</p>",
          "text/plain": "<IPython.core.display.Markdown object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TargetUserName</th>\n      <th>TargetDomainName</th>\n      <th>LogonType</th>\n      <th>Computer</th>\n      <th>LogonStatus</th>\n      <th>TimeGenerated</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>TargetUserSid</th>\n      <th>EventID</th>\n      <th>IpAddress</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>0</td>\n      <td>ALEX</td>\n      <td></td>\n      <td>3</td>\n      <td>WebServer-1</td>\n      <td>failed</td>\n      <td>2019-10-30 17:37:44.297</td>\n      <td>-</td>\n      <td>-</td>\n      <td>S-1-0-0</td>\n      <td>4625</td>\n      <td>185.81.128.116</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "  TargetUserName TargetDomainName  LogonType     Computer LogonStatus  \\\n0           ALEX                           3  WebServer-1      failed   \n\n            TimeGenerated SubjectUserName SubjectDomainName TargetUserSid  \\\n0 2019-10-30 17:37:44.297               -                 -       S-1-0-0   \n\n   EventID       IpAddress  \n0     4625  185.81.128.116  "
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "49cfc62e0eea4339b785351494a40129": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "4b765304636b411b9970fe84e1705c37": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_294712131c9e4398b5508a14515e7bd5",
        "IPY_MODEL_5a35cd48509a4e118ff2e143ac2d75ed",
        "IPY_MODEL_58c3ab61355243f3ae7b9b011c56273f"
       ],
       "layout": "IPY_MODEL_5638526b652a42caa9d1ab42451a7c2a"
      }
     },
     "4c1718f2c94141d7b498d81b2c62f035": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_8d2e5ad4809c4dd2bfdf265871334962",
       "outputs": [
        {
         "data": {
          "text/markdown": "<p style='font-weight: bold'>Alex (source: WindowsHostLogon)</p>",
          "text/plain": "<IPython.core.display.Markdown object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TargetUserName</th>\n      <th>TargetDomainName</th>\n      <th>LogonType</th>\n      <th>Computer</th>\n      <th>LogonStatus</th>\n      <th>TimeGenerated</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>TargetUserSid</th>\n      <th>EventID</th>\n      <th>IpAddress</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>1</td>\n      <td>Alex</td>\n      <td></td>\n      <td>3</td>\n      <td>WebServer-1</td>\n      <td>failed</td>\n      <td>2019-10-30 09:18:11.770</td>\n      <td>-</td>\n      <td>-</td>\n      <td>S-1-0-0</td>\n      <td>4625</td>\n      <td>173.249.58.228</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "  TargetUserName TargetDomainName  LogonType     Computer LogonStatus  \\\n1           Alex                           3  WebServer-1      failed   \n\n            TimeGenerated SubjectUserName SubjectDomainName TargetUserSid  \\\n1 2019-10-30 09:18:11.770               -                 -       S-1-0-0   \n\n   EventID       IpAddress  \n1     4625  173.249.58.228  "
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "4d2296cf1fef4280b3c4e0af39087a1e": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "4f39d2190ec94b2db76ac8b1a7d31a9f": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_cd1c4009632e4921a8c51f32ea9e2946",
       "value": true
      }
     },
     "512b5a30ffbe40afafcf083618476004": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DatePickerModel",
      "state": {
       "description": "Origin Date",
       "disabled": false,
       "layout": "IPY_MODEL_8836b1ed7d78425ab21405a0a30c3ff2",
       "style": "IPY_MODEL_1dc2385aa1e2460ba65eccea79414eeb",
       "value": {
        "date": 31,
        "month": 9,
        "year": 2019
       }
      }
     },
     "518d0fdb6a3e432d887379035e5e694f": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "526d01ab94a14e5f96080f0392deb91d": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "AlexW   WindowsHostLogon (Last activity: 2019-10-28 16:12:44.620000)",
        "alexw@m365x648731.onmicrosoft.com   AADLogon (Last activity: 2019-10-29 23:44:32.382000)"
       ],
       "description": "Select an account to explore",
       "index": 1,
       "layout": "IPY_MODEL_0eb7a91d868b45559619c089fb79ec0f",
       "style": "IPY_MODEL_6f64e59cca33456ca9d8b1fc0faca369"
      }
     },
     "5305161e6631418099b1f02633947c45": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_8c9fc467e7b84233a59db934e5b6aa4c",
       "style": "IPY_MODEL_d4dbb15ced7040bc8789f701abcbe242"
      }
     },
     "532ed04a12d647a29782545bc6d815a7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "53e86a661dd84ba4890ca556fedd7a85": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_cac8eee317484da18e175ed26db87eb3",
       "value": true
      }
     },
     "54188b46923d43b4ba5bb1e6e90dfd84": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "5487eb0ec6a546b6bd4e530976e6bc9a": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "54d53cce6f824bb4a2fd05cbacd0b8ff": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "5539098b1ec941a6b470374c9437d045": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_08361f899242436493d71a3786a5f510",
        "IPY_MODEL_f7a5fb2057b242d4928b42556c3c5b09"
       ],
       "layout": "IPY_MODEL_9b35a6ab740246c9829691785b371419"
      }
     },
     "5638526b652a42caa9d1ab42451a7c2a": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "565b97a862a543b3accac809160d3bf7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_78e5ac4520b14434bccc7fb3500cf701",
       "style": "IPY_MODEL_a118b172aefb4e82b47bcf285d2b2329"
      }
     },
     "56af70e764b047f687cd267916ed8844": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "56b324836bf34c89b9bab8a775f2d72b": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_e743b4ebb00b47a1997290290c09e7e8",
       "outputs": [
        {
         "data": {
          "text/markdown": "<p style='font-weight: bold'>alexw@m365x648731.onmicrosoft.com (source: O365Activity)</p>",
          "text/plain": "<IPython.core.display.Markdown object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>UserId</th>\n      <th>OfficeWorkload</th>\n      <th>ClientIP</th>\n      <th>TimeGenerated</th>\n      <th>Operation</th>\n      <th>UserType</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>25</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>40.126.9.50</td>\n      <td>2019-09-16 17:42:23</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>24</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>77.247.181.163</td>\n      <td>2019-09-16 17:42:38</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>23</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>Exchange</td>\n      <td>[2a02:418:6017::148]:45644</td>\n      <td>2019-09-16 17:43:36</td>\n      <td>New-InboxRule</td>\n      <td>Admin</td>\n    </tr>\n    <tr>\n      <td>22</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>185.220.101.6</td>\n      <td>2019-09-16 18:12:53</td>\n      <td>FileDownloaded</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>21</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>199.249.230.113</td>\n      <td>2019-09-16 18:16:38</td>\n      <td>FileAccessed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>20</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>92.62.139.103</td>\n      <td>2019-09-16 18:18:07</td>\n      <td>FileAccessed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>19</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>185.220.102.8</td>\n      <td>2019-09-16 20:43:20</td>\n      <td>FileUploaded</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>18</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>40.117.152.107</td>\n      <td>2019-09-18 17:02:37</td>\n      <td>SearchQueryPerformed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>17</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>23.129.64.152</td>\n      <td>2019-09-18 17:03:03</td>\n      <td>FileAccessed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>16</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>185.220.101.31</td>\n      <td>2019-09-18 17:10:23</td>\n      <td>SearchQueryPerformed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>15</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>20.190.128.103</td>\n      <td>2019-09-19 19:16:14</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>14</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>20.190.128.101</td>\n      <td>2019-09-19 19:16:16</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>13</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>199.249.230.111</td>\n      <td>2019-09-19 19:16:26</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>12</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td></td>\n      <td>2019-09-19 19:18:06</td>\n      <td>FileAccessed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>11</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>66.146.193.33</td>\n      <td>2019-09-19 19:22:05</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>10</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>176.10.104.240</td>\n      <td>2019-09-19 20:26:23</td>\n      <td>FileModifiedExtended</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>9</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>20.190.129.100</td>\n      <td>2019-09-20 18:20:48</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>8</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>104.41.146.53</td>\n      <td>2019-09-20 18:20:49</td>\n      <td>SearchQueryPerformed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>7</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>109.70.100.26</td>\n      <td>2019-09-20 18:20:50</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>6</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>Exchange</td>\n      <td>176.10.99.200:45866</td>\n      <td>2019-09-20 20:11:57</td>\n      <td>New-InboxRule</td>\n      <td>Admin</td>\n    </tr>\n    <tr>\n      <td>5</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>Exchange</td>\n      <td>185.207.139.2:7127</td>\n      <td>2019-09-24 23:10:35</td>\n      <td>Remove-InboxRule</td>\n      <td>Admin</td>\n    </tr>\n    <tr>\n      <td>4</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>Exchange</td>\n      <td>185.207.139.2:30396</td>\n      <td>2019-09-24 23:10:38</td>\n      <td>Remove-InboxRule</td>\n      <td>Admin</td>\n    </tr>\n    <tr>\n      <td>3</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>40.126.9.51</td>\n      <td>2019-10-16 18:09:36</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>2</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>40.126.9.49</td>\n      <td>2019-10-16 18:09:38</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>1</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>185.220.101.1</td>\n      <td>2019-10-16 18:09:41</td>\n      <td>FilePreviewed</td>\n      <td>Regular</td>\n    </tr>\n    <tr>\n      <td>0</td>\n      <td>alexw@m365x648731.onmicrosoft.com</td>\n      <td>SharePoint</td>\n      <td>52.109.6.30</td>\n      <td>2019-10-16 18:09:42</td>\n      <td>FileAccessed</td>\n      <td>Regular</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "                               UserId OfficeWorkload  \\\n25  alexw@m365x648731.onmicrosoft.com     SharePoint   \n24  alexw@m365x648731.onmicrosoft.com     SharePoint   \n23  alexw@m365x648731.onmicrosoft.com       Exchange   \n22  alexw@m365x648731.onmicrosoft.com     SharePoint   \n21  alexw@m365x648731.onmicrosoft.com     SharePoint   \n20  alexw@m365x648731.onmicrosoft.com     SharePoint   \n19  alexw@m365x648731.onmicrosoft.com     SharePoint   \n18  alexw@m365x648731.onmicrosoft.com     SharePoint   \n17  alexw@m365x648731.onmicrosoft.com     SharePoint   \n16  alexw@m365x648731.onmicrosoft.com     SharePoint   \n15  alexw@m365x648731.onmicrosoft.com     SharePoint   \n14  alexw@m365x648731.onmicrosoft.com     SharePoint   \n13  alexw@m365x648731.onmicrosoft.com     SharePoint   \n12  alexw@m365x648731.onmicrosoft.com     SharePoint   \n11  alexw@m365x648731.onmicrosoft.com     SharePoint   \n10  alexw@m365x648731.onmicrosoft.com     SharePoint   \n9   alexw@m365x648731.onmicrosoft.com     SharePoint   \n8   alexw@m365x648731.onmicrosoft.com     SharePoint   \n7   alexw@m365x648731.onmicrosoft.com     SharePoint   \n6   alexw@m365x648731.onmicrosoft.com       Exchange   \n5   alexw@m365x648731.onmicrosoft.com       Exchange   \n4   alexw@m365x648731.onmicrosoft.com       Exchange   \n3   alexw@m365x648731.onmicrosoft.com     SharePoint   \n2   alexw@m365x648731.onmicrosoft.com     SharePoint   \n1   alexw@m365x648731.onmicrosoft.com     SharePoint   \n0   alexw@m365x648731.onmicrosoft.com     SharePoint   \n\n                      ClientIP       TimeGenerated             Operation  \\\n25                 40.126.9.50 2019-09-16 17:42:23         FilePreviewed   \n24              77.247.181.163 2019-09-16 17:42:38         FilePreviewed   \n23  [2a02:418:6017::148]:45644 2019-09-16 17:43:36         New-InboxRule   \n22               185.220.101.6 2019-09-16 18:12:53        FileDownloaded   \n21             199.249.230.113 2019-09-16 18:16:38          FileAccessed   \n20               92.62.139.103 2019-09-16 18:18:07          FileAccessed   \n19               185.220.102.8 2019-09-16 20:43:20          FileUploaded   \n18              40.117.152.107 2019-09-18 17:02:37  SearchQueryPerformed   \n17               23.129.64.152 2019-09-18 17:03:03          FileAccessed   \n16              185.220.101.31 2019-09-18 17:10:23  SearchQueryPerformed   \n15              20.190.128.103 2019-09-19 19:16:14         FilePreviewed   \n14              20.190.128.101 2019-09-19 19:16:16         FilePreviewed   \n13             199.249.230.111 2019-09-19 19:16:26         FilePreviewed   \n12                             2019-09-19 19:18:06          FileAccessed   \n11               66.146.193.33 2019-09-19 19:22:05         FilePreviewed   \n10              176.10.104.240 2019-09-19 20:26:23  FileModifiedExtended   \n9               20.190.129.100 2019-09-20 18:20:48         FilePreviewed   \n8                104.41.146.53 2019-09-20 18:20:49  SearchQueryPerformed   \n7                109.70.100.26 2019-09-20 18:20:50         FilePreviewed   \n6          176.10.99.200:45866 2019-09-20 20:11:57         New-InboxRule   \n5           185.207.139.2:7127 2019-09-24 23:10:35      Remove-InboxRule   \n4          185.207.139.2:30396 2019-09-24 23:10:38      Remove-InboxRule   \n3                  40.126.9.51 2019-10-16 18:09:36         FilePreviewed   \n2                  40.126.9.49 2019-10-16 18:09:38         FilePreviewed   \n1                185.220.101.1 2019-10-16 18:09:41         FilePreviewed   \n0                  52.109.6.30 2019-10-16 18:09:42          FileAccessed   \n\n   UserType  \n25  Regular  \n24  Regular  \n23    Admin  \n22  Regular  \n21  Regular  \n20  Regular  \n19  Regular  \n18  Regular  \n17  Regular  \n16  Regular  \n15  Regular  \n14  Regular  \n13  Regular  \n12  Regular  \n11  Regular  \n10  Regular  \n9   Regular  \n8   Regular  \n7   Regular  \n6     Admin  \n5     Admin  \n4     Admin  \n3   Regular  \n2   Regular  \n1   Regular  \n0   Regular  "
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "56cb3e3b823b42b996397f1f9c448494": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Time (24hr)",
       "layout": "IPY_MODEL_c5e889ecab1c499181b232e82744bcd7",
       "style": "IPY_MODEL_0bcdf7317509446a93eaefacb3825972",
       "value": "02:56:03.315071"
      }
     },
     "5735f8eccf7f4113ab32c90f4cbcd909": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "574fd44d172e43f8b6b38e081baf9cb4": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Time (24hr)",
       "layout": "IPY_MODEL_4004c0fd79d7453fb615f913f73e9e1f",
       "style": "IPY_MODEL_2f43cd6461984778b027a00630622292",
       "value": "01:09:45.438269"
      }
     },
     "586e9c7f952f436f8dea4a01e89ed3c2": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "5883af908d0d4f8982c89e8dfc16570f": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "dbadmin   LinuxHostLogon (Last activity: 2019-02-25 15:34:15.877000)",
        "ian   WindowsHostLogon (Last activity: 2019-02-25 18:32:40.620000)",
        "ianh@m365x054215.onmicrosoft.com   O365Activity (Last activity: 2019-02-16 03:48:19)"
       ],
       "description": "Select an account to explore",
       "index": 0,
       "layout": "IPY_MODEL_421f27b541e346d795cc19fd6c29bb4c",
       "style": "IPY_MODEL_196603ac0fff46ab8dca4c0ea20928b7"
      }
     },
     "58c3ab61355243f3ae7b9b011c56273f": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_2352b267b6a94e3e9e2293ee891b7c6a",
       "outputs": [
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>TenantId</td>\n    </tr>\n    <tr>\n      <td>TimeGenerated</td>\n    </tr>\n    <tr>\n      <td>BookmarkId</td>\n    </tr>\n    <tr>\n      <td>BookmarkName</td>\n    </tr>\n    <tr>\n      <td>BookmarkType</td>\n    </tr>\n    <tr>\n      <td>CreatedBy</td>\n    </tr>\n    <tr>\n      <td>UpdatedBy</td>\n    </tr>\n    <tr>\n      <td>CreatedTime</td>\n    </tr>\n    <tr>\n      <td>LastUpdatedTime</td>\n    </tr>\n    <tr>\n      <td>EventTime</td>\n    </tr>\n    <tr>\n      <td>QueryText</td>\n    </tr>\n    <tr>\n      <td>QueryResultRow</td>\n    </tr>\n    <tr>\n      <td>QueryStartTime</td>\n    </tr>\n    <tr>\n      <td>QueryEndTime</td>\n    </tr>\n    <tr>\n      <td>Notes</td>\n    </tr>\n    <tr>\n      <td>SoftDeleted</td>\n    </tr>\n    <tr>\n      <td>Tags</td>\n    </tr>\n    <tr>\n      <td>SourceSystem</td>\n    </tr>\n    <tr>\n      <td>Type</td>\n    </tr>\n    <tr>\n      <td>_ResourceId</td>\n    </tr>\n    <tr>\n      <td>Computer</td>\n    </tr>\n    <tr>\n      <td>Account</td>\n    </tr>\n    <tr>\n      <td>Entities</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "Empty DataFrame\nColumns: []\nIndex: [TenantId, TimeGenerated, BookmarkId, BookmarkName, BookmarkType, CreatedBy, UpdatedBy, CreatedTime, LastUpdatedTime, EventTime, QueryText, QueryResultRow, QueryStartTime, QueryEndTime, Notes, SoftDeleted, Tags, SourceSystem, Type, _ResourceId, Computer, Account, Entities]"
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "59b20cfd46dd43bda9be538b1f93fe9d": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_488d7b188c7f43f8b6229c6517137e45",
        "IPY_MODEL_8f71b753ec754d76a90216eb4d6d33d5",
        "IPY_MODEL_46c05422174940e392024737f47bde92"
       ],
       "layout": "IPY_MODEL_11bd4a1fe4c94900bfb6617099102bdc"
      }
     },
     "59e9ab89c4204b5aaf44d08dbe30c913": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "5a35cd48509a4e118ff2e143ac2d75ed": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "SecurityAlert - 961799ddaf9d []  2019-10-17 18:27:23.867000",
        "Suspicious Powershell Command Line in MDATP []  2019-10-17 18:43:14.418000",
        "MDATP Alert []  2019-10-17 18:57:40.500000",
        "MDATP  Suspicious Powershell Command []  2019-10-17 19:07:51.781000",
        " Suspicious Powershell Command Line in MDATP - 420e5ff3c39c []  2019-10-17 18:33:03.499000",
        "Suspicious Powershell Command Line in MDATP []  2019-10-17 18:48:28.773000",
        "Advanced Multistage Attack Detection - ZScaler & MDATP []  2019-10-17 18:47:28.064000",
        "MDATP Suspicious Powershell Command Line []  2019-10-17 18:52:10.689000",
        " Suspicious Powershell Command Line in MDATP - baa2ced71f7e []  2019-10-18 18:34:23.945000",
        " Masquerading files - 91d0b68b3df5 []  2019-09-20 18:30:01.800000",
        " Masquerading files to look like system executables - 273574418fed []  2019-09-20 23:12:38.423000",
        " Masquerading files of windows system processe(s) - c6b42c99a709 []  2019-09-20 23:14:18.593000",
        "SecurityEvent - f73cc89ae062 []  2019-09-20 23:17:57.491000",
        " Masquerading files of windows system processe(s) - 027fff90eea1 []  2019-09-20 23:21:03.474000",
        " Copy of Masquerading files of windows system processe(s) - f5d65cb8cb27 []  2019-09-20 23:22:24.259000",
        "SecurityEvent - 00cd81b12ebe []  2019-09-20 23:29:22.044000",
        " Masquerading files of windows system processe(s) - 0a84967389eb []  2019-09-20 23:19:36.171000",
        " Masquerading files of windows system processe(s) - 10c2aaabdc47 []  2019-09-20 23:26:40.659000",
        "SecurityEvent - e7998c41baf9 []  2019-09-20 23:27:22.853000",
        "SecurityEvent - a21871766389 []  2019-09-20 23:28:04.775000",
        " Masquerading files of windows system processe(s) - e1ef65826ff8 []  2019-09-20 23:30:24.228000",
        " Least Common Parent And Child Process Pairs - c35bb574feb6 []  2019-09-23 18:55:56.139000",
        " Masquerading files of windows system processe(s) - 1291dce958fb []  2019-09-23 21:39:02.650000",
        " Masquerading files of windows system processe(s) - d57e6011f539 []  2019-09-23 21:41:26.710000",
        " Masquerading files []  2019-09-24 08:29:08.522000",
        " Masquerading files to look like system executables - 8754943044af []  2019-09-23 22:28:51.834000",
        " Masquerading files to look like system executables - 5101d73a4d0d []  2019-09-24 10:58:35.356000",
        " Masquerading files of windows system processe(s) - 702ade076740 []  2019-09-24 20:47:08.434000",
        " Masquerading files of windows system processe(s) - 0bc6a98a5956 []  2019-09-24 20:33:28.910000",
        " Masquerading files of windows system processes - 342264d7b6e8 []  2019-09-18 16:49:52.564000",
        " Masquerading files of windows system processes - af74bf16f22e []  2019-09-18 16:59:05.185000"
       ],
       "description": "Select an item",
       "index": 0,
       "layout": "IPY_MODEL_e1f6737c405244adaede0eda0f1d0b63",
       "style": "IPY_MODEL_042d89a616e0468eb79c505a751258c0"
      }
     },
     "5ad8d5a988e0426f85e693235c7d2f37": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "SecurityAlert - 787646c14107  2019-02-25 19:45:17.982000",
        "SSH BF TEST  2019-02-25 16:39:31.141000"
       ],
       "description": "Select an item",
       "index": 1,
       "layout": "IPY_MODEL_eba1cde4e8bf4dc3bd6355524b911454",
       "style": "IPY_MODEL_30cdcb2290e24418a77b48d11cd1fd41"
      }
     },
     "5bc93e912e1246ec80e98e774ff6b848": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_3c46f79d13c24bb79d89fcb7f191a612",
        "IPY_MODEL_65d7917f529049f4872c0c29c5e6384c",
        "IPY_MODEL_4c1718f2c94141d7b498d81b2c62f035"
       ],
       "layout": "IPY_MODEL_56af70e764b047f687cd267916ed8844"
      }
     },
     "5c21ca6f13694c79903c7046eab3c9e2": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "5d63ec3a3ed14511b45d6d65aae4b6b0": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_96f3591ab49b459881a6a4b44c0ab186",
        "IPY_MODEL_b3dc11de65634b0398dcc9da953065f4",
        "IPY_MODEL_913a4334f10e4879b8d1f3a2dad23bd9"
       ],
       "layout": "IPY_MODEL_836a0c17183c425cb3194c83c289d71b"
      }
     },
     "60569e99f7c74be898cbaf2739cd55ae": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_b7b64f73c2374457952c45bc70b57be2",
       "value": true
      }
     },
     "614cca2731f44e2c8c358d3d37ce42b5": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_78c0a388ec344289adc8151ca471d550",
       "outputs": [
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>0</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>TenantId</td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n    </tr>\n    <tr>\n      <td>TimeGenerated</td>\n      <td>2019-02-25 19:45:17.982000</td>\n    </tr>\n    <tr>\n      <td>BookmarkId</td>\n      <td>b0493469-b0c7-4666-acb8-787646c14107</td>\n    </tr>\n    <tr>\n      <td>BookmarkName</td>\n      <td>SecurityAlert - 787646c14107</td>\n    </tr>\n    <tr>\n      <td>BookmarkType</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>CreatedBy</td>\n      <td>{\\r\\n  \"ObjectId\": \"90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d\",\\r\\n  \"Email\": \"juliango@microsoft.com...</td>\n    </tr>\n    <tr>\n      <td>UpdatedBy</td>\n      <td>{\\r\\n  \"ObjectId\": \"90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d\",\\r\\n  \"Email\": \"juliango@microsoft.com...</td>\n    </tr>\n    <tr>\n      <td>CreatedTime</td>\n      <td>2019-02-25 19:45:17.921000</td>\n    </tr>\n    <tr>\n      <td>LastUpdatedTime</td>\n      <td>2019-02-25 19:45:17.921000</td>\n    </tr>\n    <tr>\n      <td>EventTime</td>\n      <td>2019-02-25 19:45:17.921000</td>\n    </tr>\n    <tr>\n      <td>QueryText</td>\n      <td>// *** Join SSH Brute Force ML detections with Host IP and Name information  *** //\\r\\n// Start ...</td>\n    </tr>\n    <tr>\n      <td>QueryResultRow</td>\n      <td>{\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2...</td>\n    </tr>\n    <tr>\n      <td>QueryStartTime</td>\n      <td>NaT</td>\n    </tr>\n    <tr>\n      <td>QueryEndTime</td>\n      <td>NaT</td>\n    </tr>\n    <tr>\n      <td>Notes</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>SoftDeleted</td>\n      <td>False</td>\n    </tr>\n    <tr>\n      <td>Tags</td>\n      <td>[\\r\\n  \"fluffydog_campaign\"\\r\\n]</td>\n    </tr>\n    <tr>\n      <td>SourceSystem</td>\n      <td>Azure Sentinel</td>\n    </tr>\n    <tr>\n      <td>Type</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>_ResourceId</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>Computer</td>\n      <td>None</td>\n    </tr>\n    <tr>\n      <td>Account</td>\n      <td>dbadmin</td>\n    </tr>\n    <tr>\n      <td>Entities</td>\n      <td>None</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "                                                                                                                   0\nTenantId                                                                        52b1ab41-869e-4138-9e40-2a4457f09bf0\nTimeGenerated                                                                             2019-02-25 19:45:17.982000\nBookmarkId                                                                      b0493469-b0c7-4666-acb8-787646c14107\nBookmarkName                                                                            SecurityAlert - 787646c14107\nBookmarkType                                                                                                        \nCreatedBy        {\\r\\n  \"ObjectId\": \"90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d\",\\r\\n  \"Email\": \"juliango@microsoft.com...\nUpdatedBy        {\\r\\n  \"ObjectId\": \"90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d\",\\r\\n  \"Email\": \"juliango@microsoft.com...\nCreatedTime                                                                               2019-02-25 19:45:17.921000\nLastUpdatedTime                                                                           2019-02-25 19:45:17.921000\nEventTime                                                                                 2019-02-25 19:45:17.921000\nQueryText        // *** Join SSH Brute Force ML detections with Host IP and Name information  *** //\\r\\n// Start ...\nQueryResultRow   {\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2...\nQueryStartTime                                                                                                   NaT\nQueryEndTime                                                                                                     NaT\nNotes                                                                                                               \nSoftDeleted                                                                                                    False\nTags                                                                                [\\r\\n  \"fluffydog_campaign\"\\r\\n]\nSourceSystem                                                                                          Azure Sentinel\nType                                                                                                                \n_ResourceId                                                                                                         \nComputer                                                                                                        None\nAccount                                                                                                      dbadmin\nEntities                                                                                                        None"
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "61620a56073a455b991f6b52414f0bc7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "61c6f57d253e4062a4050bceeb4f8e74": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter alerts by title:",
       "layout": "IPY_MODEL_0586b50b9e894ce7944273d97d34caa4",
       "style": "IPY_MODEL_59e9ab89c4204b5aaf44d08dbe30c913"
      }
     },
     "624838029e57464ea8cc82dca802cca7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "62f1c23c5ba84655ad3bf862086f3567": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "646294b6713e4c99b7ace19ca23da7bd": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_8b265a16313645f68b1ccd797ea5f38e",
        "IPY_MODEL_56cb3e3b823b42b996397f1f9c448494"
       ],
       "layout": "IPY_MODEL_6ff666022d1d444d86b9124f005cc48b"
      }
     },
     "648983b41eef46d1bf43afd72dd4f4e5": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SliderStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "65d7917f529049f4872c0c29c5e6384c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "ALEX   WindowsHostLogon (Last activity: 2019-10-30 17:37:44.297000)",
        "Alex   WindowsHostLogon (Last activity: 2019-10-30 09:18:11.770000)"
       ],
       "description": "Select an account to explore",
       "index": 1,
       "layout": "IPY_MODEL_2be0f3bf6cf447038a9ffbae86423b0b",
       "style": "IPY_MODEL_f0708f5954aa4bf586adde07179450c6"
      }
     },
     "678db23681c84eebb2fb9d2ba1013f0a": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "67df7ce9c1804bc3a89a07ea29891e81": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "68cef08217c94318aa4db4aa5340bcce": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "691389b6511d4643a2687ac249d60f3b": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "69dfc5b698e84ebbb1bdf9d9df895b3d": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_783a9369e3394d81ac0abdc24860eae3",
        "IPY_MODEL_752db6f4e981415eb728d0b84a14fc77",
        "IPY_MODEL_2c7a6db919364353b2ad5bf0f108c46f"
       ],
       "layout": "IPY_MODEL_93a514977b3345148d5fe0258598f807"
      }
     },
     "6b1855b6b62a4eef9909d4d1a3af8551": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "6b34b703c8854d6ebe7c4f4ef904e352": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "6b6362be396c41a0ac3ccc0cf8b511ef": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "6c5c2632b5e2409ba6643bf147572164": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "6cb71568dbff485da83712f158a2d829": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "6d5ab86e0cb44dae98ea566fb3b0636a": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "6d66b62bf71b4e6ea26a9ba28df5386c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HTMLModel",
      "state": {
       "layout": "IPY_MODEL_e1ddbde81d5043e98818daf26f7a5ce5",
       "style": "IPY_MODEL_49cfc62e0eea4339b785351494a40129",
       "value": "<h4>Set query time boundaries</h4>"
      }
     },
     "6f64e59cca33456ca9d8b1fc0faca369": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "6ff666022d1d444d86b9124f005cc48b": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "702bf110ba4f405eba4a027a09064c41": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "71c38c8b0b404e8aae49f5de620c646f": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "72d5cf7c05794e1baeb07d5a8f515283": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "7343bdd2de58410dabbc37406bc3549e": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "7489e9094fef410db848ee739eee1c58": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "IntRangeSliderModel",
      "state": {
       "_model_name": "IntRangeSliderModel",
       "_view_name": "IntRangeSliderView",
       "description": "Time Range (day):",
       "layout": "IPY_MODEL_1a500406a8e344eaa4e8e102c1b5ff90",
       "max": 7,
       "min": -200,
       "style": "IPY_MODEL_648983b41eef46d1bf43afd72dd4f4e5",
       "value": [
        -5,
        7
       ]
      }
     },
     "752db6f4e981415eb728d0b84a14fc77": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "ALEX   WindowsHostLogon (Last activity: 2019-10-30 17:37:44.297000)",
        "Alex   WindowsHostLogon (Last activity: 2019-10-30 09:18:11.770000)"
       ],
       "description": "Select an account to explore",
       "index": 0,
       "layout": "IPY_MODEL_d0b042cd0d7d4524b52e9b9d247b18f5",
       "style": "IPY_MODEL_3c9c7ea6e8674bd1ac567921651a285c"
      }
     },
     "75a5f1fa13044f3ea77c0be6d88b2bdd": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_5c21ca6f13694c79903c7046eab3c9e2",
       "outputs": [
        {
         "name": "stdout",
         "output_type": "stream",
         "text": "SSH BF TEST  2019-02-25 16:39:31.141000\n"
        }
       ]
      }
     },
     "75e885a865b4490884d1f34085482b83": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "775281cdbb754cdda11ae2ba1924c6eb": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_ff22f9849d344041843288fb3d53be7a",
       "value": true
      }
     },
     "783a9369e3394d81ac0abdc24860eae3": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_47977cbd8e02463abdc4832c489f9cde",
       "style": "IPY_MODEL_ab4f6805479e4ee4b457618e41d9a047"
      }
     },
     "78c0a388ec344289adc8151ca471d550": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "78e5ac4520b14434bccc7fb3500cf701": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "793500a391424d288a55cf40a05185ec": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "7a0c9682c12f475eb74bf6a431a84a8e": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_6b1855b6b62a4eef9909d4d1a3af8551",
       "style": "IPY_MODEL_5487eb0ec6a546b6bd4e530976e6bc9a"
      }
     },
     "7a887505ac244c8ab531ee2c4f213b22": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "7aff4c4303124b61946083de91a78025": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "7b6b417531ec4beba5fc54997ed975fc": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DatePickerModel",
      "state": {
       "description": "Origin Date",
       "disabled": false,
       "layout": "IPY_MODEL_07328251bfa3446a82bbba4527308200",
       "style": "IPY_MODEL_6b6362be396c41a0ac3ccc0cf8b511ef",
       "value": {
        "date": 31,
        "month": 9,
        "year": 2019
       }
      }
     },
     "7bdc03880cdb42ec831f4a19fe1747f8": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "7c2718a66a6b445286ddd77b4554d2b4": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "7c54eebf485c425f9e385937af9037df": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HTMLModel",
      "state": {
       "layout": "IPY_MODEL_29cec641c72f433ba12931e0744b0bbb",
       "style": "IPY_MODEL_dca9a621bb5c401782778f862ca1372a",
       "value": "<h4>Set query time boundaries</h4>"
      }
     },
     "7c96a1a571f44135b0c43e83cd59ae33": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query end time (UTC) :  ",
       "layout": "IPY_MODEL_75e885a865b4490884d1f34085482b83",
       "style": "IPY_MODEL_9caa74226aa74a88b799aa3bfed56aec",
       "value": "2019-10-25 21:55:47.669836"
      }
     },
     "7e91c8bcada54f36ad43dd496794e494": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_a322e177338143f3ab26e4aaf05c05d8",
       "value": true
      }
     },
     "7f1f0dbb3fb74a5b901844cdb955e7a3": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "80d826f17e954a09999593557d12a5db": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "b0493469-b0c7-4666-acb8-787646c14107",
        "afef383e-af37-4058-a13b-f904f1eb9823"
       ],
       "description": "Select an item",
       "index": 1,
       "layout": "IPY_MODEL_aa375b6c152e4edca0d536190c38c4bb",
       "style": "IPY_MODEL_b8da5213378846e2bf7dc13aa9962b50"
      }
     },
     "8107103835c0499eaa7a04285fc7f1a8": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_68cef08217c94318aa4db4aa5340bcce",
       "value": true
      }
     },
     "8141181307bf4f6cb5ebbc2f44001e51": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_955f6c5ca7bb422db2de1a9f066292e6",
        "IPY_MODEL_a7bc8009afdd418a8289ab6ac0fad4c9",
        "IPY_MODEL_614cca2731f44e2c8c358d3d37ce42b5"
       ],
       "layout": "IPY_MODEL_842f6deb1fbd490fb693425b56d919ad"
      }
     },
     "81f32fb652034c85aa69953a384bd74f": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "82c3004b68bb46b4972d443d90297b4e": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "82e49bd68b364d35a4beb7459e41aeac": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "836a0c17183c425cb3194c83c289d71b": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "83c47e9c5cab4fbfbe28390ece721c61": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "842f6deb1fbd490fb693425b56d919ad": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "8556edc2799649ab9e5d6c9d7194e3b2": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "8630f416892b4dd28b1a6a4dd3430695": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_7489e9094fef410db848ee739eee1c58",
        "IPY_MODEL_ed8284289e9441549c4259fa9e6734d8",
        "IPY_MODEL_b5b40e4be14a4942b3da4ba40671db79"
       ],
       "layout": "IPY_MODEL_b10b925125ef4be78affa568b42e60d4"
      }
     },
     "8765340e0d394f779baee315899dc2b0": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "87b5702a04874a64bb23b66a4f98731e": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "87e5561e59f3406083403c0499c45c8f": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "881881b3d6a44d8fa1bd872350bdb77e": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "8836b1ed7d78425ab21405a0a30c3ff2": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "88b48ca013a5425a9e6ad53f8f975c69": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "8995398e280e4c39b92e01043a4f5600": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_c248d21c91014a76ae35414346313b18",
       "value": true
      }
     },
     "8b265a16313645f68b1ccd797ea5f38e": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DatePickerModel",
      "state": {
       "description": "Origin Date",
       "disabled": false,
       "layout": "IPY_MODEL_402ddfe359744e6eb6e0cbb9630801a9",
       "style": "IPY_MODEL_f9cb33c773284d35b07a39dd405b9a4e",
       "value": {
        "date": 20,
        "month": 1,
        "year": 2019
       }
      }
     },
     "8bc2df8006b84779b72badb33568f9e5": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HTMLModel",
      "state": {
       "layout": "IPY_MODEL_6d5ab86e0cb44dae98ea566fb3b0636a",
       "style": "IPY_MODEL_9d30c014ec4c47c7becaf56c04321b6a",
       "value": "<h4>Set query time boundaries</h4>"
      }
     },
     "8c9fc467e7b84233a59db934e5b6aa4c": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "8d2e5ad4809c4dd2bfdf265871334962": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "8d97a759d22e4e47921add69d13cd5f0": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter alerts by title:",
       "layout": "IPY_MODEL_6b34b703c8854d6ebe7c4f4ef904e352",
       "style": "IPY_MODEL_243f9f7d45274e3592c71d2a85a09ed4"
      }
     },
     "8e29d9e0f49d4e17b9bd516742d3cfc1": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "8e8360f4978a42288f5332afda82c476": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "8eb3ed63c8e644828cf80888a6133c52": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query end time (UTC) :  ",
       "layout": "IPY_MODEL_6c5c2632b5e2409ba6643bf147572164",
       "style": "IPY_MODEL_87e5561e59f3406083403c0499c45c8f",
       "value": "2019-11-06 18:46:19.697955"
      }
     },
     "8f71b753ec754d76a90216eb4d6d33d5": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "b0493469-b0c7-4666-acb8-787646c14107",
        "afef383e-af37-4058-a13b-f904f1eb9823"
       ],
       "description": "Select an item",
       "index": 0,
       "layout": "IPY_MODEL_cee155f5d3794f61bf46e658b51c38a1",
       "style": "IPY_MODEL_c09afa33e2614524bd22bbe3e99f95f0"
      }
     },
     "913a4334f10e4879b8d1f3a2dad23bd9": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_518d0fdb6a3e432d887379035e5e694f",
       "outputs": [
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>1</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>TenantId</td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n    </tr>\n    <tr>\n      <td>TimeGenerated</td>\n      <td>2019-02-25 16:39:31.141000</td>\n    </tr>\n    <tr>\n      <td>BookmarkId</td>\n      <td>afef383e-af37-4058-a13b-f904f1eb9823</td>\n    </tr>\n    <tr>\n      <td>BookmarkName</td>\n      <td>SSH BF TEST</td>\n    </tr>\n    <tr>\n      <td>BookmarkType</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>CreatedBy</td>\n      <td>{\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...</td>\n    </tr>\n    <tr>\n      <td>UpdatedBy</td>\n      <td>{\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...</td>\n    </tr>\n    <tr>\n      <td>CreatedTime</td>\n      <td>2019-02-25 16:39:30.955000</td>\n    </tr>\n    <tr>\n      <td>LastUpdatedTime</td>\n      <td>2019-02-25 16:39:30.955000</td>\n    </tr>\n    <tr>\n      <td>EventTime</td>\n      <td>2019-02-25 16:39:30.955000</td>\n    </tr>\n    <tr>\n      <td>QueryText</td>\n      <td>// *** Join SSH Brute Force ML detections with Host IP and Name information  *** //\\r\\n// Start ...</td>\n    </tr>\n    <tr>\n      <td>QueryResultRow</td>\n      <td>{\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2...</td>\n    </tr>\n    <tr>\n      <td>QueryStartTime</td>\n      <td>NaT</td>\n    </tr>\n    <tr>\n      <td>QueryEndTime</td>\n      <td>NaT</td>\n    </tr>\n    <tr>\n      <td>Notes</td>\n      <td>This is a critical asset.</td>\n    </tr>\n    <tr>\n      <td>SoftDeleted</td>\n      <td>False</td>\n    </tr>\n    <tr>\n      <td>Tags</td>\n      <td>[\\r\\n  \"BouncyRaccoon\"\\r\\n]</td>\n    </tr>\n    <tr>\n      <td>SourceSystem</td>\n      <td>Azure Sentinel</td>\n    </tr>\n    <tr>\n      <td>Type</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>_ResourceId</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>Computer</td>\n      <td>None</td>\n    </tr>\n    <tr>\n      <td>Account</td>\n      <td>dbadmin</td>\n    </tr>\n    <tr>\n      <td>Entities</td>\n      <td>None</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "                                                                                                                   1\nTenantId                                                                        52b1ab41-869e-4138-9e40-2a4457f09bf0\nTimeGenerated                                                                             2019-02-25 16:39:31.141000\nBookmarkId                                                                      afef383e-af37-4058-a13b-f904f1eb9823\nBookmarkName                                                                                             SSH BF TEST\nBookmarkType                                                                                                        \nCreatedBy        {\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...\nUpdatedBy        {\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...\nCreatedTime                                                                               2019-02-25 16:39:30.955000\nLastUpdatedTime                                                                           2019-02-25 16:39:30.955000\nEventTime                                                                                 2019-02-25 16:39:30.955000\nQueryText        // *** Join SSH Brute Force ML detections with Host IP and Name information  *** //\\r\\n// Start ...\nQueryResultRow   {\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2...\nQueryStartTime                                                                                                   NaT\nQueryEndTime                                                                                                     NaT\nNotes                                                                                      This is a critical asset.\nSoftDeleted                                                                                                    False\nTags                                                                                     [\\r\\n  \"BouncyRaccoon\"\\r\\n]\nSourceSystem                                                                                          Azure Sentinel\nType                                                                                                                \n_ResourceId                                                                                                         \nComputer                                                                                                        None\nAccount                                                                                                      dbadmin\nEntities                                                                                                        None"
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "93a439ecb4684b3d9db2a8d344887a04": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "93a514977b3345148d5fe0258598f807": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "955f6c5ca7bb422db2de1a9f066292e6": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_8556edc2799649ab9e5d6c9d7194e3b2",
       "style": "IPY_MODEL_7f1f0dbb3fb74a5b901844cdb955e7a3"
      }
     },
     "96081e1e78054b61b61ae8714fd9e381": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_83c47e9c5cab4fbfbe28390ece721c61",
       "outputs": [
        {
         "ename": "AttributeError",
         "evalue": "'str' object has no attribute 'value'",
         "output_type": "error",
         "traceback": [
          "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
          "\u001b[1;31mAttributeError\u001b[0m                            Traceback (most recent call last)",
          "\u001b[1;32m~\\AppData\\Roaming\\Python\\Python37\\site-packages\\msticpy\\nbtools\\nbwidgets.py\u001b[0m in \u001b[0;36m_show_top_item\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m    894\u001b[0m             \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_w_output\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mclear_output\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    895\u001b[0m             \u001b[1;32mwith\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_w_output\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 896\u001b[1;33m                 \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mitem_action\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    897\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    898\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n",
          "\u001b[1;32m<string>\u001b[0m in \u001b[0;36mdisplay_activity\u001b[1;34m(selected_item)\u001b[0m\n",
          "\u001b[1;32m<string>\u001b[0m in \u001b[0;36mselected_account\u001b[1;34m(selected_acct)\u001b[0m\n",
          "\u001b[1;31mAttributeError\u001b[0m: 'str' object has no attribute 'value'"
         ]
        }
       ]
      }
     },
     "96f3591ab49b459881a6a4b44c0ab186": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_10028a8e935f4baa8603aad13d55f966",
       "style": "IPY_MODEL_eb31b443cf9a4dd995a18658180105c1"
      }
     },
     "9b35a6ab740246c9829691785b371419": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "9b60959bf55048b7a20d3ed4c2169843": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "9caa74226aa74a88b799aa3bfed56aec": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "9cbe916e267b416a99e1aad2af18bee9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "9d30c014ec4c47c7becaf56c04321b6a": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "9e3b7b2617fa4ba1851cfec7352ef7a1": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_dd964ba810204229aebec2c88ffa9a82",
        "IPY_MODEL_0c3c0974d2834914b1504afd0beae39d",
        "IPY_MODEL_56b324836bf34c89b9bab8a775f2d72b"
       ],
       "layout": "IPY_MODEL_2ed67edca35c46379aafe39af8a90300"
      }
     },
     "9e9b2211085a44509583508fa0632f03": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "IntRangeSliderModel",
      "state": {
       "_model_name": "IntRangeSliderModel",
       "_view_name": "IntRangeSliderView",
       "description": "Time Range (day):",
       "layout": "IPY_MODEL_e7f0c4a353b843808c51e91b1d75acec",
       "max": 7,
       "min": -200,
       "style": "IPY_MODEL_b90b7a429b39469193d6c1da064a247a",
       "value": [
        -29,
        7
       ]
      }
     },
     "a118b172aefb4e82b47bcf285d2b2329": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "a23b306c4b5d447c879345c3f4d10a9c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "a2ce1022e35846e08101887d9e83cb5c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_1509689085784331b6a66bd38787ca33",
        "IPY_MODEL_526d01ab94a14e5f96080f0392deb91d",
        "IPY_MODEL_2208c543b3024a18922a9942fdb90631"
       ],
       "layout": "IPY_MODEL_00ea98db21ca468ca0d9d647f17f37bc"
      }
     },
     "a322e177338143f3ab26e4aaf05c05d8": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "a4d8ac3f4ded40348f4ddeb10f2bbd36": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_ceb8ee5ee6024660b72ce1fda65a06f5",
        "IPY_MODEL_3e2961c891a54301adba7431dc008d33",
        "IPY_MODEL_1cf206bf8d6246f5947070c97574894f"
       ],
       "layout": "IPY_MODEL_ae37660a94fd48418995f018592768a9"
      }
     },
     "a5dc808c9a014151a8672ba7d30ec5bb": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "95%"
      }
     },
     "a6001386263b499db1f9d3cdfe25eacf": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "a6ed0452391d4922ba3057edc8913943": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "a7132fff2e6247b0b1b69208733bde28": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_691389b6511d4643a2687ac249d60f3b"
      }
     },
     "a7bc8009afdd418a8289ab6ac0fad4c9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "SecurityAlert - 787646c14107 [\r\n  \"fluffydog_campaign\"\r\n]  2019-02-25 19:45:17.982000",
        "SSH BF TEST [\r\n  \"BouncyRaccoon\"\r\n]  2019-02-25 16:39:31.141000"
       ],
       "description": "Select an item",
       "index": 0,
       "layout": "IPY_MODEL_a6ed0452391d4922ba3057edc8913943",
       "style": "IPY_MODEL_c8f9bf007ff3427995d37af684f347fa"
      }
     },
     "aa375b6c152e4edca0d536190c38c4bb": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "ab0b0cf4da8e42f8b3414abbf86e7ceb": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "95%"
      }
     },
     "ab4f6805479e4ee4b457618e41d9a047": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "ac02efe8753c495cbd01c8027f5b7675": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "ac836793d41e4863a2a0681aead7a405": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "acab5baa37154a00adcbf05f65ad3615": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "add4601ce20b4f669495b244811ca2b5": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "ae051caaebe546f694679f13bbb09a4d": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "ae285b6e22414be7be1231ed2ab6948b": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "ae37660a94fd48418995f018592768a9": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "b10b925125ef4be78affa568b42e60d4": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "b1dee2853f6c403c944000a24d549e48": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Alert?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_b817e8855ee54bfaae7a566e254224e0",
       "value": true
      }
     },
     "b2780aae29704d50950e38fb7c61a86d": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "b30e1518edfa4406a7dea23d2338a335": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_7a0c9682c12f475eb74bf6a431a84a8e",
        "IPY_MODEL_5ad8d5a988e0426f85e693235c7d2f37",
        "IPY_MODEL_d5eff5e7768e4b54baaa024d8f0e149f"
       ],
       "layout": "IPY_MODEL_27396b8ce3f34eedb8b707e4b7b9d144"
      }
     },
     "b3dc11de65634b0398dcc9da953065f4": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "SecurityAlert - 787646c14107 [\r\n  \"fluffydog_campaign\"\r\n] 2019-02-25 19:45:17.982000",
        "SSH BF TEST [\r\n  \"BouncyRaccoon\"\r\n] 2019-02-25 16:39:31.141000"
       ],
       "description": "Select an item",
       "index": 1,
       "layout": "IPY_MODEL_17d453399714410fb83541ba912d353d",
       "style": "IPY_MODEL_408989bdbd914c6c91f6185196587518"
      }
     },
     "b59ec5b1430a4af891f0471565b1f530": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query start time (UTC):",
       "layout": "IPY_MODEL_4496bb9a60c34cde9ddc2935016038f1",
       "style": "IPY_MODEL_11e01bc6c6b44a9d97f14acbdb791e86",
       "value": "2019-08-21 18:46:19.697955"
      }
     },
     "b5b40e4be14a4942b3da4ba40671db79": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query end time (UTC) :  ",
       "layout": "IPY_MODEL_de5a181d5d944b1e8a907ce8d5455cdc",
       "style": "IPY_MODEL_5735f8eccf7f4113ab32c90f4cbcd909",
       "value": "2019-02-27 02:56:03.315071"
      }
     },
     "b71f43581d024eac8cf8443cbbe82362": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "b74ff3e63c2142f6bdcc59331169fe99": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_1e0b7f71263b44fcacf50ee9426de6b3",
        "IPY_MODEL_13d89f2c53e94cce932de8cede43678a",
        "IPY_MODEL_151bfa41a4f54e2fad5fd527fb9a3c91"
       ],
       "layout": "IPY_MODEL_d51af46f7fa84a22a5c0ec118950b6c3"
      }
     },
     "b7b64f73c2374457952c45bc70b57be2": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "b817e8855ee54bfaae7a566e254224e0": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "b8da5213378846e2bf7dc13aa9962b50": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "b90b7a429b39469193d6c1da064a247a": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SliderStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "b91802dae3454218883fd220f9dc621c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_5305161e6631418099b1f02633947c45",
        "IPY_MODEL_5883af908d0d4f8982c89e8dfc16570f",
        "IPY_MODEL_f4d1dffedaca44b486339e74320d7452"
       ],
       "layout": "IPY_MODEL_b2780aae29704d50950e38fb7c61a86d"
      }
     },
     "b93f7519aca5444484086e83de06a40a": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "b9676325af0646ac960a02f1a3d0a062": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "ba445b1f858f426d8fd9c19489d959ae": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SliderStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "bb3bafbd6c0e4c1ab8ddd3e6e9b39cbb": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "CheckboxModel",
      "state": {
       "description": "Center subsequent query times round selected Bookmark?",
       "disabled": false,
       "layout": "IPY_MODEL_a5dc808c9a014151a8672ba7d30ec5bb",
       "style": "IPY_MODEL_8765340e0d394f779baee315899dc2b0",
       "value": true
      }
     },
     "bc091a619ea94668a648822e7325669f": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "bf2154c20bdd490a8847e3bfc196f213": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "bf83acc358474033b3ecc47d3bd1e7d1": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "bfd599e1dcdb42d680f491161656d483": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "300px",
       "width": "95%"
      }
     },
     "c09afa33e2614524bd22bbe3e99f95f0": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "c19d64f7a2e24650bfe688dc6fcf41f6": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "c1e11d9220ee4c9b8ceb221ad725e915": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "ALEX   WindowsHostLogon (Last activity: 2019-10-30 17:37:44.297000)",
        "Alex   WindowsHostLogon (Last activity: 2019-10-30 09:18:11.770000)"
       ],
       "description": "Select an account to explore",
       "index": 0,
       "layout": "IPY_MODEL_82c3004b68bb46b4972d443d90297b4e",
       "style": "IPY_MODEL_3c5571f44bde48c3bbb5214527d7f9c4"
      }
     },
     "c1eca92f047f473088cfa375d5147a60": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "MSTICAdmin   LinuxHostLogon (Last activity: 2019-02-15 04:00:00.827000)",
        "ian   WindowsHostLogon (Last activity: 2019-02-25 18:32:40.620000)",
        "ianh@M365x054215.onmicrosoft.com   O365Activity (Last activity: 2019-02-16 03:48:19)",
        "ianh@m365x054215.onmicrosoft.com   O365Activity (Last activity: 2019-02-16 03:45:20)"
       ],
       "description": "Select an account to explore",
       "index": 1,
       "layout": "IPY_MODEL_881881b3d6a44d8fa1bd872350bdb77e",
       "style": "IPY_MODEL_f45d552220ab47cc830cae4587ca6a3b"
      }
     },
     "c248d21c91014a76ae35414346313b18": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "c563878605654893881b72c6289ba108": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "80%"
      }
     },
     "c5c00b16d2a34f6d9972e35e0375eb62": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_09851848b0ef4029b95ef2a957d3b686",
        "IPY_MODEL_c1e11d9220ee4c9b8ceb221ad725e915",
        "IPY_MODEL_96081e1e78054b61b61ae8714fd9e381"
       ],
       "layout": "IPY_MODEL_05a92bb65d9246a2841d47a500d39a9d"
      }
     },
     "c5e889ecab1c499181b232e82744bcd7": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "c8e7ee1140804156b5b67efc421fabf1": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "c8f9bf007ff3427995d37af684f347fa": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "ca87ee46330c422e8cb7810fa41b0ee9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "cac8eee317484da18e175ed26db87eb3": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "cb5c1d924c3f4831a576b136ed2248c2": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "cbd22ab1115e40d893314c47433eb47e": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "cc8aa54721e6418e8a52b53ff7485772": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_d3dbea4292c4417da0645ee27982a799",
        "IPY_MODEL_e999eb22b2de4400ae0934bea77679ab",
        "IPY_MODEL_7c96a1a571f44135b0c43e83cd59ae33"
       ],
       "layout": "IPY_MODEL_21671f28362340ce8fb246d5af4cae04"
      }
     },
     "cd1c4009632e4921a8c51f32ea9e2946": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "cd930803359a45fdb790421af5b6fc49": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query start time (UTC):",
       "layout": "IPY_MODEL_14a0a076de014377b4222277ad91e1d6",
       "style": "IPY_MODEL_1bf816e2f4314909a591763f3632296c",
       "value": "2019-10-02 01:18:51.536875"
      }
     },
     "ceb8ee5ee6024660b72ce1fda65a06f5": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "IntRangeSliderModel",
      "state": {
       "_model_name": "IntRangeSliderModel",
       "_view_name": "IntRangeSliderView",
       "description": "Time Range (day):",
       "layout": "IPY_MODEL_c563878605654893881b72c6289ba108",
       "max": 7,
       "min": -200,
       "style": "IPY_MODEL_ba445b1f858f426d8fd9c19489d959ae",
       "value": [
        -36,
        7
       ]
      }
     },
     "cee155f5d3794f61bf46e658b51c38a1": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "d0873c4936e243a7be9be3a44b788b25": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Enter the Account name to search for:",
       "layout": "IPY_MODEL_3d8cf09c286b40fa9c95fd7c03da955c",
       "style": "IPY_MODEL_a23b306c4b5d447c879345c3f4d10a9c",
       "value": "alex"
      }
     },
     "d0b042cd0d7d4524b52e9b9d247b18f5": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "d27029a08494481e90abc56e23ed47ff": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "d2b5804515b445f1a2c74560dc2912c8": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Enter the Account name to search for:",
       "layout": "IPY_MODEL_ab0b0cf4da8e42f8b3414abbf86e7ceb",
       "style": "IPY_MODEL_ca87ee46330c422e8cb7810fa41b0ee9",
       "value": "alex"
      }
     },
     "d3dbea4292c4417da0645ee27982a799": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "IntRangeSliderModel",
      "state": {
       "_model_name": "IntRangeSliderModel",
       "_view_name": "IntRangeSliderView",
       "description": "Time Range (day):",
       "layout": "IPY_MODEL_2757a6fe686d4729a09e65abdc398c21",
       "max": 7,
       "min": -200,
       "style": "IPY_MODEL_22eba104dbc14c0e8cf6ee1933812705",
       "value": [
        -5,
        7
       ]
      }
     },
     "d44cdcd3d9794a5fb7dba970c423dab7": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_8d97a759d22e4e47921add69d13cd5f0",
        "IPY_MODEL_ff3874eac11f48ae9fc266ea5fca08e2",
        "IPY_MODEL_d9212e9b71554092a1b6890570f084dc"
       ],
       "layout": "IPY_MODEL_d27029a08494481e90abc56e23ed47ff"
      }
     },
     "d4dbb15ced7040bc8789f701abcbe242": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "d51af46f7fa84a22a5c0ec118950b6c3": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "d53a26d939a14868a5dc9e95c75d2c02": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query end time (UTC) :  ",
       "layout": "IPY_MODEL_ffbe00b09fde4e448e482df7bbdfa887",
       "style": "IPY_MODEL_a6001386263b499db1f9d3cdfe25eacf",
       "value": "2019-11-07 01:18:51.536875"
      }
     },
     "d5eff5e7768e4b54baaa024d8f0e149f": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_fc03fbd6c39f43fb9208babc0913608a",
       "outputs": [
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>1</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>TenantId</td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n    </tr>\n    <tr>\n      <td>TimeGenerated</td>\n      <td>2019-02-25 16:39:31.141000</td>\n    </tr>\n    <tr>\n      <td>BookmarkId</td>\n      <td>afef383e-af37-4058-a13b-f904f1eb9823</td>\n    </tr>\n    <tr>\n      <td>BookmarkName</td>\n      <td>SSH BF TEST</td>\n    </tr>\n    <tr>\n      <td>BookmarkType</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>CreatedBy</td>\n      <td>{\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...</td>\n    </tr>\n    <tr>\n      <td>UpdatedBy</td>\n      <td>{\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...</td>\n    </tr>\n    <tr>\n      <td>CreatedTime</td>\n      <td>2019-02-25 16:39:30.955000</td>\n    </tr>\n    <tr>\n      <td>LastUpdatedTime</td>\n      <td>2019-02-25 16:39:30.955000</td>\n    </tr>\n    <tr>\n      <td>EventTime</td>\n      <td>2019-02-25 16:39:30.955000</td>\n    </tr>\n    <tr>\n      <td>QueryText</td>\n      <td>// *** Join SSH Brute Force ML detections with Host IP and Name information  *** //\\r\\n// Start ...</td>\n    </tr>\n    <tr>\n      <td>QueryResultRow</td>\n      <td>{\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2...</td>\n    </tr>\n    <tr>\n      <td>QueryStartTime</td>\n      <td>NaT</td>\n    </tr>\n    <tr>\n      <td>QueryEndTime</td>\n      <td>NaT</td>\n    </tr>\n    <tr>\n      <td>Notes</td>\n      <td>This is a critical asset.</td>\n    </tr>\n    <tr>\n      <td>SoftDeleted</td>\n      <td>False</td>\n    </tr>\n    <tr>\n      <td>Tags</td>\n      <td>[\\r\\n  \"BouncyRaccoon\"\\r\\n]</td>\n    </tr>\n    <tr>\n      <td>SourceSystem</td>\n      <td>Azure Sentinel</td>\n    </tr>\n    <tr>\n      <td>Type</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>_ResourceId</td>\n      <td></td>\n    </tr>\n    <tr>\n      <td>Computer</td>\n      <td>None</td>\n    </tr>\n    <tr>\n      <td>Account</td>\n      <td>dbadmin</td>\n    </tr>\n    <tr>\n      <td>Entities</td>\n      <td>None</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "                                                                                                                   1\nTenantId                                                                        52b1ab41-869e-4138-9e40-2a4457f09bf0\nTimeGenerated                                                                             2019-02-25 16:39:31.141000\nBookmarkId                                                                      afef383e-af37-4058-a13b-f904f1eb9823\nBookmarkName                                                                                             SSH BF TEST\nBookmarkType                                                                                                        \nCreatedBy        {\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...\nUpdatedBy        {\\r\\n  \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n  \"Email\": \"bnick@microsoft.com\",\\...\nCreatedTime                                                                               2019-02-25 16:39:30.955000\nLastUpdatedTime                                                                           2019-02-25 16:39:30.955000\nEventTime                                                                                 2019-02-25 16:39:30.955000\nQueryText        // *** Join SSH Brute Force ML detections with Host IP and Name information  *** //\\r\\n// Start ...\nQueryResultRow   {\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2...\nQueryStartTime                                                                                                   NaT\nQueryEndTime                                                                                                     NaT\nNotes                                                                                      This is a critical asset.\nSoftDeleted                                                                                                    False\nTags                                                                                     [\\r\\n  \"BouncyRaccoon\"\\r\\n]\nSourceSystem                                                                                          Azure Sentinel\nType                                                                                                                \n_ResourceId                                                                                                         \nComputer                                                                                                        None\nAccount                                                                                                      dbadmin\nEntities                                                                                                        None"
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "d9212e9b71554092a1b6890570f084dc": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_da957843532947ab947c4c0c0355f1d6",
       "outputs": [
        {
         "data": {
          "text/html": "\n            <h3>Alert: 'Possible suspicious scheduling tasks access detected'</h3><br>time=<b>2019-02-15 04:03:22</b>,\n            entity=<b>dbadmin</b>, id=<b>2518520973978269999_57b6af71-984e-45f3-9aac-d6bbd79eed07</b>\n            <br/>\n            <table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>7</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>TenantId</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n    </tr>\n    <tr>\n      <th>TimeGenerated</th>\n      <td>2019-02-15 04:03:30</td>\n    </tr>\n    <tr>\n      <th>AlertDisplayName</th>\n      <td>Possible suspicious scheduling tasks access detected</td>\n    </tr>\n    <tr>\n      <th>AlertName</th>\n      <td>Possible suspicious scheduling tasks access detected</td>\n    </tr>\n    <tr>\n      <th>Severity</th>\n      <td>Informational</td>\n    </tr>\n    <tr>\n      <th>Description</th>\n      <td>Analysis of host data indicates that a cron job was accessed by dbadmin.\\r\\nThis activity could either be legitimate activity, or an indication of a compromised host that involved using task scheduling to execute malicious programs on a scheduled basis.</td>\n    </tr>\n    <tr>\n      <th>ProviderName</th>\n      <td>Detection</td>\n    </tr>\n    <tr>\n      <th>VendorName</th>\n      <td>Microsoft</td>\n    </tr>\n    <tr>\n      <th>VendorOriginalId</th>\n      <td>57b6af71-984e-45f3-9aac-d6bbd79eed07</td>\n    </tr>\n    <tr>\n      <th>SystemAlertId</th>\n      <td>2518520973978269999_57b6af71-984e-45f3-9aac-d6bbd79eed07</td>\n    </tr>\n    <tr>\n      <th>ResourceId</th>\n      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/ASIHuntOMSWorkspaceRG/providers/Microsoft.Compute/virtualMachines/MSTICAlertsLxVM2</td>\n    </tr>\n    <tr>\n      <th>SourceComputerId</th>\n      <td>44623fb0-bd5f-49ea-84d1-56aa11ab8a25</td>\n    </tr>\n    <tr>\n      <th>AlertType</th>\n      <td>SCUBA_RULE_AccessCronJob</td>\n    </tr>\n    <tr>\n      <th>ConfidenceLevel</th>\n      <td>Unknown</td>\n    </tr>\n    <tr>\n      <th>ConfidenceScore</th>\n      <td>NaN</td>\n    </tr>\n    <tr>\n      <th>IsIncident</th>\n      <td>False</td>\n    </tr>\n    <tr>\n      <th>StartTimeUtc</th>\n      <td>2019-02-15 04:03:22</td>\n    </tr>\n    <tr>\n      <th>EndTimeUtc</th>\n      <td>2019-02-15 04:03:22</td>\n    </tr>\n    <tr>\n      <th>ProcessingEndTime</th>\n      <td>2019-02-15 04:03:30</td>\n    </tr>\n    <tr>\n      <th>RemediationSteps</th>\n      <td>[\\r\\n  \"Review with dbadmin the activity in this alert to see if you recognize this as legitimate administrative activity. If not, escalate the alert to the information security team.\"\\r\\n]</td>\n    </tr>\n    <tr>\n      <th>ExtendedProperties</th>\n      <td>{'Compromised Host': 'MSTICALERTSLXVM2', 'User Name': 'dbadmin', 'Account Session Id': '0x2e093', 'Suspicious Process': '/usr/bin/vim.basic', 'Suspicious Command Line': '/usr/bin/vim.basic /tmp/crontab.UQ6iiQ/crontab', 'Suspicious Process Id': '0x51b3', 'resourceType': 'Virtual Machine', 'ServiceId': '14fa08c7-c48e-4c18-950c-8148024b4398', 'ReportingSystem': 'Azure', 'OccuringDatacenter': 'eastus'}</td>\n    </tr>\n    <tr>\n      <th>Entities</th>\n      <td>[{'$id': '4', 'DnsDomain': '', 'NTDomain': '', 'HostName': 'MSTICALERTSLXVM2', 'NetBiosName': 'MSTICALERTSLXVM2', 'OSFamily': 'Linux', 'OSVersion': 'Linux', 'Type': 'host'}, {'$id': '5', 'ProcessId': '0x518a', 'CommandLine': '', 'Host': {'$ref': '4'}, 'Type': 'process'}, {'$id': '6', 'Name': 'dbadmin', 'Host': {'$ref': '4'}, 'Sid': '1001:1001', 'Type': 'account', 'LogonId': '0x2e093'}, {'$id': '7', 'Directory': '/usr/bin', 'Name': 'vim.basic', 'Type': 'file'}, {'$id': '8', 'ProcessId': '0x51b3', 'CommandLine': '/usr/bin/vim.basic /tmp/crontab.UQ6iiQ/crontab', 'CreationTimeUtc': '2019-02-15T04:03:22.173Z', 'ImageFile': {'$ref': '7'}, 'Account': {'$ref': '6'}, 'ParentProcess': {'$ref': '5'}, 'Host': {'$ref': '4'}, 'Type': 'process'}, {'$id': '9', 'SessionId': '0x2e093', 'StartTimeUtc': '2019-02-15T04:03:22.173Z', 'EndTimeUtc': '2019-02-15T04:03:22.173Z', 'Type': 'host-logon-session', 'Host': {'$ref': '4'}, 'Account': {'$ref': '6'}}]</td>\n    </tr>\n    <tr>\n      <th>SourceSystem</th>\n      <td>Detection</td>\n    </tr>\n    <tr>\n      <th>WorkspaceSubscriptionId</th>\n      <td>40dcc8bf-0478-4f3b-b275-ed0a94f2c013</td>\n    </tr>\n    <tr>\n      <th>WorkspaceResourceGroup</th>\n      <td>asihuntomsworkspacerg</td>\n    </tr>\n    <tr>\n      <th>ExtendedLinks</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>ProductName</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>ProductComponentName</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>Type</th>\n      <td>SecurityAlert</td>\n    </tr>\n    <tr>\n      <th>Computer</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>src_hostname</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>src_accountname</th>\n      <td>dbadmin</td>\n    </tr>\n    <tr>\n      <th>src_procname</th>\n      <td></td>\n    </tr>\n    <tr>\n      <th>host_match</th>\n      <td>False</td>\n    </tr>\n    <tr>\n      <th>acct_match</th>\n      <td>True</td>\n    </tr>\n    <tr>\n      <th>proc_match</th>\n      <td>True</td>\n    </tr>\n    <tr>\n      <th>CompromisedEntity</th>\n      <td>dbadmin</td>\n    </tr>\n  </tbody>\n</table><br/><h3>ExtendedProperties:</h3><table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>0</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>Compromised Host</th>\n      <td>MSTICALERTSLXVM2</td>\n    </tr>\n    <tr>\n      <th>User Name</th>\n      <td>dbadmin</td>\n    </tr>\n    <tr>\n      <th>Account Session Id</th>\n      <td>0x2e093</td>\n    </tr>\n    <tr>\n      <th>Suspicious Process</th>\n      <td>/usr/bin/vim.basic</td>\n    </tr>\n    <tr>\n      <th>Suspicious Command Line</th>\n      <td>/usr/bin/vim.basic /tmp/crontab.UQ6iiQ/crontab</td>\n    </tr>\n    <tr>\n      <th>Suspicious Process Id</th>\n      <td>0x51b3</td>\n    </tr>\n    <tr>\n      <th>resourceType</th>\n      <td>Virtual Machine</td>\n    </tr>\n    <tr>\n      <th>ServiceId</th>\n      <td>14fa08c7-c48e-4c18-950c-8148024b4398</td>\n    </tr>\n    <tr>\n      <th>ReportingSystem</th>\n      <td>Azure</td>\n    </tr>\n    <tr>\n      <th>OccuringDatacenter</th>\n      <td>eastus</td>\n    </tr>\n  </tbody>\n</table><h3>Entity counts: </h3>host: 1, process: 2, account: 1, file: 1, hostlogonsession: 1",
          "text/plain": "<IPython.core.display.HTML object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "name": "stdout",
         "output_type": "stream",
         "text": "{ 'AdditionalData': {},\n  'DnsDomain': '',\n  'HostName': 'MSTICALERTSLXVM2',\n  'NTDomain': '',\n  'NetBiosName': 'MSTICALERTSLXVM2',\n  'OSFamily': 'Linux',\n  'Type': 'host'}\n{ 'AdditionalData': {},\n  'CommandLine': '',\n  'Host': { 'AdditionalData': {},\n            'DnsDomain': '',\n            'HostName': 'MSTICALERTSLXVM2',\n            'NTDomain': '',\n            'NetBiosName': 'MSTICALERTSLXVM2',\n            'OSFamily': 'Linux',\n            'Type': 'host'},\n  'ProcessId': '0x518a',\n  'Type': 'process'}\n{ 'AdditionalData': {},\n  'Host': { 'AdditionalData': {},\n            'DnsDomain': '',\n            'HostName': 'MSTICALERTSLXVM2',\n            'NTDomain': '',\n            'NetBiosName': 'MSTICALERTSLXVM2',\n            'OSFamily': 'Linux',\n            'Type': 'host'},\n  'LogonId': '0x2e093',\n  'Name': 'dbadmin',\n  'Sid': '1001:1001',\n  'Type': 'account'}\n{ 'AdditionalData': {},\n  'Directory': '/usr/bin',\n  'FullPath': '/usr/bin/vim.basic',\n  'Name': 'vim.basic',\n  'Type': 'file'}\n{ 'Account': { 'AdditionalData': {},\n               'Host': { 'AdditionalData': {},\n                         'DnsDomain': '',\n                         'HostName': 'MSTICALERTSLXVM2',\n                         'NTDomain': '',\n                         'NetBiosName': 'MSTICALERTSLXVM2',\n                         'OSFamily': 'Linux',\n                         'Type': 'host'},\n               'LogonId': '0x2e093',\n               'Name': 'dbadmin',\n               'Sid': '1001:1001',\n               'Type': 'account'},\n  'AdditionalData': {},\n  'CommandLine': '/usr/bin/vim.basic /tmp/crontab.UQ6iiQ/crontab',\n  'CreationTimeUtc': '2019-02-15T04:03:22.173Z',\n  'Host': { 'AdditionalData': {},\n            'DnsDomain': '',\n            'HostName': 'MSTICALERTSLXVM2',\n            'NTDomain': '',\n            'NetBiosName': 'MSTICALERTSLXVM2',\n            'OSFamily': 'Linux',\n            'Type': 'host'},\n  'ImageFile': { 'AdditionalData': {},\n                 'Directory': '/usr/bin',\n                 'FullPath': '/usr/bin/vim.basic',\n                 'Name': 'vim.basic',\n                 'Type': 'file'},\n  'ParentProcess': { 'AdditionalData': {},\n                     'CommandLine': '',\n                     'Host': { 'AdditionalData': {},\n                               'DnsDomain': '',\n                               'HostName': 'MSTICALERTSLXVM2',\n                               'NTDomain': '',\n                               'NetBiosName': 'MSTICALERTSLXVM2',\n                               'OSFamily': 'Linux',\n                               'Type': 'host'},\n                     'ProcessId': '0x518a',\n                     'Type': 'process'},\n  'ProcessId': '0x51b3',\n  'Type': 'process'}\n{ 'Account': { 'AdditionalData': {},\n               'Host': { 'AdditionalData': {},\n                         'DnsDomain': '',\n                         'HostName': 'MSTICALERTSLXVM2',\n                         'NTDomain': '',\n                         'NetBiosName': 'MSTICALERTSLXVM2',\n                         'OSFamily': 'Linux',\n                         'Type': 'host'},\n               'LogonId': '0x2e093',\n               'Name': 'dbadmin',\n               'Sid': '1001:1001',\n               'Type': 'account'},\n  'AdditionalData': {},\n  'EndTimeUtc': '2019-02-15T04:03:22.173Z',\n  'Host': { 'AdditionalData': {},\n            'DnsDomain': '',\n            'HostName': 'MSTICALERTSLXVM2',\n            'NTDomain': '',\n            'NetBiosName': 'MSTICALERTSLXVM2',\n            'OSFamily': 'Linux',\n            'Type': 'host'},\n  'SessionId': '0x2e093',\n  'StartTimeUtc': '2019-02-15T04:03:22.173Z',\n  'Type': 'hostlogonsession'}\n"
        }
       ]
      }
     },
     "da5e077a570f44a2aa2276a84e73418c": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_565b97a862a543b3accac809160d3bf7",
        "IPY_MODEL_80d826f17e954a09999593557d12a5db",
        "IPY_MODEL_75a5f1fa13044f3ea77c0be6d88b2bdd"
       ],
       "layout": "IPY_MODEL_faa84603000f475e9b0129544dcaaf2d"
      }
     },
     "da7d189d5c284e5fa166bd6ca76bc2bd": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SliderStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "da957843532947ab947c4c0c0355f1d6": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "dac07fcc7eea45bdb2450d85767210c6": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "dbe305a8a0e1461eb0d1282101a54afa": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "VBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_09a3ca78764140b38b641c4dfe24fc76",
        "IPY_MODEL_df20c8313dcf422d9d4c4e5357d6f7d3",
        "IPY_MODEL_a7132fff2e6247b0b1b69208733bde28"
       ],
       "layout": "IPY_MODEL_7343bdd2de58410dabbc37406bc3549e"
      }
     },
     "dca9a621bb5c401782778f862ca1372a": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "dd4abbbb15fd466687bd54f0a3d80024": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_df6a664042ba43e7b7c324c52c9d7cc9",
        "IPY_MODEL_304f50bcff6f479e853a23ec532eea5d"
       ],
       "layout": "IPY_MODEL_3a3165abb4c64e2e95f7766a4f597c3a"
      }
     },
     "dd964ba810204229aebec2c88ffa9a82": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_220281bdd8fe459aa5ccd341000d8bfc",
       "style": "IPY_MODEL_41d8f6b3ae1b4f419c87b1e11c7cb7e9"
      }
     },
     "de5a181d5d944b1e8a907ce8d5455cdc": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     },
     "de6cab36cc2945f493a178d889a45586": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "df20c8313dcf422d9d4c4e5357d6f7d3": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "b0493469-b0c7-4666-acb8-787646c14107",
        "afef383e-af37-4058-a13b-f904f1eb9823"
       ],
       "description": "Select an item",
       "index": 1,
       "layout": "IPY_MODEL_bc091a619ea94668a648822e7325669f",
       "style": "IPY_MODEL_ef56f84b40144d4a9e23b8f55e9e1815"
      }
     },
     "df6a664042ba43e7b7c324c52c9d7cc9": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DatePickerModel",
      "state": {
       "description": "Origin Date",
       "disabled": false,
       "layout": "IPY_MODEL_acab5baa37154a00adcbf05f65ad3615",
       "style": "IPY_MODEL_1a1e0fce7b5243758e9871320bb00006",
       "value": {
        "date": 18,
        "month": 9,
        "year": 2019
       }
      }
     },
     "e12ead97fdd640ae83befc64b5ffdb2c": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "300px",
       "width": "95%"
      }
     },
     "e1ddbde81d5043e98818daf26f7a5ce5": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "e1f6737c405244adaede0eda0f1d0b63": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "e268f1e009e04d159c17e3a656d79272": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "e3fcda15a5744838a7f8e0af30ccc460": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "e41ba284c5af4ec881fa96801093aa40": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "ALEX   WindowsHostLogon (Last activity: 2019-10-30 17:37:44.297000)",
        "Alex   WindowsHostLogon (Last activity: 2019-10-30 09:18:11.770000)"
       ],
       "description": "Select an account to explore",
       "index": 0,
       "layout": "IPY_MODEL_e77b06c34eef493b8c2136c0ab138411",
       "style": "IPY_MODEL_1eab24cf9acb42e195e5e03281476196"
      }
     },
     "e743b4ebb00b47a1997290290c09e7e8": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "e77b06c34eef493b8c2136c0ab138411": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "200px",
       "width": "100%"
      }
     },
     "e7f0c4a353b843808c51e91b1d75acec": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "80%"
      }
     },
     "e922261b9df54e4c92c22c5676bbec62": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "e999eb22b2de4400ae0934bea77679ab": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query start time (UTC):",
       "layout": "IPY_MODEL_702bf110ba4f405eba4a027a09064c41",
       "style": "IPY_MODEL_532ed04a12d647a29782545bc6d815a7",
       "value": "2019-10-13 21:55:47.669836"
      }
     },
     "eb31b443cf9a4dd995a18658180105c1": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "eba1cde4e8bf4dc3bd6355524b911454": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "height": "100px",
       "width": "50%"
      }
     },
     "ed6a98c8255941e7baf94ebff51afb2d": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "ed8284289e9441549c4259fa9e6734d8": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Query start time (UTC):",
       "layout": "IPY_MODEL_7aff4c4303124b61946083de91a78025",
       "style": "IPY_MODEL_9cbe916e267b416a99e1aad2af18bee9",
       "value": "2019-02-15 02:56:03.315071"
      }
     },
     "edb65edc10ef46a7bfea3cec0b7efbd0": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "eedbd1ec35524ee4a213788b7f7046ad": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_c8e7ee1140804156b5b67efc421fabf1",
       "style": "IPY_MODEL_1d0c25caec174a93b32c81e5427e3176"
      }
     },
     "ef56f84b40144d4a9e23b8f55e9e1815": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "f0708f5954aa4bf586adde07179450c6": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "f1c34ead896147df902c9a52f06fcf72": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_e268f1e009e04d159c17e3a656d79272",
       "style": "IPY_MODEL_10f1e3780a9145cdbcaa275a0fa266e7"
      }
     },
     "f45d552220ab47cc830cae4587ca6a3b": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "f4d1dffedaca44b486339e74320d7452": {
      "model_module": "@jupyter-widgets/output",
      "model_module_version": "1.0.0",
      "model_name": "OutputModel",
      "state": {
       "layout": "IPY_MODEL_110966f8eafc41278b92312f26d0096d",
       "outputs": [
        {
         "data": {
          "text/markdown": "<p style='font-weight: bold'>dbadmin (source: LinuxHostLogon)</p>",
          "text/plain": "<IPython.core.display.Markdown object>"
         },
         "metadata": {},
         "output_type": "display_data"
        },
        {
         "data": {
          "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>LogonType</th>\n      <th>SourceIP</th>\n      <th>Computer</th>\n      <th>TimeGenerated</th>\n      <th>TenantId</th>\n      <th>SourceSystem</th>\n      <th>EventTime</th>\n      <th>Facility</th>\n      <th>HostName</th>\n      <th>SeverityLevel</th>\n      <th>SyslogMessage</th>\n      <th>ProcessID</th>\n      <th>HostIP</th>\n      <th>ProcessName</th>\n      <th>MG</th>\n      <th>Type</th>\n      <th>_ResourceId</th>\n      <th>AccountName</th>\n      <th>User</th>\n      <th>SourcePort</th>\n      <th>UID</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <td>0</td>\n      <td>(sshd)</td>\n      <td></td>\n      <td>MSTICAlertsLxVM2</td>\n      <td>2019-02-25 15:34:15.877</td>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>Linux</td>\n      <td>2019-02-25 15:34:15</td>\n      <td>auth</td>\n      <td>MSTICAlertsLxVM2</td>\n      <td>info</td>\n      <td>Accepted publickey for dbadmin from 23.97.60.214 port 65505 ssh2: RSA SHA256:t9MNKS5oNTFQ3alWBHp...</td>\n      <td>16494</td>\n      <td>10.0.3.4</td>\n      <td>sshd</td>\n      <td>00000000-0000-0000-0000-000000000002</td>\n      <td>Syslog</td>\n      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourcegroups/asihuntomsworkspacerg/provide...</td>\n      <td>dbadmin</td>\n      <td>dbadmin</td>\n      <td>65505</td>\n      <td></td>\n    </tr>\n  </tbody>\n</table>\n</div>",
          "text/plain": "  LogonType SourceIP          Computer           TimeGenerated  \\\n0    (sshd)           MSTICAlertsLxVM2 2019-02-25 15:34:15.877   \n\n                               TenantId SourceSystem           EventTime  \\\n0  52b1ab41-869e-4138-9e40-2a4457f09bf0        Linux 2019-02-25 15:34:15   \n\n  Facility          HostName SeverityLevel  \\\n0     auth  MSTICAlertsLxVM2          info   \n\n                                                                                         SyslogMessage  \\\n0  Accepted publickey for dbadmin from 23.97.60.214 port 65505 ssh2: RSA SHA256:t9MNKS5oNTFQ3alWBHp...   \n\n   ProcessID    HostIP ProcessName                                    MG  \\\n0      16494  10.0.3.4        sshd  00000000-0000-0000-0000-000000000002   \n\n     Type  \\\n0  Syslog   \n\n                                                                                           _ResourceId  \\\n0  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourcegroups/asihuntomsworkspacerg/provide...   \n\n  AccountName     User SourcePort UID  \n0     dbadmin  dbadmin      65505      "
         },
         "metadata": {},
         "output_type": "display_data"
        }
       ]
      }
     },
     "f77e0b6fd3644871bc08e707e1d81d48": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Filter:",
       "layout": "IPY_MODEL_54d53cce6f824bb4a2fd05cbacd0b8ff",
       "style": "IPY_MODEL_3de22fc97aed49778c70e3aae0dfb0f8"
      }
     },
     "f7a5fb2057b242d4928b42556c3c5b09": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Time (24hr)",
       "layout": "IPY_MODEL_bf83acc358474033b3ecc47d3bd1e7d1",
       "style": "IPY_MODEL_7bdc03880cdb42ec831f4a19fe1747f8",
       "value": "18:46:19.697955"
      }
     },
     "f9198cd6a95c470a89b9c6257e5e6964": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "TextModel",
      "state": {
       "description": "Enter the Account name to search for:",
       "layout": "IPY_MODEL_050e929313c3440f8329396036a2dc65",
       "style": "IPY_MODEL_add4601ce20b4f669495b244811ca2b5",
       "value": "alexw"
      }
     },
     "f9cb33c773284d35b07a39dd405b9a4e": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": ""
      }
     },
     "faa84603000f475e9b0129544dcaaf2d": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {}
     },
     "fb807bb93bd84e528caab6ec18d5e649": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "MSTICAdmin   LinuxHostLogon (Last activity: 2019-02-15 04:00:00.827000)",
        "ian   WindowsHostLogon (Last activity: 2019-02-25 18:32:40.620000)",
        "ianh@M365x054215.onmicrosoft.com   O365Activity (Last activity: 2019-02-16 03:48:19)",
        "ianh@m365x054215.onmicrosoft.com   O365Activity (Last activity: 2019-02-16 03:45:20)"
       ],
       "description": "Select an account to explore",
       "index": 3,
       "layout": "IPY_MODEL_b9676325af0646ac960a02f1a3d0a062",
       "style": "IPY_MODEL_9b60959bf55048b7a20d3ed4c2169843"
      }
     },
     "fbdc6e3bf80c44f284a724771003cede": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "HBoxModel",
      "state": {
       "children": [
        "IPY_MODEL_512b5a30ffbe40afafcf083618476004",
        "IPY_MODEL_3b44d9c85b924309908090f1df5e40d9"
       ],
       "layout": "IPY_MODEL_edb65edc10ef46a7bfea3cec0b7efbd0"
      }
     },
     "fc03fbd6c39f43fb9208babc0913608a": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "border": "1px solid black"
      }
     },
     "ff22f9849d344041843288fb3d53be7a": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "DescriptionStyleModel",
      "state": {
       "description_width": "initial"
      }
     },
     "ff3874eac11f48ae9fc266ea5fca08e2": {
      "model_module": "@jupyter-widgets/controls",
      "model_module_version": "1.5.0",
      "model_name": "SelectModel",
      "state": {
       "_options_labels": [
        "2019-02-15 03:50:55  Detected suspicious file download (dbadmin) [id:2518520981440769999_caab1270-55d3-4447-8618-16cf8672e4e1]",
        "2019-02-15 04:03:22  Possible suspicious scheduling tasks access detected (dbadmin) [id:2518520973978269999_57b6af71-984e-45f3-9aac-d6bbd79eed07]",
        "2019-02-15 19:43:49  Detected suspicious file download (dbadmin) [id:2518520409706099999_c5116800-e694-4900-a6e3-28cc7875b093]",
        "2019-02-16 03:23:54  Detected suspicious file download (dbadmin) [id:2518520133657099999_384e00d0-4afc-4e9a-8935-bec64d3951a4]",
        "2019-02-18 15:29:22  Detected suspicious file download (dbadmin) [id:2518517970377929999_6ed51e72-6170-4f28-b551-9b7b49936c4c]",
        "2019-02-20 15:21:05  Detected suspicious file download (dbadmin) [id:2518516247346029999_217d56b4-24be-4029-8ba9-7664868b7039]",
        "2019-02-22 15:36:12  Detected suspicious file download (dbadmin) [id:2518514510276729999_a9813243-7b57-4504-95c2-97a76e530436]",
        "2019-02-25 15:34:17  Detected suspicious file download (dbadmin) [id:2518511919420069999_54d82dbd-701d-4d62-8d48-d4dcc53cb5bf]"
       ],
       "description": "Select alert :",
       "index": 1,
       "layout": "IPY_MODEL_bfd599e1dcdb42d680f491161656d483",
       "style": "IPY_MODEL_81f32fb652034c85aa69953a384bd74f"
      }
     },
     "ffbe00b09fde4e448e482df7bbdfa887": {
      "model_module": "@jupyter-widgets/base",
      "model_module_version": "1.2.0",
      "model_name": "LayoutModel",
      "state": {
       "width": "50%"
      }
     }
    },
    "version_major": 2,
    "version_minor": 0
   }
  }
 },
 "nbformat": 4,
 "nbformat_minor": 2
}