{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Entity Explorer - Account\n", "
\n", "  Notebook Details...\n", "\n", " **Notebook Version:** 2.0
\n", " **Python Version:** Python 3.8+
\n", " **Required Packages**: msticpy, msticnb
\n", "\n", " **Data Sources Required**:\n", " - Sentinel - SecurityAlert, SecurityEvent, HuntingBookmark, Syslog, AAD SigninLogs, AzureActivity, OfficeActivity, ThreatIndicator\n", " - (Optional) - VirusTotal, AlienVault OTX, IBM XForce, Open Page Rank, (all require accounts and API keys)\n", "
\n", "\n", "Brings together a series of queries and visualizations to help you determine the security state of an Account. \n", "\n", "The account can be a Windows or Linux account or an Azure Active Directory/Office 365 account.\n", "\n", "The notebook uses the [MSTIC notebooklets](https://msticnb.readthedocs.io) package to run most of the functionality.\n", "Summarized data is returned when it is run and more detailed information is contained in the returned `result` class." ] }, { "cell_type": "markdown", "metadata": { "toc": true }, "source": [ "\n", "\n", " \n", " \n", " \n", "

Contents

\n", "
\n", " \n", "
\n", " \n", " \n", "\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Hunting Hypothesis\n", "Our broad initial hunting hypothesis is that a we have received account name entity which is suspected to be compromised and is being used malicious manner in internal networks, we will need to hunt from a range of different positions to validate or disprove this hypothesis." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "# Notebook initialization\n", "This should complete without errors. If you encounter errors or warnings look at the following notebooks:\n", "\n", "- Getting Started Notebook\n", "- [TroubleShootingNotebooks](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/TroubleShootingNotebooks.ipynb)\n", "- [ConfiguringNotebookEnvironment](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb)\n", "\n", "
\n", "  Details...\n", "The next cell:\n", "- Checks for the correct Python version\n", "- Checks versions and optionally installs required packages\n", "- Imports the required packages into the notebook\n", "- Sets a number of configuration options.\n", "\n", "If you are running in the Azure Sentinel Notebooks environment (Azure Notebooks or Azure ML) you can run live versions of these notebooks:\n", "- [Getting Started](./A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb)\n", "- [Run TroubleShootingNotebooks](./TroubleShootingNotebooks.ipynb)\n", "- [Run ConfiguringNotebookEnvironment](./ConfiguringNotebookEnvironment.ipynb)\n", "\n", "You may also need to do some additional configuration to successfully use functions such as Threat Intelligence service lookup and Geo IP lookup. \n", "There are more details about this in the `ConfiguringNotebookEnvironment` notebook and in these documents:\n", "- [msticpy configuration](https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html)\n", "- [Threat intelligence provider configuration](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html#configuration-file)\n", "
" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "from datetime import datetime, timedelta, timezone\n", "\n", "REQ_PYTHON_VER = \"3.8\"\n", "REQ_MSTICPY_VER = \"1.8.0\"\n", "\n", "\n", "# %pip install --upgrade msticpy\n", "\n", "import msticpy\n", "msticpy.init_notebook(\n", " namespace=globals(),\n", " additional_packages=[\"msticnb>=1.0\"],\n", " verbosity=0,\n", ");\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "tags": [ "parameters" ] }, "outputs": [], "source": [ "# papermill default parameters\n", "ws_name = \"Default\"\n", "account_name = \"\"\n", "account_types = [\"All\"] # Windows, Linux, Azure, All\n", "end = datetime.now(timezone.utc)\n", "start = end - timedelta(days=2)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Get Workspace and Authenticate\n", "\n", "
\n", " Authentication help...\n", " If you want to use a workspace other than one you have defined in your
\n", "msticpyconfig.yaml create a connection string with your AAD TENANT_ID and
\n", "your WORKSPACE_ID (these should both be quoted UUID strings).\n", "\n", "```python\n", " workspace_cs = \"loganalytics://code().tenant('TENANT_ID').workspace('WORKSPACE_ID')\"\n", "```\n", "e.g.\n", "```python\n", " workspace_cs = \"loganalytics://code().tenant('c3de0f06-dcb8-40fb-9d1a-b62faea29d9d').workspace('c62d3dc5-11e6-4e29-aa67-eac88d5e6cf6')\"\n", "```\n", "Then in the Authentication cell replace\n", "the call to `qry_prov.connect` with the following:\n", "```python\n", " qry_prov.connect(connect_str=workspace_cs)\n", "```\n", "The cell should now look like this:\n", "\n", "```python\n", "...\n", " # Authentication\n", " qry_prov = QueryProvider(data_environment=\"MSSentinel\")\n", " qry_prov.connect(connect_str=workspace_cs)\n", "...\n", "```\n", "\n", "On successful authentication you should see a ```popup schema``` button.\n", "To find your Workspace Id go to [Log Analytics](https://ms.portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.OperationalInsights%2Fworkspaces). Look at the workspace properties to find the ID.\n", "
" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "print(\"Configured workspaces: \", \", \".join(msticpy.settings.get_config(\"AzureSentinel.Workspaces\").keys()))\n", "import ipywidgets as widgets\n", "ws_param = widgets.Combobox(\n", " description=\"Workspace Name\",\n", " value=ws_name,\n", " options=list(msticpy.settings.get_config(\"AzureSentinel.Workspaces\").keys())\n", ")\n", "ws_param" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "from msticpy.common.timespan import TimeSpan\n", "\n", "# Authentication\n", "qry_prov = QueryProvider(data_environment=\"MSSentinel\")\n", "qry_prov.connect(WorkspaceConfig(workspace=ws_param.value))\n", "\n", "nb_timespan = TimeSpan(start, end)\n", "qry_prov.query_time.timespan = nb_timespan\n", "md(\"
\")\n", "md(\"Confirm time range to search\", \"bold\")\n", "qry_prov.query_time" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "#### Authentication and Configuration problems?\n", "\n", "If you are having problems, expand the details section below\n", "
\n", "
\n", " Click for details about configuring your authentication parameters\n", " \n", " \n", "The notebook is expecting your Azure Sentinel Tenant ID and Workspace ID to be configured in one of the following places:\n", "- `msticpyconfig.yaml` in the current folder or location specified by `MSTICPYCONFIG` environment variable.\n", "- `config.json` in the current folder\n", " \n", "For help with setting up your configuration (if this hasn't been done automatically) see the [Getting Started](./A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb) notebook in the root folder of your Azure-Sentinel-Notebooks project.\n", "
" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Import and initialize notebooklets\n", "\n", "This imports the **msticnb** package and the notebooklets classes.\n", "\n", "These are needed for the notebook operations" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "import msticnb as nb\n", "\n", "nb.init(query_provider=qry_prov)\n", "pivot.timespan = qry_prov.query_time.timespan" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Enter account name and query time window\n", "Type the account name that you want to search for and the time bounds over which you want to search. \n", "\n", "You can specify the account as:\n", "\n", "- a simple user name (e.g. `alice`)\n", "- a user principal name (`alice@contoso.com`)\n", "- a qualified windows user name `mydomain\\alice`\n", "\n", "In the second two cases the domain qualifier will be stripped off before the search. The search is not case sensitive and will match full substrings. E.g. `bob` will match `domain\\bob` and `bob@contoso.com` but not `bobg` or `bo`." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "account_txt = nbwidgets.GetText(prompt='Enter the Account name to search for:', value=account_name)\n", "\n", "display(account_txt)\n", "md(\"
\")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "You can opt to search all data types or just a subset.\n", "For example, if you know the account activity that you are interested in is only Windows host activity, you can select \"Windows\".\n", "\n", "The default is All Data but other options are:\n", "- Azure (includes Office365 activity, Active Directory Signin logs and Azure audit activity)\n", "- Office365 - only Office365 activity\n", "- AzureActiveDirectory - only signin logs\n", "- Azure - only Azure resource/audit activity\n", "- Windows - only Windows host event logs\n", "- Linux - only Linux host syslog" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "from msticnb.nb.azsent.account.account_summary import AccountType\n", "acct_types = [item.name for item in AccountType]\n", "import ipywidgets as widgets\n", "acct_types_select = widgets.SelectMultiple(\n", " description=\"Select Account types to search\",\n", " options=acct_types,\n", " value=account_types or acct_types,\n", " **WIDGET_DEFAULTS,\n", ")\n", "acct_types_select\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Run the main *account_summary* notebooklet `run` method\n", "\n", "The notebooklet will search Azure, Windows host and Linux host data,\n", "searching for account matches.\n", "\n", "**Note**: Different result properties will populated for different account types.\n", "\n", "It will display a *summary* of the information retrieved as it is running.\n", "You can find information on accessing the full data later in the notebook.\n", "\n", "**Note:** If more than one matching account name is found, all matches will be shown.
\n", "You can select each of these matching accounts to view more details about the account.
\n", "Once selected, you can retrieve more detailed information about that account.\n", "\n", "
\n", "Running the notebooklet as a Pivot Function\n", "This can also be run as a pivot function from the Account entity.
\n", "The pivot function `account_summary` is in the `nblt` container\n", "of the `Account` entity.\n", "\n", "```python\n", " Account = entities.Account\n", " acc_result = Account.nblt.account_summary(\n", " value=account_txt.value,\n", " account_types=acct_types_select.value\n", " )\n", "```\n", "\n", "In this case you do not have direct access to the methods\n", "of the \"AccountSummary\".
\n", "However, all methods and properties\n", "of the notebooklet class are accessible via the results class.\n", "```python\n", " acct_nb.get_additional_data()\n", "```\n", "is equivalent to\n", "```python\n", " acc_result.get_additional_data()\n", "```\n", "
" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "acct_nb = nb.nblts.azsent.account.AccountSummary()\n", "\n", "md(\n", " \"\",\n", " \"large, bold\"\n", " )\n", "acc_result = acct_nb.run(\n", " value=account_txt.value,\n", " timespan=qry_prov.query_time.timespan,\n", " account_types=acct_types_select.value,\n", ")" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "if len(acc_result.account_selector.options) > 1:\n", " md_warn(\"Multiple matches found for account. Running on first listed account\")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Retrieve additional data for the selected account\n", "\n", "The result returned from the last cell has a number of properties and methods that you can use\n", "to retrieve and view further information.\n", "\n", "The main one for this notebooklet is `get_additional_data`.\n", "Depending on the account type (Azure, Windows or Linux), it will retrieve more detailed\n", "data about recent activity" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "acc_result.get_additional_data()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Browse alerts\n", "If there are any alerts referencing this account name they can be viewed\n", "by calling the `acc_result.browse_alerts()` function." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "acc_result.notebooklet.browse_alerts()\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Appendix - Additional properties from the Notebooklet result\n", "\n", "---" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Browse other event data\n", "\n", "You can use a simple view to make it easier to see the details of individual events\n", "by calling the \"view_events\" method.\n", "\n", "You need to supply the name of the result attribute that you want to view plus\n", "one or more summary columns (as a list of strings)." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "data_source = nbwidgets.SelectItem(\n", " description=\"Available data properties\\n\",\n", " item_list=acc_result.data_properties()\n", ")\n", "data_source" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Running the following cell will use the data property selected above\n", "to browse through the data (if any)." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "acc_result.view_events(\n", " attrib=data_source.value, # the result attribute to view\n", " # summary_cols controls which cols are use to create the summary\n", " # for the select list\n", " summary_cols = list(getattr(acc_result, data_source.value).columns)[:3]\n", " # Add specific columns here to customize the list items\n", " # summary_cols=[\"SourceSystem\", \"Operation\", \"IPAddress\"]\n", ")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "You can also access the DataFrames properties directly" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "acc_result.ip_all_data" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Browse events with alternative sorting\n", "You can pass a DataFrame to *result*`.view_events()` instead of an attribute name.\n", "\n", "This means that you can apply sorting or filtering of the data before viewing it.\n", "Here is an example sorting by IPAddress.\n", "\n", "```python\n", "acc_result.view_events(\n", " data=acc_result.azure_activity.sort_values(\"IPAddress\"),\n", " summary_cols=[\"SourceSystem\", \"Operation\", \"IPAddress\"]\n", ")\n", "```" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Additional properties and methods of the result object\n", "\n", "These are static properties - usually DataFrames or visualizations. \n", "You can access each of these to see or manipulate the retrieved data.\n", "\n", "To see help on the available attributes type:\n", "```python\n", ">>> help(acc_result)\n", "```\n", "To see the available methods type:\n", "```python\n", ">>> acc_result.list_methods()\n", "```\n", "> Note, for the AccountSummary notebooklet, the two main data retrieval methods are:
\n", "> - run
\n", "> - get_additional_data
\n", "> There are several other methods that allow you to view individual plots\n", "> or subsets of the data (such as alerts).\n", "\n", "To view help on a specific method type:\n", "```python\n", ">>> help(acc_result.method_name)\n", "```\n", "\n", "To run a method\n", "```python\n", "acc_result.display_alert_timeline()\n", "```" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "acc_result.list_methods()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## Viewing the Result class\n", "You can view all of the data in the results class by \"running\" it in a cell\n", "\n", "> Note: This produces a lot of output.
\n", "> Due to the way Jupyter display Javascript objects the plots may\n", "> appear out of order.\n", "\n", "```ipython\n", " acc_result\n", "```\n", "\n", "Most of the properties of the results class are pandas DataFrames - \n", "you can use these directly for further analysis. Other property types\n", "include entities and visualizations.\n", "\n", "The DataFrames displayed by running the result object are truncated\n", "to the first five rows.\n", "\n", "You can also access individual data properties of the result as follows:\n", "```ipython\n", " result.data_property\n", "```" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "acc_result.data_properties()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## Using Pivots to get more context information\n", "\n", "You can run a pivot function on the account summary results\n", "to get additional context on the data.\n", "\n", "Here is an example of looking up Whois information for Azure IPAddress requests.\n", "\n", "```python\n", "whois_df = (\n", " acc_result # the results object\n", " .azure_activity[[\"IPAddress\"]] # the property and the column we want\n", " .drop_duplicates() # drop duplicates\n", " .mp_pivot.run( # run the pivot function IpAddress 'whois' function\n", " IpAddress.util.whois, column=\"IPAddress\" \n", " )\n", ")\n", "whois_df\n", "```" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## Use other notebooklets and pivots functions to drill down on other entities\n", "\n", "You may want to drill down on other entities in the Account data.\n", "You can use methods of the IpAddress or Host entities, for example,\n", "to look at these in more detail.\n", "\n", "Run the ip_address_summary notebooklet pivot\n", "```python\n", "IpAddress = entities.IpAddress\n", "ip_result = IpAddress.nblt.ip_address_summary(\"157.56.162.53\")\n", "```\n", "\n", "View the TI results\n", "```python\n", "ip_result.browse_ti_results()\n", "```" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "# More information:\n", "\n", "## Notebooklets and Pivots\n", "[Notebooklets](https://msticnb.readthedocs.io/en/latest/)\n", "\n", "[Pivot functions](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html)\n", "\n", "## Notebook/MSTICPy configuration\n", "[Getting Started](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb)\n", "[MSTICPy Configuration guide](https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html)\n", "\n", "[ConfigureNotebookEnvironment notebook](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb)" ] } ], "metadata": { "celltoolbar": "Tags", "hide_input": false, "kernelspec": { "display_name": "Python 3.8 - AzureML", "language": "python", "name": "python38-azureml" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.9.7" }, "latex_envs": { "LaTeX_envs_menu_present": true, "autoclose": false, "autocomplete": true, "bibliofile": "biblio.bib", "cite_by": "apalike", "current_citInitial": 1, "eqLabelWithNumbers": true, "eqNumInitial": 1, "hotkeys": { "equation": "Ctrl-E", "itemize": "Ctrl-I" }, "labels_anchors": false, "latex_user_defs": false, "report_style_numbering": false, "user_envs_cfg": false }, "toc": { "base_numbering": 1, "nav_menu": {}, "number_sections": true, "sideBar": true, "skip_h1_title": true, "title_cell": "Contents", "title_sidebar": "Contents", "toc_cell": true, "toc_position": { "height": "calc(100% - 180px)", "left": "10px", "top": "150px", "width": "512px" }, "toc_section_display": true, "toc_window_display": true }, "varInspector": { "cols": { "lenName": 16, "lenType": 16, "lenVar": 40 }, "kernels_config": { "python": { "delete_cmd_postfix": "", "delete_cmd_prefix": "del ", "library": "var_list.py", "varRefreshCmd": "print(var_dic_list())" }, "r": { "delete_cmd_postfix": ") ", "delete_cmd_prefix": "rm(", "library": "var_list.r", "varRefreshCmd": "cat(var_dic_list()) " } }, "types_to_exclude": [ "module", "function", "builtin_function_or_method", "instance", "_Feature" ], "window_display": false }, "vscode": { "interpreter": { "hash": "0f1a8e166ce5c1ec1911a36e4fdbd34b2f623e2a3442791008b8ac429a1d6070" } }, "widgets": { "application/vnd.jupyter.widget-state+json": { "state": { "0391d8c0878e465dabc638d75cf02694": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0529135519104bc392e2a044a106c0b1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "0548b0503d3340a58ea08e1f1f705865": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "05a30ea1531d42e1ae8cdcdb771daeff": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "0633587e3a0f4d319027ea14c3fc1a78": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Workspace Name", "layout": "IPY_MODEL_cfda608bcf5c4399904a369dae615573", "style": "IPY_MODEL_b58dd8f2634d4099b5ceb30350db33fd", "value": "Default" } }, "06d7adc128794d99a85ae77b226b04d9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "099c0792526244a8b736bb295c59d80e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "Display details", "disabled": false, "layout": "IPY_MODEL_e1218c3b438f4bacbfb911bcd092e3d7", "style": "IPY_MODEL_bae596916ee94ce39c973012dffd20a7", "value": true } }, "0aa56ea80d5c4c4a873eafdd6729f65e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0b835e4f4e384468a4888e60c8f3797f": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0c35ce564cc44b6ba6cc6becb3faef02": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Time (24hr)", "layout": "IPY_MODEL_7703f35231ed4df9bde200fb8d49ea68", "style": "IPY_MODEL_6de457e02b534472a42cd5e2fc58cdf0", "value": "02:49:14.277968" } }, "0f93833c73a64c0cb0f4f03db3bb37cc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "0fa5a927c4ad47e19c135307b1dea85c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "11da86ceb7ef4d7ca6616be7de97103b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_9ad524ba87b549d9a653a50b75dd0c8e", "IPY_MODEL_c1a73ef4c1ba4a0faa6e102d2838040f", "IPY_MODEL_5b836f6df54c4e06bb03339619f4f900" ], "layout": "IPY_MODEL_3d9c175e99d546ffaf2e45f5187a432d" } }, "1578a8b4ceb44210a8ed720331423f55": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "1851cda4fc144f1ab2c99a865cd78316": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "1943a5eb70314738b53982644b8963ce": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query end time (UTC) : ", "layout": "IPY_MODEL_3e8cb228b0ca4fdf90694445cc13011a", "style": "IPY_MODEL_609239bc9d2e4561a9edf11472142ea0", "value": "2022-04-05 02:49:14.277968+00:00" } }, "1c29a43ba30c40efaaceefefce2c0805": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "99%" } }, "1db1c2902d634d849b7aeac8c5dfa58a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "95%" } }, "1e25f2b432894d048d96c8dacf07543d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "21bc0aaac5d2438c9fe56e0d4d2f5a2e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "22209d4eaaa541e781f4e998e577a8c1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_0b835e4f4e384468a4888e60c8f3797f", "style": "IPY_MODEL_31f753a921154c22a2228cf9070b2d55", "value": "kelsea@seccxp.ninja" } }, "232af7b022fc45b0a7d78aed9b647516": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "237b52fe08e94898a8d04003af101c75": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "2972752ff3344731b3368a194cd70477": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "2ab6fddd5f5f4e6f98213776ee5040a9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "95%" } }, "2b0fca70840e4e65be7f5a028056bbaf": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query start time (UTC):", "layout": "IPY_MODEL_fed0fb69f87d4c3dbc5aa6f486a8c443", "style": "IPY_MODEL_0529135519104bc392e2a044a106c0b1", "value": "2022-04-04 02:49:12.745984" } }, "2c4aedcf664f47459a660038672fd03b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "2022-03-30 08:08:28.284000+00:00 - Suspicious URL clicked - Microsoft Defender Advanced Threat Protection", "2022-04-02 22:00:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-02 22:10:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-02 22:25:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-02 23:55:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 00:45:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 00:50:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 19:45:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 19:50:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 19:55:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 20:00:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 20:15:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 20:20:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 23:45:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-04 21:20:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-04 21:25:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-05 00:07:47.169000+00:00 - Impossible Travel Activity by User - Azure Sentinel" ], "description": "Select alert :", "index": 0, "layout": "IPY_MODEL_4a6345df150d4573b3b128adac1f2aea", "style": "IPY_MODEL_237b52fe08e94898a8d04003af101c75" } }, "301c68021a244f829ff989954ca747a4": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "31f753a921154c22a2228cf9070b2d55": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "35619cf6194a44b4b8a7702a26cf7251": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "35d3189e5ed34fccaa98ae5778006ed4": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "200px", "width": "100%" } }, "39ac65c3089f4e03abf815e59307a896": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "2022-03-30 08:08:28.284000+00:00 - Suspicious URL clicked - Microsoft Defender Advanced Threat Protection", "2022-04-02 22:00:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-02 22:10:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-02 22:25:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-02 23:55:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 00:45:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 00:50:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 19:45:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 19:50:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 19:55:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 20:00:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 20:15:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 20:20:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-03 23:45:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-04 21:20:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-04 21:25:42.111000+00:00 - Anomalous sign-in location by user account and authenticating application - with sign-in details - Azure Sentinel", "2022-04-05 00:07:47.169000+00:00 - Impossible Travel Activity by User - Azure Sentinel" ], "description": "Select alert :", "index": 13, "layout": "IPY_MODEL_477d6ebc104645f8a223263c69255820", "style": "IPY_MODEL_46c784bd1df04ca5a4fef3e8c425d631" } }, "3c4c84ecc3b546fd84287420469a2ab2": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "70%" } }, "3d9c175e99d546ffaf2e45f5187a432d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "3dfb7850a68a4a52a0f3db2ea62a19eb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "3e8cb228b0ca4fdf90694445cc13011a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "3f2e9c2d013649d399c171f77a53953c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "401f09992d2f494dbf5e657ff37b8be0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "150px", "width": "300px" } }, "43536d481d654bd8a8111afc3c06ef9c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "Display details", "disabled": false, "layout": "IPY_MODEL_9f611bb4c62745088b61c68de982f3ec", "style": "IPY_MODEL_3f2e9c2d013649d399c171f77a53953c", "value": true } }, "445239701cf94bb2a13fea7f4f8a339a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "4546255dbb324c2c8fc1e9b7f24be26a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_e20d8cd48b9a48d3a0fc105cf34ed6f8", "IPY_MODEL_d4992c8b9df046f3b6a8334405566eda" ], "layout": "IPY_MODEL_21bc0aaac5d2438c9fe56e0d4d2f5a2e" } }, "463132c93eb84152a393f357c790154d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SliderStyleModel", "state": { "description_width": "initial" } }, "46c784bd1df04ca5a4fef3e8c425d631": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "477d6ebc104645f8a223263c69255820": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "95%" } }, "48ccee7d58314dea942ffe0a7c9bd456": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_7c2be47abba34eec97cc9eb66cf25892", "IPY_MODEL_2b0fca70840e4e65be7f5a028056bbaf", "IPY_MODEL_7b4f933bce6a440c8ab9414be69dccea" ], "layout": "IPY_MODEL_820f4ed4ac874dbb93572466b9544a7d" } }, "494fc091484445509d13c0dcf29ad549": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "4a6345df150d4573b3b128adac1f2aea": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "95%" } }, "509231cd6ea143f68c937a09a669c270": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "2022-04-03 03:06:17.286000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 03:07:06.743000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 03:17:10.481000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 03:36:15.953000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 03:43:10.489000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 03:43:15+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 03:52:20.288000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 03:55:56.128000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 03:58:21.557000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 03:58:25+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 04:36:08.358000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 04:36:13+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 04:52:12.918000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 04:58:34.847000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 04:58:41+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 05:12:09.392000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 05:36:19.908000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 05:44:37.620000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 06:46:26.392000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 06:56:14.665000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 06:56:19+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 07:03:29.784000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 07:04:19.599000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 07:10:25.723000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 07:10:29+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 07:23:30.067000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 07:23:34.434000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 07:23:45+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 07:23:45+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 07:23:46+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 07:39:17.749000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 07:39:20+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 07:39:22.591000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 07:42:25.590000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 07:50:29.282000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 07:50:31+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 08:11:42.423000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 08:11:45+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 08:20:24.310000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 08:20:27+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 08:52:00.098000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 09:00:38.959000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 09:20:34.335000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 09:20:37+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 09:40:50.615000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 09:40:54+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 10:01:54.940000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 10:09:55.620000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 10:21:53.284000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 10:22:04.902000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 10:22:08+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 10:25:59.246000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 10:34:49.904000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 10:43:56.971000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 10:44:00+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 11:10:43.663000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 11:21:06.835000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 11:24:53.297000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 11:49:51.463000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 11:49:54+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 13:00:07.080000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 13:00:10+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 13:11:09.123000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 13:30:15.271000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 13:34:10.670000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 13:50:21.789000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 13:50:25+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 14:06:08.335000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 14:06:11+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 14:13:10.917000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 14:14:29.382000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 14:37:20.689000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 14:37:24+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 14:55:19.622000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 15:11:18.802000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 15:16:14.089000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 15:16:18+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 15:16:18.212000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 15:33:16.036000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 15:33:19+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 15:42:22.504000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 16:11:19.555000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 16:42:22.919000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 16:52:26.891000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 16:56:47.359000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 17:06:29.389000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 17:06:32+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 17:18:26.254000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 17:27:26.654000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 17:27:30+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 18:36:42.335000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 18:36:45+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 18:42:32.753000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 18:52:29.080000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 19:40:36.216000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 19:40:39+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 19:45:41.195000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 19:45:44+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 20:14:59.891000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 20:15:03+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 20:18:39.107000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 20:20:43.267000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 20:20:46+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 20:29:35.990000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 20:29:39+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 20:47:12+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 20:47:12+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 20:47:12+00:00 - OfficeActivityManager - Create - 2603:10b6:408:138:cafe::f1", "2022-04-03 21:39:15.190000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 21:39:42.871000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 21:39:44+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 21:47:08.419000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 21:47:10+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-03 21:47:12+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 21:47:13+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 21:56:54.162000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 21:59:46.342000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 22:29:11.496000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 22:29:18.289000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 22:36:26+00:00 - OfficeActivityManager - Create - 2603:10b6:408:106:cafe::35", "2022-04-03 22:36:26+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 22:36:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 22:36:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 22:39:45+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 22:45:15.897000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 22:47:13+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 22:47:13+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 22:50:13.146000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 22:50:16+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-03 22:58:13.377000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 22:58:17.303000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 22:58:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 22:58:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 22:58:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 23:05:02.016000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 23:09:11.261000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:09:15.285000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:09:25+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 23:17:29.985000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 23:17:33+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-03 23:17:35.319000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:17:39.823000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:18:39.820000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:18:42+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 23:25:41.688000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 23:25:45.308000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 23:29:25.190000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:29:29.143000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:31:26.453000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 23:31:36.643000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:32:35.953000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-03 23:33:28.758000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:33:32.508000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:33:45+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-03 23:33:45+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 23:38:34.981000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-03 23:38:35+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 23:38:35.103000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 23:41:35.577000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:41:40.405000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:43:24.976000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:44:15.850000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:44:21.200000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:44:35+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-03 23:50:44.263000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:50:49.182000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:51:25.963000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 23:51:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-03 23:51:46.855000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 23:51:50.680000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 23:52:35.388000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-03 23:54:45.943000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:54:49.570000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-03 23:56:30.170000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 23:56:32.789000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-03 23:57:30.351000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-03 23:57:33.873000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 00:02:19.732000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 00:02:20.992000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 00:02:22+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 00:02:22.088000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 00:07:19.710000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 00:09:46.903000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 00:09:50+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 00:10:35.827000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 00:10:37+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 00:15:23.766000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 00:15:27.887000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 00:15:39.758000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 00:15:42+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 00:29:50.015000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 00:29:53+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 00:32:52.168000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 00:32:56.528000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 01:13:50.933000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 01:24:03.686000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 01:36:37.372000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 01:36:40+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 01:46:02.423000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 01:46:05+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 01:49:52.674000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 01:49:54+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 02:15:39.844000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 02:15:43+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 02:16:05.605000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 02:49:54+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 02:52:06.255000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 02:53:56.237000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 03:04:47.124000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 03:04:48+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-04 03:17:16.200000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 03:17:17+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-04 03:24:19.449000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 03:24:22+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 03:31:10.152000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 03:31:13+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 03:34:15.351000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 03:34:18+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 03:38:17.705000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 03:41:10.989000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 03:44:18.549000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 03:49:54+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 04:04:49+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-04 04:17:19+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-04 04:32:21.547000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 04:32:25.335000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 04:32:34+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-04 04:32:34+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-04 04:32:34+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 04:35:08.165000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 04:46:20.960000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 05:24:18.718000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 05:24:23+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 05:27:20.966000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 05:29:14.756000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 05:29:17+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 05:32:20.574000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 05:40:21.756000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 05:40:25+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 05:48:28.797000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 05:48:30+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 06:25:40.160000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 06:25:43+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 06:40:28.176000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 06:48:31+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 06:57:30.396000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 07:03:23.469000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 07:05:22.167000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 07:05:25+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 07:23:33.855000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 07:23:36+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 07:34:43.187000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 07:38:50.571000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 07:38:53+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 07:48:31+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 07:53:25.076000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 08:11:25.394000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 08:17:26.160000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 08:38:35.518000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 08:39:39.692000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 08:39:43+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 08:48:32+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 08:48:43.434000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 08:48:48.858000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 09:17:49.407000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 09:17:52+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 09:37:44.500000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 09:56:32.011000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 10:15:44.157000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 10:20:34.517000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 10:47:44.983000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 10:47:48+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 11:02:57.717000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 11:03:04+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 11:05:40.149000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 11:05:46.002000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 11:14:54.758000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 11:44:00.937000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 11:44:07+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 12:06:49.166000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 12:10:40.944000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 12:12:44.932000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 14:08:03.320000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 14:17:02.501000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 14:17:04+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 14:25:14.333000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 14:36:34.066000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 14:36:40+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 15:02:10.229000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 15:04:01.581000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 15:04:05+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 15:21:28.063000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 15:21:33+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 15:42:00.533000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 15:52:24.007000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 15:52:26+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 16:07:22.332000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 16:11:04.312000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 16:11:13+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 16:25:08.670000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 16:26:27.774000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 16:38:42.210000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 16:41:12.515000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 16:41:22+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 16:42:11.329000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 16:42:14+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 16:52:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 17:10:35.917000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 17:19:24.487000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 17:36:37.243000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 17:36:46+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 17:38:34.334000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 17:38:38+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 17:52:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 18:07:49.383000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 18:07:52+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 18:14:34.766000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 18:16:24.497000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 18:21:23.323000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 18:29:26.149000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 18:47:26.719000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 18:47:30+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 18:52:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 19:33:29.870000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 19:33:33+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 19:40:40.264000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 19:40:48+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 19:52:27+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 19:55:33.620000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 19:55:41.469000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 20:04:14.304000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 20:50:30+00:00 - OfficeActivityManager - Create - 2603:10b6:408:130:cafe::4a", "2022-04-04 20:50:30+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 20:50:49.974000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 20:50:58.841000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 21:06:33.503000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 21:06:48.796000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 21:06:52+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 21:09:20.738000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 21:11:55.631000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 21:14:51.925000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 21:14:57+00:00 - OfficeActivityManager - Send - 20.190.142.170", "2022-04-04 21:19:14.521000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 21:19:22.934000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 21:29:38.089000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 21:34:52.954000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 21:35:01.579000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 21:50:30+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 21:52:28+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 21:58:45.088000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 21:58:48+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 22:08:22.126000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 22:16:04.409000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 22:16:12.134000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 22:22:51.429000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 22:32:41.306000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 22:32:43+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-04 22:44:54.504000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 22:50:31+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 22:52:28+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 22:56:10.100000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 23:00:44.735000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 23:00:49+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-04 23:19:11.931000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 23:19:18.121000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 23:21:06.534000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 23:21:36.696000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 23:21:38+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-04 23:24:21.879000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 23:28:33.399000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 23:32:32.181000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 23:32:40.262000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 23:32:44+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-04 23:35:32.792000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 23:36:35.623000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 23:36:40.409000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-04 23:36:45.131000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 23:36:51.037000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 23:38:54.216000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-04 23:41:54.711000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 23:42:22.088000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 23:42:59.343000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 23:43:08.108000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-04 23:49:28.018000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 23:50:31+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 23:52:28+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-04 23:53:16.894000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-04 23:53:18.325000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 23:53:21+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-04 23:53:24.104000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-04 23:55:17.361000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-04 23:55:49.700000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-05 00:06:10.781000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-05 00:06:46.661000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-05 00:06:54.144000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-05 00:07:15.637000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-05 00:07:47.169000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 00:07:49.665000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 00:11:25.234000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-05 00:11:29.285000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-05 00:13:42.761000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-05 00:13:55.987000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-05 00:14:50+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.172", "2022-04-05 00:14:50+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-05 00:14:50+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-05 00:15:28.536000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-05 00:15:33.708000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-05 00:18:27.541000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-05 00:25:09.822000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 00:26:03.734000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-05 00:26:07+00:00 - OfficeActivityManager - Send - 20.190.142.169", "2022-04-05 00:27:31.676000+00:00 - Azure AD - Sign-in activity - 20.70.208.63", "2022-04-05 00:32:44+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-05 00:37:10.066000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-05 00:43:53.515000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-05 00:45:34.377000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-05 00:45:44+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-05 00:52:43.901000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 00:52:48.668000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 00:53:41+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-05 01:04:44.953000+00:00 - Azure AD - Sign-in activity - 20.37.213.236", "2022-04-05 01:04:46+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-05 01:10:44.678000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 01:10:47+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-05 01:36:35.963000+00:00 - Azure AD - Sign-in activity - 20.37.253.233", "2022-04-05 01:36:41+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170", "2022-04-05 01:45:34.512000+00:00 - Azure AD - Sign-in activity - 20.53.9.84", "2022-04-05 01:46:30.332000+00:00 - Azure AD - Sign-in activity - 20.37.255.76", "2022-04-05 01:48:55.857000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 01:48:59+00:00 - OfficeActivityManager - Send - 20.190.142.172", "2022-04-05 02:04:47+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.169", "2022-04-05 02:23:00.166000+00:00 - Azure AD - Sign-in activity - 20.37.212.69", "2022-04-05 02:36:42+00:00 - OfficeActivityManager - MailItemsAccessed - 20.190.142.170" ], "description": "Select an item", "index": 27, "layout": "IPY_MODEL_3c4c84ecc3b546fd84287420469a2ab2", "style": "IPY_MODEL_ed5ea1ead65e4d4d887d3bda589804de" } }, "51876de3eede4514a16107175cb249cb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "5745a63b36434da49e1b5985acc0bd3f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "57bf7370a095455db8c6ab8a46d5f6b8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "5b836f6df54c4e06bb03339619f4f900": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_91d90a9a7bba455baf47b2943c6f5e44", "IPY_MODEL_6fa89ef0db454bafa27773fe1dfb738a", "IPY_MODEL_e88d439c233246c4919737c529cd0d3d" ], "layout": "IPY_MODEL_61b2d1b45c23477095227611ccc9999c" } }, "5bd6df6bfa7b48058fd74288e959d53c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SliderStyleModel", "state": { "description_width": "initial" } }, "5c6a6c44351144be89d6c9d3cd2e6454": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_22209d4eaaa541e781f4e998e577a8c1", "IPY_MODEL_69ac956f0aa74f1e927b1f22e6397cfa", "IPY_MODEL_640200742d584a29b322d58133b9d687" ], "layout": "IPY_MODEL_852d631e50864053828d6617a59311ee" } }, "5d20a4123e484255818376ddc3db9b40": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "IntRangeSliderModel", "state": { "_model_name": "IntRangeSliderModel", "_view_name": "IntRangeSliderView", "description": "Time Range", "layout": "IPY_MODEL_c92827b4af6249c380008f6ab22f0195", "max": 28, "min": -28, "style": "IPY_MODEL_463132c93eb84152a393f357c790154d", "value": [ -2, 0 ] } }, "5e1172b862864ea3aaef43357606db37": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "5ea13a16be8644ad92640b97ed6b7e2a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HTMLModel", "state": { "layout": "IPY_MODEL_7f08e8a8fbc849a0ba99ca826f0827de", "style": "IPY_MODEL_bdc855aa5d434e38a878ade40f764fe5", "value": "

Set time range for pivot functions.

" } }, "5feb4aff84d14ffda3b14e0dd50f50ac": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_ab355ef97f5843ad89c006fd6ae3c2ea", "IPY_MODEL_4546255dbb324c2c8fc1e9b7f24be26a", "IPY_MODEL_48ccee7d58314dea942ffe0a7c9bd456" ], "layout": "IPY_MODEL_0548b0503d3340a58ea08e1f1f705865" } }, "609239bc9d2e4561a9edf11472142ea0": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "61b2d1b45c23477095227611ccc9999c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "63e7f739408a438b89472c46a05397b4": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "640200742d584a29b322d58133b9d687": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "Display details", "disabled": false, "layout": "IPY_MODEL_bc80cb94fd0b4b57bf8ef20de227e93c", "style": "IPY_MODEL_b79a3c442e094040860b33127c696914", "value": true } }, "68975f878548486ca11a74c8227f47d3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SliderStyleModel", "state": { "description_width": "initial" } }, "69ac956f0aa74f1e927b1f22e6397cfa": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "kelsea@seccxp.ninja AzureActiveDirectory (Last activity: 2022-04-05 02:23:00.166000+00:00)", "kelsea@seccxp.ninja Office365 (Last activity: 2022-04-05 02:36:42+00:00)" ], "description": "Select an account to explore", "index": 0, "layout": "IPY_MODEL_35d3189e5ed34fccaa98ae5778006ed4", "style": "IPY_MODEL_dd0cf090d4524c2ba5760e72a1a7a214" } }, "6a6c6b6657724d159703155f7a7b9043": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_71f1d2287ec04c5baa3b7dc679e5f400", "style": "IPY_MODEL_0f93833c73a64c0cb0f4f03db3bb37cc", "value": "2022-04-03 03:06:17.286000+00:00 - Azure AD - Sign-in activity - 20.37.253.233" } }, "6ca349824c8849b9b60a5373af1fc257": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "99%" } }, "6de457e02b534472a42cd5e2fc58cdf0": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "6f25177ffb77451c847ed17a9322c70c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "6fa89ef0db454bafa27773fe1dfb738a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query start time (UTC):", "layout": "IPY_MODEL_c9431e6a8caf40e9a35af57df26a91db", "style": "IPY_MODEL_ce19925620ba445da9ca56ee2ca9f78b", "value": "2022-04-03 02:49:14.277968+00:00" } }, "6fb08d781b7541b69a824f9059904f62": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "71160649347740eb9ae9eccead29bc9a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "71f1d2287ec04c5baa3b7dc679e5f400": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "7337d522f7194038bf66323d903a0629": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "75f5ecf5df7841d680743c4db93d6c12": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_6ca349824c8849b9b60a5373af1fc257", "style": "IPY_MODEL_7337d522f7194038bf66323d903a0629" } }, "7703f35231ed4df9bde200fb8d49ea68": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "770e358d4f6b45b789841d99d8be6db9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_5ea13a16be8644ad92640b97ed6b7e2a", "IPY_MODEL_c6c003c7b22140bba6ab89dd0ab88744", "IPY_MODEL_df752f83ee444adea62f91a9d8403ee1" ], "layout": "IPY_MODEL_afac1ecc1f724f438eabba3f4dbf190b" } }, "7b4f933bce6a440c8ab9414be69dccea": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query end time (UTC) : ", "layout": "IPY_MODEL_fbdfb11a05a24ffc870a67132ad2730d", "style": "IPY_MODEL_b508ebe21f1949c8a256571bf92e9e51", "value": "2022-04-05 02:49:12.745984" } }, "7b560ef77c634974a73b32a868b41554": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "AzureActiveDirectory", "AzureActivity", "Office365", "Windows", "Linux", "Azure", "All" ], "description": "Select Account types to search", "index": [ 5 ], "layout": "IPY_MODEL_1db1c2902d634d849b7aeac8c5dfa58a", "rows": 5, "style": "IPY_MODEL_35619cf6194a44b4b8a7702a26cf7251" } }, "7c2be47abba34eec97cc9eb66cf25892": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_d3290f3f69654c278ee2fb2711163d06", "IPY_MODEL_9c77f19082314286bae8da21d55329aa" ], "layout": "IPY_MODEL_0aa56ea80d5c4c4a873eafdd6729f65e" } }, "7f08e8a8fbc849a0ba99ca826f0827de": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8053a93a9d324fd4a26390c6356f3d50": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "150px", "width": "300px" } }, "81d81a69512a40aeb33bd1a17b845c74": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DatePickerModel", "state": { "description": "Origin Date", "disabled": false, "layout": "IPY_MODEL_1e25f2b432894d048d96c8dacf07543d", "style": "IPY_MODEL_d66f1c18ce9247a3aa799a2380726690", "value": { "date": 5, "month": 3, "year": 2022 } } }, "820f4ed4ac874dbb93572466b9544a7d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "843305a90bc643a6826a74992390accb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_6a6c6b6657724d159703155f7a7b9043", "IPY_MODEL_509231cd6ea143f68c937a09a669c270", "IPY_MODEL_ff46007cf200482aa928bb3720f7aa00" ], "layout": "IPY_MODEL_0391d8c0878e465dabc638d75cf02694" } }, "852d631e50864053828d6617a59311ee": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "86cbc4dde5db43009c63a517987a0f6d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "8887e99f5ac74bdcbca5dc1a52b69891": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "8d071160ac074372b5202f03f5b49fe0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8d1553864d92408295e116607e6b521e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "8d6f3c0da3784d29ba566083a245134f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DatePickerModel", "state": { "description": "Origin Date", "disabled": false, "layout": "IPY_MODEL_f41e38a9024d46fd968351ec4c5a6efc", "style": "IPY_MODEL_d97e7d8cabcb4d40a0cae2a051edc6dc", "value": { "date": 5, "month": 3, "year": 2022 } } }, "8fc0a2cb78bb42f3aa935b4971b2e4a4": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "Second", "Minute", "Hour", "Day", "Week" ], "index": 3, "layout": "IPY_MODEL_232af7b022fc45b0a7d78aed9b647516", "style": "IPY_MODEL_d60e67c25f7244d3b126272d81f033bb" } }, "91d90a9a7bba455baf47b2943c6f5e44": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_5d20a4123e484255818376ddc3db9b40", "IPY_MODEL_fb0ee7017957455e9f072f9d16606b5c" ], "layout": "IPY_MODEL_2972752ff3344731b3368a194cd70477" } }, "922362a9d2f94729a67b1cff360dd0ed": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "IntRangeSliderModel", "state": { "_model_name": "IntRangeSliderModel", "_view_name": "IntRangeSliderView", "description": "Time Range", "layout": "IPY_MODEL_e9abfe0004bf40fa9f105a62d735a352", "max": 28, "min": -28, "style": "IPY_MODEL_5bd6df6bfa7b48058fd74288e959d53c", "value": [ -2, 0 ] } }, "9ad524ba87b549d9a653a50b75dd0c8e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HTMLModel", "state": { "layout": "IPY_MODEL_e92a092a341f47d88988af022770bd1a", "style": "IPY_MODEL_05a30ea1531d42e1ae8cdcdb771daeff", "value": "

Set query time boundaries

" } }, "9b78355184854f60b0d736efba6d1fbe": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "border": "solid gray 1px", "margin": "1pt", "padding": "5pt", "width": "90%" } }, "9c77f19082314286bae8da21d55329aa": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "Second", "Minute", "Hour", "Day", "Week" ], "index": 3, "layout": "IPY_MODEL_0fa5a927c4ad47e19c135307b1dea85c", "style": "IPY_MODEL_1851cda4fc144f1ab2c99a865cd78316" } }, "9e655e7dcab545f5983fdb261a09d215": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "9f611bb4c62745088b61c68de982f3ec": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ab355ef97f5843ad89c006fd6ae3c2ea": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HTMLModel", "state": { "layout": "IPY_MODEL_301c68021a244f829ff989954ca747a4", "style": "IPY_MODEL_5745a63b36434da49e1b5985acc0bd3f", "value": "

Set time range for pivot functions.

" } }, "acecf72ad09d4032aea7e599ffb37cb8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "acfeb0da96d7468795f9439f22fb6a0f": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "afac1ecc1f724f438eabba3f4dbf190b": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b28dc6ac660a4b3e871dd31180386ccc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "b508ebe21f1949c8a256571bf92e9e51": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "b58dd8f2634d4099b5ceb30350db33fd": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "b79a3c442e094040860b33127c696914": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "b79ff07f3f4747b79f2b1e5ffc50646e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_f5f26e6094e5420aadff826183743035", "IPY_MODEL_39ac65c3089f4e03abf815e59307a896", "IPY_MODEL_43536d481d654bd8a8111afc3c06ef9c" ], "layout": "IPY_MODEL_bfb6cdfe8baa4f1a94b6e87d56ce08e7" } }, "bae596916ee94ce39c973012dffd20a7": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "bc80cb94fd0b4b57bf8ef20de227e93c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "bdc855aa5d434e38a878ade40f764fe5": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "bfb6cdfe8baa4f1a94b6e87d56ce08e7": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c11dd0c299e34715b9473726e09cc1a7": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c1a73ef4c1ba4a0faa6e102d2838040f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_81d81a69512a40aeb33bd1a17b845c74", "IPY_MODEL_0c35ce564cc44b6ba6cc6becb3faef02" ], "layout": "IPY_MODEL_6f25177ffb77451c847ed17a9322c70c" } }, "c3aaa703494e41508392cd5a414351f8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c429d0b73d424181820b5de7ba75f21f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Time (24hr)", "layout": "IPY_MODEL_c3aaa703494e41508392cd5a414351f8", "style": "IPY_MODEL_8d1553864d92408295e116607e6b521e", "value": "02:49:14.277968" } }, "c6c003c7b22140bba6ab89dd0ab88744": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_8d6f3c0da3784d29ba566083a245134f", "IPY_MODEL_c429d0b73d424181820b5de7ba75f21f" ], "layout": "IPY_MODEL_63e7f739408a438b89472c46a05397b4" } }, "c92827b4af6249c380008f6ab22f0195": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "c9431e6a8caf40e9a35af57df26a91db": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "ccd7968b5e564c4db4a1c636dff735b9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "ce19925620ba445da9ca56ee2ca9f78b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "cfda608bcf5c4399904a369dae615573": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "d3290f3f69654c278ee2fb2711163d06": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "IntRangeSliderModel", "state": { "_model_name": "IntRangeSliderModel", "_view_name": "IntRangeSliderView", "description": "Time Range", "layout": "IPY_MODEL_57bf7370a095455db8c6ab8a46d5f6b8", "max": 28, "min": -28, "style": "IPY_MODEL_68975f878548486ca11a74c8227f47d3", "value": [ -1, 0 ] } }, "d4992c8b9df046f3b6a8334405566eda": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Time (24hr)", "layout": "IPY_MODEL_445239701cf94bb2a13fea7f4f8a339a", "style": "IPY_MODEL_3dfb7850a68a4a52a0f3db2ea62a19eb", "value": "02:49:12.745984" } }, "d60e67c25f7244d3b126272d81f033bb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "d66f1c18ce9247a3aa799a2380726690": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "d6ffaac1ac8645b7aa515c608f42a7b1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_922362a9d2f94729a67b1cff360dd0ed", "IPY_MODEL_8fc0a2cb78bb42f3aa935b4971b2e4a4" ], "layout": "IPY_MODEL_e7c17434d8c9485682566a16ffd0af5a" } }, "d97e7d8cabcb4d40a0cae2a051edc6dc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "dd0cf090d4524c2ba5760e72a1a7a214": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "ddaff9bbd74441f68e23823361703007": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "df752f83ee444adea62f91a9d8403ee1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_d6ffaac1ac8645b7aa515c608f42a7b1", "IPY_MODEL_fb06da30ec49421aa88c5e8386964762", "IPY_MODEL_1943a5eb70314738b53982644b8963ce" ], "layout": "IPY_MODEL_71160649347740eb9ae9eccead29bc9a" } }, "e1218c3b438f4bacbfb911bcd092e3d7": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e12d9bfcffda40b5af7ef2e45f15eb28": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "e20d8cd48b9a48d3a0fc105cf34ed6f8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DatePickerModel", "state": { "description": "Origin Date", "disabled": false, "layout": "IPY_MODEL_9e655e7dcab545f5983fdb261a09d215", "style": "IPY_MODEL_86cbc4dde5db43009c63a517987a0f6d", "value": { "date": 5, "month": 3, "year": 2022 } } }, "e7c17434d8c9485682566a16ffd0af5a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e88a7284010547aca6142649da4d119e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e88d439c233246c4919737c529cd0d3d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query end time (UTC) : ", "layout": "IPY_MODEL_ccd7968b5e564c4db4a1c636dff735b9", "style": "IPY_MODEL_ddaff9bbd74441f68e23823361703007", "value": "2022-04-05 02:49:14.277968+00:00" } }, "e92a092a341f47d88988af022770bd1a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e9abfe0004bf40fa9f105a62d735a352": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "ed5ea1ead65e4d4d887d3bda589804de": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "efa7704345e3420aa388221d72bab90e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Enter the Account name to search for:", "layout": "IPY_MODEL_8887e99f5ac74bdcbca5dc1a52b69891", "style": "IPY_MODEL_b28dc6ac660a4b3e871dd31180386ccc", "value": "Kelsea" } }, "f36dc46d59634436abc0f870dfa72012": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "f41e38a9024d46fd968351ec4c5a6efc": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "f4b67bf1e96048d78591a0c1c52a19bd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "border": "solid gray 1px", "margin": "1pt", "padding": "5pt", "width": "90%" } }, "f5f26e6094e5420aadff826183743035": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter alerts by title:", "layout": "IPY_MODEL_c11dd0c299e34715b9473726e09cc1a7", "style": "IPY_MODEL_494fc091484445509d13c0dcf29ad549" } }, "f7538bef7b144eb3af82d96719df6bdb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "fad525b324844c1d9deca225c0aed1b8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter alerts by title:", "layout": "IPY_MODEL_e88a7284010547aca6142649da4d119e", "style": "IPY_MODEL_51876de3eede4514a16107175cb249cb" } }, "fb06da30ec49421aa88c5e8386964762": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query start time (UTC):", "layout": "IPY_MODEL_6fb08d781b7541b69a824f9059904f62", "style": "IPY_MODEL_06d7adc128794d99a85ae77b226b04d9", "value": "2022-04-03 02:49:14.277968+00:00" } }, "fb0ee7017957455e9f072f9d16606b5c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "Second", "Minute", "Hour", "Day", "Week" ], "index": 3, "layout": "IPY_MODEL_acecf72ad09d4032aea7e599ffb37cb8", "style": "IPY_MODEL_f7538bef7b144eb3af82d96719df6bdb" } }, "fbdfb11a05a24ffc870a67132ad2730d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "fcdb4009e7b344fda370b2dc56bd824e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_fad525b324844c1d9deca225c0aed1b8", "IPY_MODEL_2c4aedcf664f47459a660038672fd03b", "IPY_MODEL_099c0792526244a8b736bb295c59d80e" ], "layout": "IPY_MODEL_5e1172b862864ea3aaef43357606db37" } }, "fed0fb69f87d4c3dbc5aa6f486a8c443": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "ff46007cf200482aa928bb3720f7aa00": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "Display details", "disabled": false, "layout": "IPY_MODEL_8d071160ac074372b5202f03f5b49fe0", "style": "IPY_MODEL_1578a8b4ceb44210a8ed720331423f55", "value": true } } }, "version_major": 2, "version_minor": 0 } } }, "nbformat": 4, "nbformat_minor": 4 }