{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Entity Explorer - Account\n",
" Details...
\n",
"\n",
" **Notebook Version:** 1.0
\n",
" **Python Version:** Python 3.6 (including Python 3.6 - AzureML)
\n",
" **Required Packages**: kqlmagic, msticpy, pandas, numpy, matplotlib, networkx, ipywidgets, ipython, dnspython, ipwhois, folium, maxminddb_geolite2
\n",
" **Platforms Supported**:\n",
" - Azure Notebooks Free Compute\n",
" - Azure Notebooks DSVM\n",
" - OS Independent\n",
"\n",
" **Data Sources Required**:\n",
" - Log Analytics - SecurityAlert, SecurityEvent, HuntingBookmark, Syslog, AAD SigninLogs, AzureActivity, OfficeActivity, ThreatIndicator\n",
" - (Optional) - VirusTotal, AlienVault OTX, IBM XForce, Open Page Rank, (all require accounts and API keys)\n",
"
Searching for AAD activity...
" ], "text/plain": [ "Searching for Azure activity...
" ], "text/plain": [ "Searching for Office365 activity...
" ], "text/plain": [ "Searching for Windows logon activity...
" ], "text/plain": [ "Searching for Linux logon activity...
" ], "text/plain": [ "Found 76 records...
" ], "text/plain": [ "Found 33 different alert types related to this account (`alexw@m365x648731.onmicrosoft.com`)
" ], "text/plain": [ "\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"
\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"Found 31 different bookmarks related to this account (`alexw@m365x648731.onmicrosoft.com`)
" ], "text/plain": [ "\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"
\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"Account 'alexw@m365x648731.onmicrosoft.com'. Source is 'O365Activity'
" ], "text/plain": [ "\n", " | TotalLogons | \n", "LogonResult | \n", "IPAddresses | \n", "LogonTypeCount | \n", "FirstLogon | \n", "LastLogon | \n", "
---|---|---|---|---|---|---|
Computer | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " |
WebServer-1 | \n", "48 | \n", "{'failed': 48} | \n", "[185.81.128.116, 185.107.45.130, 173.249.58.228, 63.150.106.131, 212.92.106.156] | \n", "{3: 48} | \n", "2019-10-25 19:54:13.153 | \n", "2019-10-30 17:37:44.297 | \n", "
\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"
\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"10 threat intelligence hits have been matched on one or more source IP addresses.
" ], "text/plain": [ "You should investigate these hosts using the 'Entity Explorer - Windows Host' notebook
" ], "text/plain": [ "Logon details for TI matches are in the `all_win_logons_ti` DataFrame
" ], "text/plain": [ "\n", " | Ioc | \n", "IocType | \n", "QuerySubtype | \n", "Provider | \n", "Result | \n", "Severity | \n", "Details | \n", "RawResult | \n", "Reference | \n", "Status | \n", "
---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "185.81.128.116 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 4, 'names': ['RDP Attackers - August 2019 - A', 'Scan port 3389 RDP (S3#)', 'Sca... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.81.128.116/general | \n", "0 | \n", "
1 | \n", "185.107.45.130 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 3, 'names': ['RDP Attackers - October 2019 - C', 'Shunlist IPs - 2018-03-18', 'R... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.107.45.130/general | \n", "0 | \n", "
2 | \n", "173.249.58.228 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 8, 'names': ['RDP Attackers - October 2019 - B', 'RDP Attackers - September 2019... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/173.249.58.228/general | \n", "0 | \n", "
3 | \n", "63.150.106.131 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 2, 'names': ['Shunlist IPs - 2018-01-21', 'RiskDiscovery HoneyDB sensors feeds -... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/63.150.106.131/general | \n", "0 | \n", "
4 | \n", "212.92.106.156 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 8, 'names': ['RDP Attackers - October 2019 - C', 'RDP Attackers - October 2019 -... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/212.92.106.156/general | \n", "0 | \n", "
0 | \n", "185.81.128.116 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Firewall deny log analysis', 're... | \n", "{'ip': '185.81.128.116', 'history': [{'created': '2014-12-17T07:27:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/185.81.128.116 | \n", "0 | \n", "
1 | \n", "185.107.45.130 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 10, 'cats': {'Spam': 100, 'Dynamic IPs': 71}, 'categoryDescriptions': {'Spam': 'This c... | \n", "{'ip': '185.107.45.130', 'history': [{'created': '2015-07-04T06:21:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/185.107.45.130 | \n", "0 | \n", "
2 | \n", "173.249.58.228 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '173.249.58.228', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/173.249.58.228 | \n", "0 | \n", "
3 | \n", "63.150.106.131 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '63.150.106.131', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/63.150.106.131 | \n", "0 | \n", "
4 | \n", "212.92.106.156 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 10, 'cats': {'Spam': 100}, 'categoryDescriptions': {'Spam': 'This category lists IP ad... | \n", "{'ip': '212.92.106.156', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/212.92.106.156 | \n", "0 | \n", "
Geolocations and ASN Owner for account logon source IP addresses. Information only
" ], "text/plain": [ "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | TotalLogons | \n", "LogonResult | \n", "LogonTypeCount | \n", "FirstLogon | \n", "LastLogon | \n", "
---|---|---|---|---|---|---|---|---|---|---|
Computer | \n", "IpAddress | \n", "CountryCode | \n", "CountryName | \n", "City | \n", "ASNDesc | \n", "\n", " | \n", " | \n", " | \n", " | \n", " |
WebServer-1 | \n", "173.249.58.228 | \n", "DE | \n", "Germany | \n", "Nuremberg | \n", "CONTABO, DE | \n", "1 | \n", "{'failed': 1} | \n", "{3: 1} | \n", "2019-10-30 09:18:11.770 | \n", "2019-10-30 09:18:11.770 | \n", "
185.107.45.130 | \n", "NL | \n", "Netherlands | \n", "Oss | \n", "NFORCE, NL | \n", "1 | \n", "{'failed': 1} | \n", "{3: 1} | \n", "2019-10-30 04:19:25.500 | \n", "2019-10-30 04:19:25.500 | \n", "
No additional alerts found
" ], "text/plain": [ "No additional alerts found.
" ], "text/plain": [ "No additional items found for logged on hosts
" ], "text/plain": [ "\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"
\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"
\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"
\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\n", " | \n", " | \n", " | \n", " | \n", " | OperationCount | \n", "OperationTypes | \n", "Resources | \n", "FirstOperation | \n", "LastOperation | \n", "
---|---|---|---|---|---|---|---|---|---|
UserPrincipalName | \n", "Type | \n", "IPAddress | \n", "AppResourceProvider | \n", "UserType | \n", "\n", " | \n", " | \n", " | \n", " | \n", " |
alexw@m365x648731.onmicrosoft.com | \n", "OfficeActivity | \n", "\n", " | SharePoint | \n", "Regular | \n", "15 | \n", "[FileAccessed] | \n", "7 | \n", "2019-09-16 18:06:06 | \n", "2019-09-19 19:18:06 | \n", "
104.41.146.53 | \n", "SharePoint | \n", "Regular | \n", "7 | \n", "[SearchQueryPerformed] | \n", "5 | \n", "2019-09-19 19:16:20 | \n", "2019-09-20 18:20:49 | \n", "||
109.70.100.26 | \n", "SharePoint | \n", "Regular | \n", "7 | \n", "[FilePreviewed] | \n", "3 | \n", "2019-09-20 18:20:50 | \n", "2019-09-20 18:20:50 | \n", "||
176.10.104.240 | \n", "SharePoint | \n", "Regular | \n", "208 | \n", "[FileModified, FileAccessed, FileUploaded, FileModifiedExtended, FileDeleted] | \n", "36 | \n", "2019-09-19 19:27:55 | \n", "2019-09-19 20:26:23 | \n", "||
176.10.99.200:45866 | \n", "Exchange | \n", "Admin | \n", "1 | \n", "[New-InboxRule] | \n", "1 | \n", "2019-09-20 20:11:57 | \n", "2019-09-20 20:11:57 | \n", "||
185.207.139.2:30396 | \n", "Exchange | \n", "Admin | \n", "1 | \n", "[Remove-InboxRule] | \n", "1 | \n", "2019-09-24 23:10:38 | \n", "2019-09-24 23:10:38 | \n", "||
185.207.139.2:7127 | \n", "Exchange | \n", "Admin | \n", "1 | \n", "[Remove-InboxRule] | \n", "1 | \n", "2019-09-24 23:10:35 | \n", "2019-09-24 23:10:35 | \n", "||
185.220.101.1 | \n", "SharePoint | \n", "Regular | \n", "7 | \n", "[FilePreviewed] | \n", "3 | \n", "2019-10-16 18:09:39 | \n", "2019-10-16 18:09:41 | \n", "||
185.220.101.31 | \n", "SharePoint | \n", "Regular | \n", "26 | \n", "[FilePreviewed, FileAccessed, ListCreated, SearchQueryPerformed, PageViewed] | \n", "25 | \n", "2019-09-18 17:02:06 | \n", "2019-09-18 17:10:23 | \n", "||
185.220.101.6 | \n", "SharePoint | \n", "Regular | \n", "15 | \n", "[FileDownloaded] | \n", "14 | \n", "2019-09-16 18:11:40 | \n", "2019-09-16 18:12:53 | \n", "||
185.220.102.8 | \n", "SharePoint | \n", "Regular | \n", "168 | \n", "[FileUploaded, PermissionLevelAdded, PageViewed, FileAccessed, FileModified, FilePreviewed, Anon... | \n", "46 | \n", "2019-09-16 18:41:42 | \n", "2019-09-16 20:43:20 | \n", "||
199.249.230.111 | \n", "SharePoint | \n", "Regular | \n", "8 | \n", "[FilePreviewed] | \n", "4 | \n", "2019-09-19 19:16:23 | \n", "2019-09-19 19:16:26 | \n", "||
199.249.230.113 | \n", "SharePoint | \n", "Regular | \n", "1 | \n", "[FileAccessed] | \n", "1 | \n", "2019-09-16 18:16:38 | \n", "2019-09-16 18:16:38 | \n", "||
20.190.128.101 | \n", "SharePoint | \n", "Regular | \n", "1 | \n", "[FilePreviewed] | \n", "1 | \n", "2019-09-19 19:16:16 | \n", "2019-09-19 19:16:16 | \n", "||
20.190.128.103 | \n", "SharePoint | \n", "Regular | \n", "5 | \n", "[FilePreviewed] | \n", "4 | \n", "2019-09-19 19:16:14 | \n", "2019-09-19 19:16:14 | \n", "||
20.190.129.100 | \n", "SharePoint | \n", "Regular | \n", "4 | \n", "[FilePreviewed] | \n", "4 | \n", "2019-09-20 18:20:46 | \n", "2019-09-20 18:20:48 | \n", "||
23.129.64.152 | \n", "SharePoint | \n", "Regular | \n", "32 | \n", "[FileAccessed, FilePreviewed, PageViewed, SearchQueryPerformed] | \n", "31 | \n", "2019-09-18 17:01:25 | \n", "2019-09-18 17:03:03 | \n", "||
40.117.152.107 | \n", "SharePoint | \n", "Regular | \n", "17 | \n", "[SearchQueryPerformed] | \n", "11 | \n", "2019-09-16 17:42:17 | \n", "2019-09-18 17:02:37 | \n", "||
40.126.9.49 | \n", "SharePoint | \n", "Regular | \n", "2 | \n", "[FilePreviewed] | \n", "1 | \n", "2019-10-16 18:09:38 | \n", "2019-10-16 18:09:38 | \n", "||
40.126.9.50 | \n", "SharePoint | \n", "Regular | \n", "5 | \n", "[FilePreviewed] | \n", "3 | \n", "2019-09-16 17:42:18 | \n", "2019-09-16 17:42:23 | \n", "||
40.126.9.51 | \n", "SharePoint | \n", "Regular | \n", "4 | \n", "[FilePreviewed] | \n", "2 | \n", "2019-10-16 18:09:36 | \n", "2019-10-16 18:09:36 | \n", "||
52.109.6.30 | \n", "SharePoint | \n", "Regular | \n", "7 | \n", "[FileAccessed] | \n", "6 | \n", "2019-09-19 19:16:23 | \n", "2019-10-16 18:09:42 | \n", "||
66.146.193.33 | \n", "SharePoint | \n", "Regular | \n", "33 | \n", "[PageViewed, FileAccessed, FileDeleted, FolderDeleted, FilePreviewed] | \n", "32 | \n", "2019-09-19 19:17:59 | \n", "2019-09-19 19:22:05 | \n", "||
77.247.181.163 | \n", "SharePoint | \n", "Regular | \n", "4 | \n", "[FilePreviewed] | \n", "4 | \n", "2019-09-16 17:42:29 | \n", "2019-09-16 17:42:38 | \n", "||
92.62.139.103 | \n", "SharePoint | \n", "Regular | \n", "100 | \n", "[FileAccessed, FilePreviewed, SearchQueryPerformed, PageViewed, FileDownloaded, FileAccessedExte... | \n", "63 | \n", "2019-09-16 18:05:57 | \n", "2019-09-16 18:18:07 | \n", "||
[2a02:418:6017::148]:45644 | \n", "Exchange | \n", "Admin | \n", "1 | \n", "[New-InboxRule] | \n", "1 | \n", "2019-09-16 17:43:36 | \n", "2019-09-16 17:43:36 | \n", "
63 threat intelligence hits have been matched on one or more source IP addresses.
" ], "text/plain": [ "You should investigate these IP addresses using the 'Entity Explorer - IP Address' notebook
" ], "text/plain": [ "\n", " | Ioc | \n", "IocType | \n", "QuerySubtype | \n", "Provider | \n", "Result | \n", "Severity | \n", "Details | \n", "RawResult | \n", "Reference | \n", "Status | \n", "
---|---|---|---|---|---|---|---|---|---|---|
3 | \n", "23.129.64.193 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 35, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/23.129.64.193/general | \n", "0 | \n", "
4 | \n", "185.220.101.48 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 35, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offi... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.48/general | \n", "0 | \n", "
5 | \n", "198.98.58.135 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 7, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/198.98.58.135/general | \n", "0 | \n", "
10 | \n", "176.10.99.200 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 50, 'names': ['Webscanners 2018-02-09 thru current day', 'TOR Nodes', 'N6 Torli... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/176.10.99.200/general | \n", "0 | \n", "
17 | \n", "87.118.116.103 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 30, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/87.118.116.103/general | \n", "0 | \n", "
19 | \n", "217.115.10.132 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 50, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/217.115.10.132/general | \n", "0 | \n", "
20 | \n", "185.4.132.135 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 4, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'dan... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.4.132.135/general | \n", "0 | \n", "
23 | \n", "185.220.102.8 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 10, 'names': ['TOR Nodes', 'SSH - US Honeypot IoCs 2019-09-19', 'N6 Torlist 2019... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.102.8/general | \n", "0 | \n", "
24 | \n", "77.247.181.163 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 50, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/77.247.181.163/general | \n", "0 | \n", "
25 | \n", "185.220.101.6 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 45, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'VNC honeypot logs for 2019/... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.6/general | \n", "0 | \n", "
26 | \n", "92.62.139.103 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 9, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/92.62.139.103/general | \n", "0 | \n", "
29 | \n", "199.249.230.113 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 31, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'Suspicious IPs-August-10-08... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/199.249.230.113/general | \n", "0 | \n", "
33 | \n", "185.220.101.1 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 45, 'names': ['Webscanners 2018-02-09 thru current day', 'TOR Nodes', 'N6 Torli... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.1/general | \n", "0 | \n", "
34 | \n", "23.129.64.152 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 36, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/23.129.64.152/general | \n", "0 | \n", "
35 | \n", "185.220.101.31 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 39, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offi... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.220.101.31/general | \n", "0 | \n", "
36 | \n", "176.10.104.240 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 44, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'VN... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/176.10.104.240/general | \n", "0 | \n", "
38 | \n", "66.146.193.33 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 5, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'N6 Torlist 2019-08-05', 'dan... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/66.146.193.33/general | \n", "0 | \n", "
41 | \n", "199.249.230.111 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 29, 'names': ['TOR Nodes', 'N6 Torlist 2019-08-22', 'Suspicious IPs-August-10-08... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/199.249.230.111/general | \n", "0 | \n", "
43 | \n", "185.207.139.2 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "2 | \n", "{'pulse_count': 4, 'names': ['TOR Nodes', 'IOCs weekly 03/10/19', 'spraying attack against Offic... | \n", "{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.207.139.2/general | \n", "0 | \n", "
0 | \n", "131.107.174.181 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri... | \n", "{'ip': '131.107.174.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.174.181 | \n", "0 | \n", "
1 | \n", "131.107.159.181 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri... | \n", "{'ip': '131.107.159.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.159.181 | \n", "0 | \n", "
2 | \n", "131.107.160.181 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Third party feed', 'reasonDescri... | \n", "{'ip': '131.107.160.181', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.160.181 | \n", "0 | \n", "
3 | \n", "23.129.64.193 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Spam': 71, 'Anonymisation Services': 86, 'Bots': 57}, 'categoryDescript... | \n", "{'ip': '23.129.64.193', 'history': [{'created': '2017-07-20T06:21:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/23.129.64.193 | \n", "0 | \n", "
4 | \n", "185.220.101.48 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '185.220.101.48', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/185.220.101.48 | \n", "0 | \n", "
5 | \n", "198.98.58.135 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S... | \n", "{'ip': '198.98.58.135', 'history': [{'created': '2012-07-06T06:28:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/198.98.58.135 | \n", "0 | \n", "
6 | \n", "109.70.100.26 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '109.70.100.26', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/109.70.100.26 | \n", "0 | \n", "
7 | \n", "131.107.160.77 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.160.77', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.160.77 | \n", "0 | \n", "
8 | \n", "50.35.65.178 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '50.35.65.178', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional I... | \n", "https://api.xforce.ibmcloud.com/ipr/50.35.65.178 | \n", "0 | \n", "
9 | \n", "167.220.2.105 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '167.220.2.105', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/167.220.2.105 | \n", "0 | \n", "
10 | \n", "176.10.99.200 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Scanning IPs': 29, 'Bots': 43}, 'category... | \n", "{'ip': '176.10.99.200', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/176.10.99.200 | \n", "0 | \n", "
11 | \n", "131.107.159.205 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.159.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.159.205 | \n", "0 | \n", "
12 | \n", "167.220.2.123 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '167.220.2.123', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/167.220.2.123 | \n", "0 | \n", "
13 | \n", "131.107.159.143 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.159.143', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.159.143 | \n", "0 | \n", "
14 | \n", "131.107.147.105 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.147.105', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.147.105 | \n", "0 | \n", "
15 | \n", "131.107.174.205 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.174.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.174.205 | \n", "0 | \n", "
16 | \n", "131.107.160.205 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.160.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.160.205 | \n", "0 | \n", "
17 | \n", "87.118.116.103 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '87.118.116.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/87.118.116.103 | \n", "0 | \n", "
18 | \n", "109.70.100.24 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '109.70.100.24', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/109.70.100.24 | \n", "0 | \n", "
19 | \n", "217.115.10.132 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Scanning IPs': 29, 'Bots': 43}, 'category... | \n", "{'ip': '217.115.10.132', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/217.115.10.132 | \n", "0 | \n", "
20 | \n", "185.4.132.135 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S... | \n", "{'ip': '185.4.132.135', 'history': [{'created': '2012-09-28T06:27:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/185.4.132.135 | \n", "0 | \n", "
21 | \n", "131.107.147.205 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.147.205', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.147.205 | \n", "0 | \n", "
22 | \n", "131.107.174.123 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '131.107.174.123', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/131.107.174.123 | \n", "0 | \n", "
23 | \n", "185.220.102.8 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '185.220.102.8', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/185.220.102.8 | \n", "0 | \n", "
24 | \n", "77.247.181.163 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 29}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '77.247.181.163', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/77.247.181.163 | \n", "0 | \n", "
25 | \n", "185.220.101.6 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '185.220.101.6', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/185.220.101.6 | \n", "0 | \n", "
26 | \n", "92.62.139.103 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Spam': 29, 'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescript... | \n", "{'ip': '92.62.139.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/92.62.139.103 | \n", "0 | \n", "
27 | \n", "40.117.152.107 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '40.117.152.107', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/40.117.152.107 | \n", "0 | \n", "
28 | \n", "40.126.9.50 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '40.126.9.50', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In... | \n", "https://api.xforce.ibmcloud.com/ipr/40.126.9.50 | \n", "0 | \n", "
29 | \n", "199.249.230.113 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S... | \n", "{'ip': '199.249.230.113', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/199.249.230.113 | \n", "0 | \n", "
30 | \n", "40.126.9.51 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '40.126.9.51', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In... | \n", "https://api.xforce.ibmcloud.com/ipr/40.126.9.51 | \n", "0 | \n", "
31 | \n", "52.109.6.30 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '52.109.6.30', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In... | \n", "https://api.xforce.ibmcloud.com/ipr/52.109.6.30 | \n", "0 | \n", "
32 | \n", "40.126.9.49 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '40.126.9.49', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In... | \n", "https://api.xforce.ibmcloud.com/ipr/40.126.9.49 | \n", "0 | \n", "
33 | \n", "185.220.101.1 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86}, 'categoryDescriptions': {'Anonymisation S... | \n", "{'ip': '185.220.101.1', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/185.220.101.1 | \n", "0 | \n", "
34 | \n", "23.129.64.152 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Spam': 86, 'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescript... | \n", "{'ip': '23.129.64.152', 'history': [{'created': '2017-07-20T06:21:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/23.129.64.152 | \n", "0 | \n", "
35 | \n", "185.220.101.31 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '185.220.101.31', 'history': [{'created': '2017-09-13T06:21:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/185.220.101.31 | \n", "0 | \n", "
36 | \n", "176.10.104.240 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '176.10.104.240', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/176.10.104.240 | \n", "0 | \n", "
37 | \n", "104.41.146.53 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '104.41.146.53', 'history': [{'created': '2014-05-08T06:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/104.41.146.53 | \n", "0 | \n", "
38 | \n", "66.146.193.33 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '66.146.193.33', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/66.146.193.33 | \n", "0 | \n", "
39 | \n", "20.190.128.101 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '20.190.128.101', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/20.190.128.101 | \n", "0 | \n", "
40 | \n", "20.190.128.103 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '20.190.128.103', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/20.190.128.103 | \n", "0 | \n", "
41 | \n", "199.249.230.111 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 57}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '199.249.230.111', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... | \n", "https://api.xforce.ibmcloud.com/ipr/199.249.230.111 | \n", "0 | \n", "
42 | \n", "20.190.129.100 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "1 | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '20.190.129.100', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... | \n", "https://api.xforce.ibmcloud.com/ipr/20.190.129.100 | \n", "0 | \n", "
43 | \n", "185.207.139.2 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "2 | \n", "{'score': 8.6, 'cats': {'Anonymisation Services': 86, 'Bots': 43}, 'categoryDescriptions': {'Ano... | \n", "{'ip': '185.207.139.2', 'history': [{'created': '2017-06-10T06:21:00.000Z', 'reason': 'Regional ... | \n", "https://api.xforce.ibmcloud.com/ipr/185.207.139.2 | \n", "0 | \n", "
Querying geolocation for 44 ip addresses...
" ], "text/plain": [ "Querying WhoIs for 44 ip addresses...
" ], "text/plain": [ "Geolocations and ASN Owner for source IP addresses. Information only
" ], "text/plain": [ "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | TotalOperations | \n", "Operations | \n", "AppResources | \n", "FirstLogon | \n", "LastLogon | \n", "
---|---|---|---|---|---|---|---|---|---|---|
UserPrincipalName | \n", "IPAddress | \n", "CountryCode | \n", "CountryName | \n", "City | \n", "ASNDesc | \n", "\n", " | \n", " | \n", " | \n", " | \n", " |
alexw@m365x648731.onmicrosoft.com | \n", "104.41.146.53 | \n", "US | \n", "United States | \n", "Washington | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "7 | \n", "{'SearchQueryPerformed': 7} | \n", "[SharePoint] | \n", "2019-09-19 19:16:20.000 | \n", "2019-09-20 18:20:49.000 | \n", "
109.70.100.24 | \n", "AT | \n", "Austria | \n", "Vienna | \n", "APPLIEDPRIVACY-AS, AT | \n", "6 | \n", "{'Sign-in activity': 6} | \n", "[Office 365 Exchange Online] | \n", "2019-09-25 16:21:43.562 | \n", "2019-09-29 17:35:00.099 | \n", "|
109.70.100.26 | \n", "AT | \n", "Austria | \n", "Vienna | \n", "APPLIEDPRIVACY-AS, AT | \n", "17 | \n", "{'Sign-in activity': 10, 'FilePreviewed': 7} | \n", "[O365 Suite UX, Office 365 SharePoint Online, SharePoint] | \n", "2019-09-19 19:15:59.381 | \n", "2019-09-20 18:20:50.000 | \n", "|
131.107.147.105 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "36 | \n", "{'Create Saved Search': 14, 'Update Case Investigation': 12, 'Sign-in activity': 6, 'Gets workfl... | \n", "[Azure Notebooks, Azure Portal, Microsoft.OperationalInsights, Microsoft.Logic, Microsoft.Securi... | \n", "2019-10-14 21:23:46.112 | \n", "2019-10-16 00:02:03.868 | \n", "|
131.107.147.205 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "40 | \n", "{'Update Case Investigation': 34, 'Update Cases': 4, 'Gets workflow recommend operation groups': 2} | \n", "[Microsoft.SecurityInsights, Microsoft.Logic] | \n", "2019-10-15 15:58:35.552 | \n", "2019-10-23 16:39:05.220 | \n", "|
131.107.159.143 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "1 | \n", "{'Sign-in activity': 1} | \n", "[Azure Portal] | \n", "2019-10-17 16:27:42.396 | \n", "2019-10-17 16:27:42.396 | \n", "|
131.107.159.181 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "1 | \n", "{'Sign-in activity': 1} | \n", "[Azure Portal] | \n", "2019-10-29 23:41:38.870 | \n", "2019-10-29 23:41:38.870 | \n", "|
131.107.159.205 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "3 | \n", "{'Sign-in activity': 3} | \n", "[Azure Portal] | \n", "2019-10-17 15:27:34.722 | \n", "2019-10-22 15:26:25.738 | \n", "|
131.107.160.181 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "1 | \n", "{'Sign-in activity': 1} | \n", "[Azure Portal] | \n", "2019-10-29 23:44:32.382 | \n", "2019-10-29 23:44:32.382 | \n", "|
131.107.160.205 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "2 | \n", "{'Sign-in activity': 2} | \n", "[Azure Portal] | \n", "2019-10-17 20:39:51.333 | \n", "2019-10-18 15:42:59.049 | \n", "|
131.107.160.77 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "5 | \n", "{'Sign-in activity': 5} | \n", "[Azure Portal] | \n", "2019-10-15 15:45:44.295 | \n", "2019-10-23 16:38:09.019 | \n", "|
131.107.174.123 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "4 | \n", "{'Update Case Investigation': 4} | \n", "[Microsoft.SecurityInsights] | \n", "2019-10-17 15:49:17.520 | \n", "2019-10-17 15:52:18.166 | \n", "|
131.107.174.181 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "1 | \n", "{'Sign-in activity': 1} | \n", "[Azure Portal] | \n", "2019-10-29 23:40:25.427 | \n", "2019-10-29 23:40:25.427 | \n", "|
131.107.174.205 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "3 | \n", "{'Sign-in activity': 3} | \n", "[Azure Portal] | \n", "2019-10-17 18:06:33.396 | \n", "2019-10-17 18:11:01.639 | \n", "|
167.220.2.105 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "1 | \n", "{'Sign-in activity': 1} | \n", "[Azure Portal] | \n", "2019-10-15 20:19:45.715 | \n", "2019-10-15 20:19:45.715 | \n", "|
167.220.2.123 | \n", "US | \n", "United States | \n", "Redmond | \n", "MICROSOFT-CORP-AS - Microsoft Corporation, US | \n", "2 | \n", "{'Sign-in activity': 2} | \n", "[Azure Portal] | \n", "2019-10-17 15:33:57.417 | \n", "2019-10-17 15:34:04.089 | \n", "|
185.4.132.135 | \n", "GR | \n", "Greece | \n", "Nafplion | \n", "TOPHOST, GR | \n", "4 | \n", "{'Sign-in activity': 4} | \n", "[Office 365 Exchange Online] | \n", "2019-09-24 23:09:28.253 | \n", "2019-09-24 23:09:32.785 | \n", "|
198.98.58.135 | \n", "US | \n", "United States | \n", "Buffalo | \n", "PONYNET - FranTech Solutions, US | \n", "2 | \n", "{'Sign-in activity': 2} | \n", "[Office 365 Exchange Online] | \n", "2019-09-28 17:32:59.827 | \n", "2019-09-28 17:32:59.827 | \n", "|
20.190.128.101 | \n", "US | \n", "United States | \n", "San Antonio | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "1 | \n", "{'FilePreviewed': 1} | \n", "[SharePoint] | \n", "2019-09-19 19:16:16.000 | \n", "2019-09-19 19:16:16.000 | \n", "|
20.190.128.103 | \n", "US | \n", "United States | \n", "San Antonio | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "5 | \n", "{'FilePreviewed': 5} | \n", "[SharePoint] | \n", "2019-09-19 19:16:14.000 | \n", "2019-09-19 19:16:14.000 | \n", "|
20.190.129.100 | \n", "IE | \n", "Ireland | \n", "Dublin | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "4 | \n", "{'FilePreviewed': 4} | \n", "[SharePoint] | \n", "2019-09-20 18:20:46.000 | \n", "2019-09-20 18:20:48.000 | \n", "|
217.115.10.132 | \n", "DE | \n", "Germany | \n", "Berlin | \n", "NETSIGN, DE | \n", "2 | \n", "{'Sign-in activity': 2} | \n", "[Office 365 Exchange Online] | \n", "2019-09-24 23:06:14.437 | \n", "2019-09-24 23:06:14.437 | \n", "|
23.129.64.152 | \n", "US | \n", "United States | \n", "Seattle | \n", "EMERALD-ONION - Emerald Onion, US | \n", "32 | \n", "{'FileAccessed': 18, 'FilePreviewed': 7, 'PageViewed': 4, 'SearchQueryPerformed': 3} | \n", "[SharePoint] | \n", "2019-09-18 17:01:25.000 | \n", "2019-09-18 17:03:03.000 | \n", "|
23.129.64.193 | \n", "US | \n", "United States | \n", "Seattle | \n", "EMERALD-ONION - Emerald Onion, US | \n", "4 | \n", "{'Sign-in activity': 4} | \n", "[Office 365 Exchange Online] | \n", "2019-09-27 17:26:43.304 | \n", "2019-09-27 17:26:49.681 | \n", "|
40.117.152.107 | \n", "US | \n", "United States | \n", "Washington | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "17 | \n", "{'SearchQueryPerformed': 17} | \n", "[SharePoint] | \n", "2019-09-16 17:42:17.000 | \n", "2019-09-18 17:02:37.000 | \n", "|
40.126.9.49 | \n", "NL | \n", "Netherlands | \n", "Amsterdam | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "2 | \n", "{'FilePreviewed': 2} | \n", "[SharePoint] | \n", "2019-10-16 18:09:38.000 | \n", "2019-10-16 18:09:38.000 | \n", "|
40.126.9.50 | \n", "NL | \n", "Netherlands | \n", "Amsterdam | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "5 | \n", "{'FilePreviewed': 5} | \n", "[SharePoint] | \n", "2019-09-16 17:42:18.000 | \n", "2019-09-16 17:42:23.000 | \n", "|
40.126.9.51 | \n", "NL | \n", "Netherlands | \n", "Amsterdam | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "4 | \n", "{'FilePreviewed': 4} | \n", "[SharePoint] | \n", "2019-10-16 18:09:36.000 | \n", "2019-10-16 18:09:36.000 | \n", "|
50.35.65.178 | \n", "US | \n", "United States | \n", "Redmond | \n", "FRONTIER-FRTR - Frontier Communications of America, Inc., US | \n", "27 | \n", "{'Create Saved Search': 12, 'Update Case Investigation': 6, 'Sign-in activity': 5, 'Gets workflo... | \n", "[Azure Portal, Microsoft.Logic, Microsoft.OperationalInsights, Microsoft.SecurityInsights] | \n", "2019-10-15 12:18:55.118 | \n", "2019-10-24 23:19:31.193 | \n", "|
52.109.6.30 | \n", "US | \n", "United States | \n", "Boydton | \n", "MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US | \n", "7 | \n", "{'FileAccessed': 7} | \n", "[SharePoint] | \n", "2019-09-19 19:16:23.000 | \n", "2019-10-16 18:09:42.000 | \n", "|
66.146.193.33 | \n", "US | \n", "United States | \n", "Chicago | \n", "ONSH-NET-CHGO-BLK01 - OnShore, Inc., US | \n", "33 | \n", "{'FileAccessed': 17, 'FileDeleted': 9, 'PageViewed': 4, 'FilePreviewed': 2, 'FolderDeleted': 1} | \n", "[SharePoint] | \n", "2019-09-19 19:17:59.000 | \n", "2019-09-19 19:22:05.000 | \n", "|
92.62.139.103 | \n", "LT | \n", "Republic of Lithuania | \n", "Kaunas | \n", "BALTNETA Customers AS, LT | \n", "100 | \n", "{'FileAccessed': 35, 'FilePreviewed': 27, 'PageViewed': 16, 'SearchQueryPerformed': 14, 'FileDow... | \n", "[SharePoint] | \n", "2019-09-16 18:05:57.000 | \n", "2019-09-16 18:18:07.000 | \n", "
13 additional alerts have been triggered from one or more source IPs.
" ], "text/plain": [ "You should investigate these IPs using the 'Entity Explorer - IP Address' notebook
" ], "text/plain": [ "\n", " | TenantId | \n", "TimeGenerated | \n", "AlertDisplayName | \n", "AlertName | \n", "Severity | \n", "Description | \n", "ProviderName | \n", "VendorName | \n", "VendorOriginalId | \n", "SystemAlertId | \n", "ResourceId | \n", "SourceComputerId | \n", "AlertType | \n", "ConfidenceLevel | \n", "ConfidenceScore | \n", "IsIncident | \n", "StartTimeUtc | \n", "EndTimeUtc | \n", "ProcessingEndTime | \n", "RemediationSteps | \n", "ExtendedProperties | \n", "Entities | \n", "SourceSystem | \n", "WorkspaceSubscriptionId | \n", "WorkspaceResourceGroup | \n", "ExtendedLinks | \n", "ProductName | \n", "ProductComponentName | \n", "Type | \n", "SystemAlertId1 | \n", "ExtendedProperties1 | \n", "Entities1 | \n", "MatchingIps | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
19 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 22:11:41 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "2df2d792-aca7-43b5-9e31-fa4e0618ad8c | \n", "61787eba-f903-4b71-b211-dc1d6ec9b5f8 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 21:56:35 | \n", "2019-10-16 22:06:35 | \n", "2019-10-16 22:11:41 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "61787eba-f903-4b71-b211-dc1d6ec9b5f8 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
20 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 22:03:33 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "1d2be0b9-aded-4750-a372-47fbf1bf98b6 | \n", "2519550e-4850-4616-974f-422b4867a161 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 21:48:26 | \n", "2019-10-16 21:58:26 | \n", "2019-10-16 22:03:33 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "2519550e-4850-4616-974f-422b4867a161 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
21 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 22:21:52 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "227353f7-f56b-4500-b843-564dec775729 | \n", "695d982e-de0b-4dad-90fb-5ddc9ece3344 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 22:06:35 | \n", "2019-10-16 22:16:35 | \n", "2019-10-16 22:21:52 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n },... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "695d982e-de0b-4dad-90fb-5ddc9ece3344 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n },... | \n", "[176.10.99.200] | \n", "
22 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 22:48:10 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "8168f50f-5776-4f3b-99a0-0d32b8fb9ecd | \n", "3d0e8da1-c877-48db-a36f-978828669c25 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 21:43:04 | \n", "2019-10-16 22:43:04 | \n", "2019-10-16 22:48:10 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n },... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "3d0e8da1-c877-48db-a36f-978828669c25 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n },... | \n", "[176.10.99.200] | \n", "
23 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 22:33:12 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "3ef5d7e4-dae9-4a97-b51f-74ee823362d5 | \n", "7aef8c9f-6e0f-49cd-b651-2327f9a1c801 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 22:18:05 | \n", "2019-10-16 22:28:05 | \n", "2019-10-16 22:33:12 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n },... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "7aef8c9f-6e0f-49cd-b651-2327f9a1c801 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where SourceIP == \\\"137.135.26.148\\\"\\r\\n| where Url contains \\\"bit... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"https://bit.ly/35CsnLI\"\\r\\n },... | \n", "[176.10.99.200] | \n", "
26 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-09-27 08:23:08 | \n", "Activity from infrequent country | \n", "Activity from infrequent country | \n", "Medium | \n", "Megan Bowen (meganb@m365x648731.onmicrosoft.com) performed an activity. No activity was performe... | \n", "MCAS | \n", "Microsoft | \n", "B048A8BF-01C1-3C1A-9985-66191429FD36 | \n", "4ea929d7-94f2-25b3-da0a-0247f9f7c206 | \n", "\n", " | \n", " | MCAS_ALERT_ANUBIS_DETECTION_NEW_COUNTRY | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-09-27 08:18:42 | \n", "2019-09-27 08:18:42 | \n", "2019-09-27 08:23:07 | \n", "\n", " | {\\r\\n \"Cloud Applications\": \"Microsoft Azure\",\\r\\n \"Countries\": \"US\",\\r\\n \"IP Addresses\": \"50... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Address\": \"50.35.65.178\",\\r\\n \"Type\": \"ip\"\\r\\n },\\r\\n {... | \n", "Detection | \n", "\n", " | \n", " | [\\r\\n {\\r\\n \"Href\": \"https://m365x648731.portal.cloudappsecurity.com/#/policy/?id=eq(5d77739... | \n", "Microsoft Cloud App Security | \n", "\n", " | SecurityAlert | \n", "4ea929d7-94f2-25b3-da0a-0247f9f7c206 | \n", "{\\r\\n \"Cloud Applications\": \"Microsoft Azure\",\\r\\n \"Countries\": \"US\",\\r\\n \"IP Addresses\": \"50... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Address\": \"50.35.65.178\",\\r\\n \"Type\": \"ip\"\\r\\n },\\r\\n {... | \n", "[50.35.65.178] | \n", "
56 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 20:11:36 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "e4d06ca1-3bf4-4e8b-a6da-787091dc63ae | \n", "42925d1c-236c-4175-a2a6-39643b223902 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 19:06:30 | \n", "2019-10-16 20:06:30 | \n", "2019-10-16 20:11:36 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "42925d1c-236c-4175-a2a6-39643b223902 | \n", "{\\r\\n \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
57 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 20:19:18 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "4dcea248-aebc-4b38-a1e3-575afe5a0277 | \n", "b8eb1175-5262-434c-9de2-8b5854693c1f | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 19:14:11 | \n", "2019-10-16 20:14:11 | \n", "2019-10-16 20:19:18 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "b8eb1175-5262-434c-9de2-8b5854693c1f | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
58 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 20:29:17 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "52ba3b53-76b7-47f4-a8ca-707785c9315c | \n", "944e2de6-8c77-43b8-ac1e-feb2e893d33d | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 19:24:12 | \n", "2019-10-16 20:24:12 | \n", "2019-10-16 20:29:17 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "944e2de6-8c77-43b8-ac1e-feb2e893d33d | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
59 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 20:49:18 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "643a03f9-4899-4a0e-90a0-4c59cf30f183 | \n", "22db1193-9161-43db-bf1c-6c489878a1f2 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 19:44:12 | \n", "2019-10-16 20:44:12 | \n", "2019-10-16 20:49:18 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "22db1193-9161-43db-bf1c-6c489878a1f2 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
61 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 20:59:20 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "c39ce083-84a2-4fc4-8805-2e74b42de9bd | \n", "a358c066-810d-4db7-a272-cc9e79b7d2f9 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 19:54:12 | \n", "2019-10-16 20:54:12 | \n", "2019-10-16 20:59:20 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "a358c066-810d-4db7-a272-cc9e79b7d2f9 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
63 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 20:01:35 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "80cf53be-6612-4288-bc38-d9cf6104c950 | \n", "fdba59d6-731a-43e9-888b-97690a90a64c | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 18:56:30 | \n", "2019-10-16 19:56:30 | \n", "2019-10-16 20:01:35 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "fdba59d6-731a-43e9-888b-97690a90a64c | \n", "{\\r\\n \"Query\": \"ZScaler_CL\\r\\n| extend Url = Url_s\\r\\n| where DeviceAction_s contains \\\"allow\\\"... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
64 | \n", "a927809c-8142-43e1-96b3-4ad87cfe95a3 | \n", "2019-10-16 20:39:19 | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "High | \n", "Access from a suspicious IP leading to suspicious endpoint activity | \n", "ASI Scheduled Alerts | \n", "Microsoft | \n", "de87dbd4-aafd-40f5-aa5a-54f3006d044e | \n", "a399a710-351b-42b0-97c9-9f0d1a6ec972 | \n", "\n", " | \n", " | a927809c-8142-43e1-96b3-4ad87cfe95a3_62bc82a0-1f59-49b6-82f2-266a836d072c | \n", "Unknown | \n", "NaN | \n", "False | \n", "2019-10-16 19:34:12 | \n", "2019-10-16 20:34:12 | \n", "2019-10-16 20:39:19 | \n", "\n", " | {\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "Detection | \n", "1c4b4612-7123-47db-bb74-f3b6fde75431 | \n", "RedmondSentinelDemoRG | \n", "\n", " | Azure Sentinel | \n", "Scheduled Alerts | \n", "SecurityAlert | \n", "a399a710-351b-42b0-97c9-9f0d1a6ec972 | \n", "{\\r\\n \"Query\": \"ZScaler\\r\\n| where DeviceAction contains \\\"allow\\\"\\r\\n| join kind=inner (\\r\\nHe... | \n", "[\\r\\n {\\r\\n \"$id\": \"3\",\\r\\n \"Type\": \"url\",\\r\\n \"Url\": \"http://host.gomencom.website/Do... | \n", "[176.10.99.200] | \n", "
ianh@m365x054215.onmicrosoft.com (source: O365Activity)
", "text/plain": "\n | OfficeId | \nRecordType | \nTimeGenerated | \nOperation | \nOrganizationId | \nUserType | \nUserKey | \nAppResourceProvider | \nResultStatus | \nResourceId | \nUserId | \nIPAddress | \nSite_ | \nItemType | \nEventSource | \nSource_Name | \nUserAgent | \nMachineDomainInfo | \nMachineId | \nSite_Url | \nSourceRelativeUrl | \nSourceFileName | \nSourceFileExtension | \nDestinationRelativeUrl | \nDestinationFileName | \n... | \nLoginStatus | \nUserDomain | \nActor | \nActorContextId | \nActorIpAddress | \nInterSystemsId | \nIntraSystemId | \nSupportTicketId | \nAADTarget | \nTargetContextId | \nDataCenterSecurityEventType | \nStart_Time | \nEffectiveOrganization | \nElevationTime | \nElevationApprover | \nElevationApprovedTime | \nElevationRequestId | \nElevationRole | \nElevationDuration | \nGenericInfo | \nTenantId | \nOfficeTenantId | \nSourceSystem | \nType | \nUserPrincipalName | \n
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
90 | \n1827a799-9b5f-4082-b7c2-08d693b9fec0 | \nSharePointFileOperation | \n2019-02-16 02:53:57 | \nFileUploaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n20.190.133.114 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
89 | \nea0dfabe-6ca3-4844-3dd4-08d693ba08e5 | \nSharePointFileOperation | \n2019-02-16 02:54:14 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
91 | \n935acd8c-d863-42ca-e4a0-08d693ba0dc0 | \nSharePointFileOperation | \n2019-02-16 02:54:22 | \nFileModified | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n40.81.158.170 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
84 | \n5a043c42-2b3d-45ac-f185-08d693ba204e | \nSharePointFileOperation | \n2019-02-16 02:54:53 | \nFileModified | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n40.81.159.43 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
88 | \n648e58df-14f2-49f2-bd80-08d693ba2400 | \nSharePointFileOperation | \n2019-02-16 02:54:59 | \nFileUploaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ... | \nianh@m365x054215.onmicrosoft.com | \n40.81.159.203 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nTerms and Conditions.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
85 | \nae7d7ace-8fe1-4312-b264-08d693ba247e | \nSharePointFileOperation | \n2019-02-16 02:55:00 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nTerms and Conditions.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
87 | \nc2019e59-aba1-4b2a-682d-08d693ba2633 | \nSharePointFileOperation | \n2019-02-16 02:55:03 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ... | \nianh@m365x054215.onmicrosoft.com | \n40.81.159.203 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nTerms and Conditions.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
80 | \n36e891b6-7414-46dc-e76f-08d693ba639f | \nSharePoint | \n2019-02-16 02:56:46 | \nPageViewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/_layouts/15/oned... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nPage | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | \n | \n | \n | \n | \n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
83 | \n18c68639-c938-46de-6e0d-08d693ba6694 | \nSharePointFileOperation | \n2019-02-16 02:56:51 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Forms | \nUpload.aspx | \naspx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
82 | \n24133802-d613-4792-d05b-08d693ba6696 | \nSharePointFileOperation | \n2019-02-16 02:56:51 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Forms | \nEditForm.aspx | \naspx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
81 | \n72db453b-1b99-4d37-3292-08d693ba6699 | \nSharePointFileOperation | \n2019-02-16 02:56:51 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Forms | \nDispForm.aspx | \naspx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
86 | \nc82f7b30-c6dc-4214-4380-08d693ba67d6 | \nSharePointFileOperation | \n2019-02-16 02:56:53 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nSharePoint | \n\n | https://m365x054215-my.sharepoint.com/User Photos/Profile Pictures/ianh_m365x054215_onmicrosoft_... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n94823fb0-11d5-4424-b933-8663eafa73a3 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/ | \nUser Photos/Profile Pictures | \nianh_m365x054215_onmicrosoft_com_SThumb.jpg | \njpg | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
104 | \nd593ad26-d978-409d-2bb5-08d693bae0d4 | \nSharePointFileOperation | \n2019-02-16 03:00:16 | \nFileUploaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument1.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
103 | \n01beef88-e772-4fb7-f05a-08d693bae0d8 | \nSharePointFileOperation | \n2019-02-16 03:00:16 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument1.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
102 | \n0c4afb68-27a9-4044-4d83-08d693bae2e8 | \nSharePointFileOperation | \n2019-02-16 03:00:19 | \nFileModified | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n40.81.158.170 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument1.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
97 | \nf0cf46cf-23db-4fd9-ee33-08d693baf24e | \nSharePointFileOperation | \n2019-02-16 03:00:45 | \nFileModifiedExtended | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n40.81.159.43 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument1.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
96 | \n91d7343f-a4ae-44d3-5dfc-08d693baf2fd | \nSharePointFileOperation | \n2019-02-16 03:00:46 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nExtended Terms.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
98 | \na02ecb4d-9193-4f52-a22c-08d693baf297 | \nSharePointFileOperation | \n2019-02-16 03:00:46 | \nFileUploaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend... | \nianh@m365x054215.onmicrosoft.com | \n40.81.159.166 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nExtended Terms.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
95 | \n5b266285-7633-4362-eb31-08d693baf4e7 | \nSharePointFileOperation | \n2019-02-16 03:00:50 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend... | \nianh@m365x054215.onmicrosoft.com | \n40.81.159.203 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nExtended Terms.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
101 | \n1eee2dca-752e-4d84-e02a-08d693bb0343 | \nSharePointFileOperation | \n2019-02-16 03:01:14 | \nFileUploaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx | \nianh@m365x054215.onmicrosoft.com | \n20.190.133.115 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBook.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
100 | \n579df58a-380c-401a-a274-08d693bb0483 | \nSharePointFileOperation | \n2019-02-16 03:01:16 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBook.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
94 | \n89d902e8-26d9-4ff7-8a7e-08d693bb05ac | \nSharePointFileOperation | \n2019-02-16 03:01:18 | \nFileModified | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx | \nianh@m365x054215.onmicrosoft.com | \n40.81.126.127 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBook.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
92 | \n3e9d7170-5ed8-4b45-0ff0-08d693bb1274 | \nSharePointFileOperation | \n2019-02-16 03:01:39 | \nFileModifiedExtended | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx | \nianh@m365x054215.onmicrosoft.com | \n40.81.126.127 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBook.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
93 | \n82a80319-3d31-42a5-9b6d-08d693bb12e1 | \nSharePointFileOperation | \n2019-02-16 03:01:40 | \nFileUploaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget... | \nianh@m365x054215.onmicrosoft.com | \n40.81.126.127 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | MSWAC | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBudget 2019.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
99 | \nfdc8e70e-83f0-4f40-bd2f-08d693bb130f | \nSharePointFileOperation | \n2019-02-16 03:01:40 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget... | \nianh@m365x054215.onmicrosoft.com | \n131.107.147.209 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.328... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBudget 2019.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:06:18 | \n\n | 2019-02-16 03:06:18 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
68 | \n55d9a7c7-c31b-4865-9436-256252407703 | \nAzureActiveDirectoryStsLogon | \n2019-02-16 03:43:14 | \nUserLoginFailed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \n100320003B5602FC@m365x054215.onmicrosoft.com | \nAzureActiveDirectory | \nFailed | \n00000002-0000-0000-c000-000000000000 | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | ... | \nNaN | \n\n | [\\r\\n {\\r\\n \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n \"Type\": 0\\r\\n },\\r\\n {\\r\\... | \naa46238d-13fc-4314-8f0c-94044435adb1 | \n23.97.60.214 | \nc3d42f80-984c-49e4-84d4-accb5a5a825f | \nc02218e3-d179-46ac-ac77-c4fd6a320200 | \n\n | [\\r\\n {\\r\\n \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n \"Type\": 0\\r\\n }\\r\\n] | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nNaN | \n2019-02-16 04:10:48 | \n\n | 2019-02-16 04:10:48 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
76 | \nbf8f66bf-8964-4676-bfba-7c317454fcfa | \nAzureActiveDirectoryStsLogon | \n2019-02-16 03:43:25 | \nUserLoginFailed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \n100320003B5602FC@m365x054215.onmicrosoft.com | \nAzureActiveDirectory | \nFailed | \n00000002-0000-0000-c000-000000000000 | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | ... | \nNaN | \n\n | [\\r\\n {\\r\\n \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n \"Type\": 0\\r\\n },\\r\\n {\\r\\... | \naa46238d-13fc-4314-8f0c-94044435adb1 | \n23.97.60.214 | \nc3d42f80-984c-49e4-84d4-accb5a5a825f | \n13b6bf66-c216-4c8c-bcd4-c7761a2e0200 | \n\n | [\\r\\n {\\r\\n \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n \"Type\": 0\\r\\n }\\r\\n] | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nNaN | \n2019-02-16 04:10:48 | \n\n | 2019-02-16 04:10:48 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
67 | \nc8466fb6-95f5-4644-9db1-9b0ee471abd4 | \nAzureActiveDirectoryStsLogon | \n2019-02-16 03:43:50 | \nUserLoginFailed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \n100320003B5602FC@m365x054215.onmicrosoft.com | \nAzureActiveDirectory | \nFailed | \n00000002-0000-0000-c000-000000000000 | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | \n | ... | \nNaN | \n\n | [\\r\\n {\\r\\n \"ID\": \"6e68fbc9-9ce3-4f4a-b2d4-45f52067c122\",\\r\\n \"Type\": 0\\r\\n },\\r\\n {\\r\\... | \naa46238d-13fc-4314-8f0c-94044435adb1 | \n23.97.60.214 | \nc3d42f80-984c-49e4-84d4-accb5a5a825f | \n919e17a5-9f6c-4bcc-87e5-7bc4a13f0200 | \n\n | [\\r\\n {\\r\\n \"ID\": \"00000002-0000-0000-c000-000000000000\",\\r\\n \"Type\": 0\\r\\n }\\r\\n] | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nNaN | \n2019-02-16 04:10:48 | \n\n | 2019-02-16 04:10:48 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
58 | \nb799f496-12e2-43e2-0153-08d693c10ec2 | \nSharePointFileOperation | \n2019-02-16 03:44:30 | \nFilePreviewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ... | \nianh@m365x054215.onmicrosoft.com | \n20.190.140.50 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nTerms and Conditions.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
31 | \n80843a0e-5f5d-41a3-b3d9-08d693c10ef4 | \nSharePointFileOperation | \n2019-02-16 03:44:30 | \nFilePreviewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n20.190.140.50 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
56 | \n43b403d5-150e-49d8-87bb-08d693c10e92 | \nSharePointFileOperation | \n2019-02-16 03:44:30 | \nFilePreviewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n20.190.140.50 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument1.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
30 | \nb336877e-04c3-4981-3b68-08d693c10f1d | \nSharePoint | \n2019-02-16 03:44:31 | \nPageViewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/_layouts/15/oned... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nPage | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | \n | \n | \n | \n | \n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
57 | \n1972246f-d5f6-43fc-dadd-08d693c1100a | \nSharePointFileOperation | \n2019-02-16 03:44:32 | \nFilePreviewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
55 | \n069a9542-bc4f-4850-001f-08d693c11014 | \nSharePointFileOperation | \n2019-02-16 03:44:32 | \nFilePreviewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nTerms and Conditions.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
54 | \ndc4e9352-915f-4a09-24e5-08d693c10fb8 | \nSharePointFileOperation | \n2019-02-16 03:44:32 | \nFilePreviewed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument1.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
4 | \n15a0b86e-1d7f-4581-79a9-08d693c111bb | \nSharePointFileOperation | \n2019-02-16 03:44:35 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Forms | \nDispForm.aspx | \naspx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
5 | \n0c07c626-95a6-4ddb-1890-08d693c111b9 | \nSharePointFileOperation | \n2019-02-16 03:44:35 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Forms | \nEditForm.aspx | \naspx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
6 | \nab389151-c8ee-45ff-b5bd-08d693c111b6 | \nSharePointFileOperation | \n2019-02-16 03:44:35 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Forms/... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Forms | \nUpload.aspx | \naspx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
7 | \n9fd6d462-17af-4539-7cbb-08d693c11323 | \nSharePointFileOperation | \n2019-02-16 03:44:37 | \nFileAccessed | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nSharePoint | \n\n | https://m365x054215-my.sharepoint.com/User Photos/Profile Pictures/ianh_m365x054215_onmicrosoft_... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n94823fb0-11d5-4424-b933-8663eafa73a3 | \nFile | \nSharePoint | \n\n | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.316... | \n\n | \n | https://m365x054215-my.sharepoint.com/ | \nUser Photos/Profile Pictures | \nianh_m365x054215_onmicrosoft_com_SThumb.jpg | \njpg | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
53 | \n709a549c-b747-44c4-dc40-08d693c11cdf | \nSharePointFileOperation | \n2019-02-16 03:44:54 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Book.xlsx | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBook.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
29 | \nc1b5f773-b5bd-4333-4d12-08d693c11d3d | \nSharePointFileOperation | \n2019-02-16 03:44:54 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Getting Started English.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
52 | \nb56975a9-1a8f-4c84-dddd-08d693c11e85 | \nSharePointFileOperation | \n2019-02-16 03:44:56 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Getting Started French.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
28 | \n636946bd-4558-4836-73df-08d693c11eea | \nSharePointFileOperation | \n2019-02-16 03:44:57 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Getting Started German.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
51 | \n4620ed55-ea54-4f13-48b9-08d693c11f74 | \nSharePointFileOperation | \n2019-02-16 03:44:58 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Getting Started Japanese.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
50 | \n1dcf62a7-67d5-49d9-644a-08d693c12054 | \nSharePointFileOperation | \n2019-02-16 03:44:59 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Manual Addendum English.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
27 | \n880d1425-bd87-4b6f-57b8-08d693c11fcf | \nSharePointFileOperation | \n2019-02-16 03:44:59 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Getting Started Spanish.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
49 | \ne742a1e9-d9e4-4d16-c1e5-08d693c120b3 | \nSharePointFileOperation | \n2019-02-16 03:45:00 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Manual Addendum German.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
25 | \n84cbe412-b00e-49ae-4ab6-08d693c120c7 | \nSharePointFileOperation | \n2019-02-16 03:45:00 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Manual Addendum Japanese.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
26 | \nd6c655c7-6da5-444b-1352-08d693c1206f | \nSharePointFileOperation | \n2019-02-16 03:45:00 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Manual Addendum French.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
47 | \n675c68e5-b826-4487-7efc-08d693c12153 | \nSharePointFileOperation | \n2019-02-16 03:45:01 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Manuals | \nNakamichi_480_service_manual.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
48 | \n05980b7f-27d0-4086-8390-08d693c120f6 | \nSharePointFileOperation | \n2019-02-16 03:45:01 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Absynth | \nAbsynth 5 Manual Addendum Spanish.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
24 | \n83332db6-a62c-4dfd-e57a-08d693c12121 | \nSharePointFileOperation | \n2019-02-16 03:45:01 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Manuals | \nMAudio-KS61ES_EN01.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
23 | \n7fbff88a-bbf9-4cc0-41bc-08d693c121a0 | \nSharePointFileOperation | \n2019-02-16 03:45:02 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Manuals | \nNakamichi_480_service_manual.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
46 | \nc0924668-e962-49bf-ab30-08d693c12284 | \nSharePointFileOperation | \n2019-02-16 03:45:03 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Manuals | \nNakamichi_CDP-2_service_manual.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
22 | \n805770c0-3be4-47f9-5c6d-08d693c122be | \nSharePointFileOperation | \n2019-02-16 03:45:04 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Manuals | \nNakamichi_CDP-2_service_manual.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
45 | \nd5656882-a44f-4919-3d71-08d693c1237a | \nSharePointFileOperation | \n2019-02-16 03:45:05 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Manuals | \nNakamichi_CR-3_service_manual.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
21 | \n90c5b161-451b-4c88-eb68-08d693c123f1 | \nSharePointFileOperation | \n2019-02-16 03:45:06 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive 1.1.4 Manual Addendum English.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
20 | \n0791c847-475d-48e1-8383-08d693c1246b | \nSharePointFileOperation | \n2019-02-16 03:45:06 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive/License Agreement | \nEULA Native Instruments deutsch.rtf | \nrtf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
44 | \nb08da3cb-5e37-49ce-0c7e-08d693c1244c | \nSharePointFileOperation | \n2019-02-16 03:45:06 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive/License Agreement | \nEULA Native Instruments deutsch.rtf | \nrtf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
43 | \nfcb00b0c-50b7-43ca-2b70-08d693c1250d | \nSharePointFileOperation | \n2019-02-16 03:45:07 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive/License Agreement | \nEULA Native Instruments English.rtf | \nrtf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
19 | \n2e0456e2-c6b2-4e1d-056d-08d693c1252f | \nSharePointFileOperation | \n2019-02-16 03:45:08 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive/License Agreement | \nEULA Native Instruments English.rtf | \nrtf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
42 | \n24c2e6e1-6de5-44bf-bfc7-08d693c125e3 | \nSharePointFileOperation | \n2019-02-16 03:45:09 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive/License Agreement | \nEULA Native Instruments Japanese.rtf | \nrtf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
18 | \n4a3fadc6-3635-4542-3727-08d693c12603 | \nSharePointFileOperation | \n2019-02-16 03:45:09 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive/License Agreement | \nEULA Native Instruments Japanese.rtf | \nrtf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
41 | \nbc5a4457-b2e4-4b69-18fd-08d693c126bf | \nSharePointFileOperation | \n2019-02-16 03:45:10 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Getting Started English.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
17 | \n4cd008e7-98da-48a6-0545-08d693c126f4 | \nSharePointFileOperation | \n2019-02-16 03:45:11 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Getting Started French.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
40 | \n9a952e38-6fee-456e-4df6-08d693c12755 | \nSharePointFileOperation | \n2019-02-16 03:45:11 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Getting Started German.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
16 | \n80041b7a-a9ad-41ef-9a60-08d693c127ab | \nSharePointFileOperation | \n2019-02-16 03:45:12 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Getting Started Japanese.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
39 | \n30576328-c871-4789-1fa2-08d693c12808 | \nSharePointFileOperation | \n2019-02-16 03:45:12 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Getting Started Spanish.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
14 | \ncb0ef8e9-fdb3-4429-b7f3-08d693c1288b | \nSharePointFileOperation | \n2019-02-16 03:45:13 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Addendum German.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
15 | \n3d86465e-01a0-4991-94a6-08d693c12846 | \nSharePointFileOperation | \n2019-02-16 03:45:13 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Addendum English.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
38 | \n30dff6e4-2199-439a-a544-08d693c1286e | \nSharePointFileOperation | \n2019-02-16 03:45:13 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Addendum French.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
13 | \n31adfd42-cf87-44f0-f084-08d693c128c4 | \nSharePointFileOperation | \n2019-02-16 03:45:14 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Addendum Spanish.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
37 | \n7197f34b-8f0c-4ad5-f037-08d693c128ba | \nSharePointFileOperation | \n2019-02-16 03:45:14 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Addendum Japanese.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
36 | \n5a7fb393-eb78-4534-2705-08d693c12913 | \nSharePointFileOperation | \n2019-02-16 03:45:14 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual English.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
12 | \n7a80f900-5593-4103-4906-08d693c129a0 | \nSharePointFileOperation | \n2019-02-16 03:45:15 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual French.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
35 | \nf8b2d971-651c-44d6-18b5-08d693c12a49 | \nSharePointFileOperation | \n2019-02-16 03:45:16 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual German.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
11 | \n769079c4-81b9-4836-76b2-08d693c12ad1 | \nSharePointFileOperation | \n2019-02-16 03:45:17 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Japanese.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
34 | \nfa6f2bac-4628-452d-e48e-08d693c12b1a | \nSharePointFileOperation | \n2019-02-16 03:45:18 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Japanese.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
3 | \n8e4239eb-d72b-4d33-2ca2-08d693c12b16 | \nSharePointFileOperation | \n2019-02-16 03:45:18 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Japanese.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
10 | \n25c2f107-0a63-4734-e0d6-08d693c12bde | \nSharePointFileOperation | \n2019-02-16 03:45:19 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nMassive Manual Spanish.pdf | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n|
33 | \nd5282c43-9c29-4e5f-71e8-08d693c12c6d | \nSharePointFileOperation | \n2019-02-16 03:45:20 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments/Documents/Massive | \nReadme.txt | \ntxt | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
9 | \n3d6e67d1-d61f-4db0-772d-08d693c12c96 | \nSharePointFileOperation | \n2019-02-16 03:45:20 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
8 | \n75d9efdb-8c13-4c4a-734c-08d693c12cd4 | \nSharePointFileOperation | \n2019-02-16 03:45:20 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Terms ... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nTerms and Conditions.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
2 | \n464fb121-5147-4b1a-f34a-08d693c12c82 | \nSharePointFileOperation | \n2019-02-16 03:45:20 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Budget... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nBudget 2019.xlsx | \nxlsx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
32 | \nc4d63cf4-c616-41cd-bcdc-08d693c12cb9 | \nSharePointFileOperation | \n2019-02-16 03:45:20 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Docume... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nDocument1.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
1 | \n2f2a649f-51f1-4734-52d7-08d693c12cc3 | \nSharePointFileOperation | \n2019-02-16 03:45:20 | \nFileDownloaded | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nRegular | \ni:0h.f|membership|100320003b5602fc@live.com | \nOneDrive | \n\n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/Documents/Extend... | \nianh@m365x054215.onmicrosoft.com | \n23.97.60.214 | \n4f96a3b3-f5ae-4706-af77-7984baf27d79 | \nFile | \nSharePoint | \n\n | OneDriveMpc/1.0 | \n\n | \n | https://m365x054215-my.sharepoint.com/personal/ianh_m365x054215_onmicrosoft_com/ | \nDocuments | \nExtended Terms.docx | \ndocx | \n\n | \n | ... | \nNaN | \n\n | \n | \n | \n | \n | \n | \n | \n | \n | NaN | \n2019-02-16 03:57:58 | \n\n | 2019-02-16 03:57:58 | \n\n | NaT | \n\n | \n | NaN | \n\n | 52b1ab41-869e-4138-9e40-2a4457f09bf0 | \naa46238d-13fc-4314-8f0c-94044435adb1 | \nOfficeActivityManager | \nOfficeActivity | \nianh@m365x054215.onmicrosoft.com | \n
86 rows × 92 columns
\nalexw@m365x648731.onmicrosoft.com (source: AADLogon)
", "text/plain": "\n | TimeGenerated | \nUserPrincipalName | \nIdentity | \nIPAddress | \nLocationDetails | \n
---|---|---|---|---|---|
0 | \n2019-10-29 23:40:25.427 | \nalexw@m365x648731.onmicrosoft.com | \nAlex Wilber | \n131.107.174.181 | \n{\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68... | \n
1 | \n2019-10-29 23:41:38.870 | \nalexw@m365x648731.onmicrosoft.com | \nAlex Wilber | \n131.107.159.181 | \n{\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68... | \n
2 | \n2019-10-29 23:44:32.382 | \nalexw@m365x648731.onmicrosoft.com | \nAlex Wilber | \n131.107.160.181 | \n{\"city\":\"Redmond\",\"state\":\"Washington\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":47.68... | \n
ian (source: WindowsHostLogon)
", "text/plain": "\n | TargetUserName | \nTargetDomainName | \nLogonType | \nComputer | \nLogonStatus | \nTimeGenerated | \nSubjectUserName | \nSubjectDomainName | \nTargetUserSid | \nEventID | \nIpAddress | \n
---|---|---|---|---|---|---|---|---|---|---|---|
4 | \nian | \nMSTICAlertsWin1 | \n4 | \nMSTICAlertsWin1 | \nfailed | \n2019-02-15 04:09:38.523 | \nMSTICAlertsWin1$ | \nWORKGROUP | \nS-1-0-0 | \n4625 | \n- | \n
3 | \nian | \nMSTICAlertsWin1 | \n2 | \nMSTICAlertsWin1 | \nfailed | \n2019-02-16 00:06:02.193 | \nian | \nMSTICAlertsWin1 | \nS-1-0-0 | \n4625 | \n- | \n
1 | \nian | \nMSTICAlertsWin1 | \n3 | \nMSTICAlertsWin1 | \nsuccess | \n2019-02-16 03:24:45.260 | \n- | \n- | \nS-1-5-21-996632719-2361334927-4038480536-1120 | \n4624 | \n23.97.60.214 | \n
2 | \nian | \nMSTICAlertsWin1 | \n10 | \nMSTICAlertsWin1 | \nsuccess | \n2019-02-16 03:24:49.500 | \nMSTICAlertsWin1$ | \nWORKGROUP | \nS-1-5-21-996632719-2361334927-4038480536-1120 | \n4624 | \n23.97.60.214 | \n
0 | \nian | \nMSTICAlertsWin1 | \n4 | \nMSTICAlertsWin1 | \nsuccess | \n2019-02-25 18:32:40.620 | \nMSTICAlertsWin1$ | \nWORKGROUP | \nS-1-5-21-996632719-2361334927-4038480536-1120 | \n4624 | \n- | \n
\n | 221 | \n
---|---|
TenantId | \na927809c-8142-43e1-96b3-4ad87cfe95a3 | \n
TimeGenerated | \n2019-09-16 18:22:32 | \n
AlertDisplayName | \nActivity from infrequent country | \n
AlertName | \nActivity from infrequent country | \n
Severity | \nMedium | \n
Description | \nAlex Wilber (alexw@m365x648731.onmicrosoft.com) performed an activity. No activity was performed in Switzerland in the past 6 days. Additional risks in this user session: The user created or updated an inbox forwarding rule that forwards all incoming email to meganb@m365x648731.onmicrosoft.com. 2a02:418:6017::148 is a Tor IP address. ISP Nine Internet Solutions AG was used for the first time in 6 days in your organization. | \n
ProviderName | \nMCAS | \n
VendorName | \nMicrosoft | \n
VendorOriginalId | \nFAF12F23-A98B-3A0E-97BA-0591954352F6 | \n
SystemAlertId | \na9ec17e2-695d-55c2-2559-db2500634922 | \n
ResourceId | \n\n |
SourceComputerId | \n\n |
AlertType | \nMCAS_ALERT_ANUBIS_DETECTION_NEW_COUNTRY | \n
ConfidenceLevel | \nUnknown | \n
ConfidenceScore | \nNaN | \n
IsIncident | \nFalse | \n
StartTimeUtc | \n2019-09-16 17:43:36 | \n
EndTimeUtc | \n2019-09-16 17:43:36 | \n
ProcessingEndTime | \n2019-09-16 18:22:31 | \n
RemediationSteps | \n\n |
ExtendedProperties | \n{'Cloud Applications': 'Microsoft Exchange Online', 'Countries': 'CH', 'IP Addresses': '2a02:418:6017::148'} | \n
Entities | \n[{'$id': '3', 'AppId': 20893, 'Name': 'Microsoft Exchange Online', 'InstanceName': 'Microsoft Exchange Online', 'Type': 'cloud-application'}, {'$id': '4', 'Name': 'alexw', 'UPNSuffix': 'm365x648731.onmicrosoft.com', 'AadUserId': '433ccf60-f7b1-48c1-943b-6b736fbfbd00', 'Type': 'account'}, {'$id': '5', 'Address': '2a02:418:6017::148', 'Type': 'ip'}] | \n
SourceSystem | \nDetection | \n
WorkspaceSubscriptionId | \n\n |
WorkspaceResourceGroup | \n\n |
ExtendedLinks | \n[\\r\\n {\\r\\n \"Href\": \"https://m365x648731.portal.cloudappsecurity.com/#/policy/?id=eq(5d77739530c3ee203cd8bedb,)\",\\r\\n \"Category\": null,\\r\\n \"Label\": \"Cloud App Security policy ID\",\\r\\n \"Type\": \"webLink\"\\r\\n },\\r\\n {\\r\\n \"Href\": \"https://m365x648731.portal.cloudappsecurity.com/#/alerts/5d7fd2e4161b26b87295b35c\",\\r\\n \"Category\": null,\\r\\n \"Label\": \"Cloud App Security alert ID\",\\r\\n \"Type\": \"webLink\"\\r\\n }\\r\\n] | \n
ProductName | \nMicrosoft Cloud App Security | \n
ProductComponentName | \n\n |
Type | \nSecurityAlert | \n
Computer | \n\n |
src_hostname | \n\n |
src_accountname | \nalexw | \n
src_procname | \n\n |
host_match | \nFalse | \n
acct_match | \nTrue | \n
proc_match | \nFalse | \n
CompromisedEntity | \nalexw | \n
\n | 0 | \n
---|---|
Cloud Applications | \nMicrosoft Exchange Online | \n
Countries | \nCH | \n
IP Addresses | \n2a02:418:6017::148 | \n
ALEX (source: WindowsHostLogon)
", "text/plain": "\n | TargetUserName | \nTargetDomainName | \nLogonType | \nComputer | \nLogonStatus | \nTimeGenerated | \nSubjectUserName | \nSubjectDomainName | \nTargetUserSid | \nEventID | \nIpAddress | \n
---|---|---|---|---|---|---|---|---|---|---|---|
0 | \nALEX | \n\n | 3 | \nWebServer-1 | \nfailed | \n2019-10-30 17:37:44.297 | \n- | \n- | \nS-1-0-0 | \n4625 | \n185.81.128.116 | \n
Alex (source: WindowsHostLogon)
", "text/plain": "\n | TargetUserName | \nTargetDomainName | \nLogonType | \nComputer | \nLogonStatus | \nTimeGenerated | \nSubjectUserName | \nSubjectDomainName | \nTargetUserSid | \nEventID | \nIpAddress | \n
---|---|---|---|---|---|---|---|---|---|---|---|
1 | \nAlex | \n\n | 3 | \nWebServer-1 | \nfailed | \n2019-10-30 09:18:11.770 | \n- | \n- | \nS-1-0-0 | \n4625 | \n173.249.58.228 | \n
alexw@m365x648731.onmicrosoft.com (source: O365Activity)
", "text/plain": "\n | UserId | \nOfficeWorkload | \nClientIP | \nTimeGenerated | \nOperation | \nUserType | \n
---|---|---|---|---|---|---|
25 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n40.126.9.50 | \n2019-09-16 17:42:23 | \nFilePreviewed | \nRegular | \n
24 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n77.247.181.163 | \n2019-09-16 17:42:38 | \nFilePreviewed | \nRegular | \n
23 | \nalexw@m365x648731.onmicrosoft.com | \nExchange | \n[2a02:418:6017::148]:45644 | \n2019-09-16 17:43:36 | \nNew-InboxRule | \nAdmin | \n
22 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n185.220.101.6 | \n2019-09-16 18:12:53 | \nFileDownloaded | \nRegular | \n
21 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n199.249.230.113 | \n2019-09-16 18:16:38 | \nFileAccessed | \nRegular | \n
20 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n92.62.139.103 | \n2019-09-16 18:18:07 | \nFileAccessed | \nRegular | \n
19 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n185.220.102.8 | \n2019-09-16 20:43:20 | \nFileUploaded | \nRegular | \n
18 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n40.117.152.107 | \n2019-09-18 17:02:37 | \nSearchQueryPerformed | \nRegular | \n
17 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n23.129.64.152 | \n2019-09-18 17:03:03 | \nFileAccessed | \nRegular | \n
16 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n185.220.101.31 | \n2019-09-18 17:10:23 | \nSearchQueryPerformed | \nRegular | \n
15 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n20.190.128.103 | \n2019-09-19 19:16:14 | \nFilePreviewed | \nRegular | \n
14 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n20.190.128.101 | \n2019-09-19 19:16:16 | \nFilePreviewed | \nRegular | \n
13 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n199.249.230.111 | \n2019-09-19 19:16:26 | \nFilePreviewed | \nRegular | \n
12 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n\n | 2019-09-19 19:18:06 | \nFileAccessed | \nRegular | \n
11 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n66.146.193.33 | \n2019-09-19 19:22:05 | \nFilePreviewed | \nRegular | \n
10 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n176.10.104.240 | \n2019-09-19 20:26:23 | \nFileModifiedExtended | \nRegular | \n
9 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n20.190.129.100 | \n2019-09-20 18:20:48 | \nFilePreviewed | \nRegular | \n
8 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n104.41.146.53 | \n2019-09-20 18:20:49 | \nSearchQueryPerformed | \nRegular | \n
7 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n109.70.100.26 | \n2019-09-20 18:20:50 | \nFilePreviewed | \nRegular | \n
6 | \nalexw@m365x648731.onmicrosoft.com | \nExchange | \n176.10.99.200:45866 | \n2019-09-20 20:11:57 | \nNew-InboxRule | \nAdmin | \n
5 | \nalexw@m365x648731.onmicrosoft.com | \nExchange | \n185.207.139.2:7127 | \n2019-09-24 23:10:35 | \nRemove-InboxRule | \nAdmin | \n
4 | \nalexw@m365x648731.onmicrosoft.com | \nExchange | \n185.207.139.2:30396 | \n2019-09-24 23:10:38 | \nRemove-InboxRule | \nAdmin | \n
3 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n40.126.9.51 | \n2019-10-16 18:09:36 | \nFilePreviewed | \nRegular | \n
2 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n40.126.9.49 | \n2019-10-16 18:09:38 | \nFilePreviewed | \nRegular | \n
1 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n185.220.101.1 | \n2019-10-16 18:09:41 | \nFilePreviewed | \nRegular | \n
0 | \nalexw@m365x648731.onmicrosoft.com | \nSharePoint | \n52.109.6.30 | \n2019-10-16 18:09:42 | \nFileAccessed | \nRegular | \n
\n |
---|
TenantId | \n
TimeGenerated | \n
BookmarkId | \n
BookmarkName | \n
BookmarkType | \n
CreatedBy | \n
UpdatedBy | \n
CreatedTime | \n
LastUpdatedTime | \n
EventTime | \n
QueryText | \n
QueryResultRow | \n
QueryStartTime | \n
QueryEndTime | \n
Notes | \n
SoftDeleted | \n
Tags | \n
SourceSystem | \n
Type | \n
_ResourceId | \n
Computer | \n
Account | \n
Entities | \n
\n | 0 | \n
---|---|
TenantId | \n52b1ab41-869e-4138-9e40-2a4457f09bf0 | \n
TimeGenerated | \n2019-02-25 19:45:17.982000 | \n
BookmarkId | \nb0493469-b0c7-4666-acb8-787646c14107 | \n
BookmarkName | \nSecurityAlert - 787646c14107 | \n
BookmarkType | \n\n |
CreatedBy | \n{\\r\\n \"ObjectId\": \"90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d\",\\r\\n \"Email\": \"juliango@microsoft.com... | \n
UpdatedBy | \n{\\r\\n \"ObjectId\": \"90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d\",\\r\\n \"Email\": \"juliango@microsoft.com... | \n
CreatedTime | \n2019-02-25 19:45:17.921000 | \n
LastUpdatedTime | \n2019-02-25 19:45:17.921000 | \n
EventTime | \n2019-02-25 19:45:17.921000 | \n
QueryText | \n// *** Join SSH Brute Force ML detections with Host IP and Name information *** //\\r\\n// Start ... | \n
QueryResultRow | \n{\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2... | \n
QueryStartTime | \nNaT | \n
QueryEndTime | \nNaT | \n
Notes | \n\n |
SoftDeleted | \nFalse | \n
Tags | \n[\\r\\n \"fluffydog_campaign\"\\r\\n] | \n
SourceSystem | \nAzure Sentinel | \n
Type | \n\n |
_ResourceId | \n\n |
Computer | \nNone | \n
Account | \ndbadmin | \n
Entities | \nNone | \n
\n | 1 | \n
---|---|
TenantId | \n52b1ab41-869e-4138-9e40-2a4457f09bf0 | \n
TimeGenerated | \n2019-02-25 16:39:31.141000 | \n
BookmarkId | \nafef383e-af37-4058-a13b-f904f1eb9823 | \n
BookmarkName | \nSSH BF TEST | \n
BookmarkType | \n\n |
CreatedBy | \n{\\r\\n \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n \"Email\": \"bnick@microsoft.com\",\\... | \n
UpdatedBy | \n{\\r\\n \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n \"Email\": \"bnick@microsoft.com\",\\... | \n
CreatedTime | \n2019-02-25 16:39:30.955000 | \n
LastUpdatedTime | \n2019-02-25 16:39:30.955000 | \n
EventTime | \n2019-02-25 16:39:30.955000 | \n
QueryText | \n// *** Join SSH Brute Force ML detections with Host IP and Name information *** //\\r\\n// Start ... | \n
QueryResultRow | \n{\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2... | \n
QueryStartTime | \nNaT | \n
QueryEndTime | \nNaT | \n
Notes | \nThis is a critical asset. | \n
SoftDeleted | \nFalse | \n
Tags | \n[\\r\\n \"BouncyRaccoon\"\\r\\n] | \n
SourceSystem | \nAzure Sentinel | \n
Type | \n\n |
_ResourceId | \n\n |
Computer | \nNone | \n
Account | \ndbadmin | \n
Entities | \nNone | \n
\n | 1 | \n
---|---|
TenantId | \n52b1ab41-869e-4138-9e40-2a4457f09bf0 | \n
TimeGenerated | \n2019-02-25 16:39:31.141000 | \n
BookmarkId | \nafef383e-af37-4058-a13b-f904f1eb9823 | \n
BookmarkName | \nSSH BF TEST | \n
BookmarkType | \n\n |
CreatedBy | \n{\\r\\n \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n \"Email\": \"bnick@microsoft.com\",\\... | \n
UpdatedBy | \n{\\r\\n \"ObjectId\": \"b3a76793-1a0d-4bfe-95f6-96919d4b9acf\",\\r\\n \"Email\": \"bnick@microsoft.com\",\\... | \n
CreatedTime | \n2019-02-25 16:39:30.955000 | \n
LastUpdatedTime | \n2019-02-25 16:39:30.955000 | \n
EventTime | \n2019-02-25 16:39:30.955000 | \n
QueryText | \n// *** Join SSH Brute Force ML detections with Host IP and Name information *** //\\r\\n// Start ... | \n
QueryResultRow | \n{\"TimeGenerated\":\"2019-02-19T17:29:26Z\",\"AlertName\":\"SSH Anomalous Login ML\",\"IPCustomEntity\":\"2... | \n
QueryStartTime | \nNaT | \n
QueryEndTime | \nNaT | \n
Notes | \nThis is a critical asset. | \n
SoftDeleted | \nFalse | \n
Tags | \n[\\r\\n \"BouncyRaccoon\"\\r\\n] | \n
SourceSystem | \nAzure Sentinel | \n
Type | \n\n |
_ResourceId | \n\n |
Computer | \nNone | \n
Account | \ndbadmin | \n
Entities | \nNone | \n
\n | 7 | \n
---|---|
TenantId | \n52b1ab41-869e-4138-9e40-2a4457f09bf0 | \n
TimeGenerated | \n2019-02-15 04:03:30 | \n
AlertDisplayName | \nPossible suspicious scheduling tasks access detected | \n
AlertName | \nPossible suspicious scheduling tasks access detected | \n
Severity | \nInformational | \n
Description | \nAnalysis of host data indicates that a cron job was accessed by dbadmin.\\r\\nThis activity could either be legitimate activity, or an indication of a compromised host that involved using task scheduling to execute malicious programs on a scheduled basis. | \n
ProviderName | \nDetection | \n
VendorName | \nMicrosoft | \n
VendorOriginalId | \n57b6af71-984e-45f3-9aac-d6bbd79eed07 | \n
SystemAlertId | \n2518520973978269999_57b6af71-984e-45f3-9aac-d6bbd79eed07 | \n
ResourceId | \n/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/ASIHuntOMSWorkspaceRG/providers/Microsoft.Compute/virtualMachines/MSTICAlertsLxVM2 | \n
SourceComputerId | \n44623fb0-bd5f-49ea-84d1-56aa11ab8a25 | \n
AlertType | \nSCUBA_RULE_AccessCronJob | \n
ConfidenceLevel | \nUnknown | \n
ConfidenceScore | \nNaN | \n
IsIncident | \nFalse | \n
StartTimeUtc | \n2019-02-15 04:03:22 | \n
EndTimeUtc | \n2019-02-15 04:03:22 | \n
ProcessingEndTime | \n2019-02-15 04:03:30 | \n
RemediationSteps | \n[\\r\\n \"Review with dbadmin the activity in this alert to see if you recognize this as legitimate administrative activity. If not, escalate the alert to the information security team.\"\\r\\n] | \n
ExtendedProperties | \n{'Compromised Host': 'MSTICALERTSLXVM2', 'User Name': 'dbadmin', 'Account Session Id': '0x2e093', 'Suspicious Process': '/usr/bin/vim.basic', 'Suspicious Command Line': '/usr/bin/vim.basic /tmp/crontab.UQ6iiQ/crontab', 'Suspicious Process Id': '0x51b3', 'resourceType': 'Virtual Machine', 'ServiceId': '14fa08c7-c48e-4c18-950c-8148024b4398', 'ReportingSystem': 'Azure', 'OccuringDatacenter': 'eastus'} | \n
Entities | \n[{'$id': '4', 'DnsDomain': '', 'NTDomain': '', 'HostName': 'MSTICALERTSLXVM2', 'NetBiosName': 'MSTICALERTSLXVM2', 'OSFamily': 'Linux', 'OSVersion': 'Linux', 'Type': 'host'}, {'$id': '5', 'ProcessId': '0x518a', 'CommandLine': '', 'Host': {'$ref': '4'}, 'Type': 'process'}, {'$id': '6', 'Name': 'dbadmin', 'Host': {'$ref': '4'}, 'Sid': '1001:1001', 'Type': 'account', 'LogonId': '0x2e093'}, {'$id': '7', 'Directory': '/usr/bin', 'Name': 'vim.basic', 'Type': 'file'}, {'$id': '8', 'ProcessId': '0x51b3', 'CommandLine': '/usr/bin/vim.basic /tmp/crontab.UQ6iiQ/crontab', 'CreationTimeUtc': '2019-02-15T04:03:22.173Z', 'ImageFile': {'$ref': '7'}, 'Account': {'$ref': '6'}, 'ParentProcess': {'$ref': '5'}, 'Host': {'$ref': '4'}, 'Type': 'process'}, {'$id': '9', 'SessionId': '0x2e093', 'StartTimeUtc': '2019-02-15T04:03:22.173Z', 'EndTimeUtc': '2019-02-15T04:03:22.173Z', 'Type': 'host-logon-session', 'Host': {'$ref': '4'}, 'Account': {'$ref': '6'}}] | \n
SourceSystem | \nDetection | \n
WorkspaceSubscriptionId | \n40dcc8bf-0478-4f3b-b275-ed0a94f2c013 | \n
WorkspaceResourceGroup | \nasihuntomsworkspacerg | \n
ExtendedLinks | \n\n |
ProductName | \n\n |
ProductComponentName | \n\n |
Type | \nSecurityAlert | \n
Computer | \n\n |
src_hostname | \n\n |
src_accountname | \ndbadmin | \n
src_procname | \n\n |
host_match | \nFalse | \n
acct_match | \nTrue | \n
proc_match | \nTrue | \n
CompromisedEntity | \ndbadmin | \n
\n | 0 | \n
---|---|
Compromised Host | \nMSTICALERTSLXVM2 | \n
User Name | \ndbadmin | \n
Account Session Id | \n0x2e093 | \n
Suspicious Process | \n/usr/bin/vim.basic | \n
Suspicious Command Line | \n/usr/bin/vim.basic /tmp/crontab.UQ6iiQ/crontab | \n
Suspicious Process Id | \n0x51b3 | \n
resourceType | \nVirtual Machine | \n
ServiceId | \n14fa08c7-c48e-4c18-950c-8148024b4398 | \n
ReportingSystem | \nAzure | \n
OccuringDatacenter | \neastus | \n
dbadmin (source: LinuxHostLogon)
", "text/plain": "\n | LogonType | \nSourceIP | \nComputer | \nTimeGenerated | \nTenantId | \nSourceSystem | \nEventTime | \nFacility | \nHostName | \nSeverityLevel | \nSyslogMessage | \nProcessID | \nHostIP | \nProcessName | \nMG | \nType | \n_ResourceId | \nAccountName | \nUser | \nSourcePort | \nUID | \n
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n(sshd) | \n\n | MSTICAlertsLxVM2 | \n2019-02-25 15:34:15.877 | \n52b1ab41-869e-4138-9e40-2a4457f09bf0 | \nLinux | \n2019-02-25 15:34:15 | \nauth | \nMSTICAlertsLxVM2 | \ninfo | \nAccepted publickey for dbadmin from 23.97.60.214 port 65505 ssh2: RSA SHA256:t9MNKS5oNTFQ3alWBHp... | \n16494 | \n10.0.3.4 | \nsshd | \n00000000-0000-0000-0000-000000000002 | \nSyslog | \n/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourcegroups/asihuntomsworkspacerg/provide... | \ndbadmin | \ndbadmin | \n65505 | \n\n |