[ { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:04.808 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1812;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1812;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:04.953 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1815;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1815;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:05.009 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1816;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1816;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:05.046 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1823;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1823;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:05.157 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1824;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1824;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:05.175 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1825;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1825;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:05.275 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1828;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1828;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvQxnFmzfRSzFJkzDxhlccjRwRpPxPlcmwwxLLGTChxbnZVrhjLHLZDjPZPxXjBXdjLsPppBpFSHFxHQSqplHPPMcJqkPsHxBzcSvlFKphFMqzBgrwcBPwgBvVjlJhGvbxrjnCzwWcqtMrhpQwmpWBVWnrzhmXCCdTG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:02 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:05.289 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1833;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1833;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvQxnFmzfRSzFJkzDxhlccjRwRpPxPlcmwwxLLGTChxbnZVrhjLHLZDjPZPxXjBXdjLsPppBpFSHFxHQSqplHPPMcJqkPsHxBzcSvlFKphFMqzBgrwcBPwgBvVjlJhGvbxrjnCzwWcqtMrhpQwmpWBVWnrzhmXCCdTG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:02 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:51:50.041 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1811;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1811;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:51:49.924 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1814;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1814;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:51:53.211 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1818;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1818;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:51:53.288 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1819;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1819;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:51:53.370 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1820;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1820;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:14.866 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1813;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1813;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:15.025 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1817;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1817;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:00 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:15.047 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1821;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1821;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:15.056 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1822;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1822;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:15.165 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1826;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1826;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlFRtsTfgZqwnkFtjwNZcGgxNBgwqPnJfcTCBQfQkDDXprqnwpnCvLgQTDmDVHHQLdXgZgXDJXhtv;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:01 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:15.184 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1829;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1829;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvQxnFmzfRSzFJkzDxhlccjRwRpPxPlcmwwxLLGTChxbnZVrhjLHLZDjPZPxXjBXdjLsPppBpFSHFxHQSqplHPPMcJqkPsHxBzcSvlFKphFMqzBgrwcBPwgBvVjlJhGvbxrjnCzwWcqtMrhpQwmpWBVWnrzhmXCCdTG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:02 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:15.283 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1832;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1832;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvQxnFmzfRSzFJkzDxhlccjRwRpPxPlcmwwxLLGTChxbnZVrhjLHLZDjPZPxXjBXdjLsPppBpFSHFxHQSqplHPPMcJqkPsHxBzcSvlFKphFMqzBgrwcBPwgBvVjlJhGvbxrjnCzwWcqtMrhpQwmpWBVWnrzhmXCCdTG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:02 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 10:52:15.303 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1834;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1834;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvQxnFmzfRSzFJkzDxhlccjRwRpPxPlcmwwxLLGTChxbnZVrhjLHLZDjPZPxXjBXdjLsPppBpFSHFxHQSqplHPPMcJqkPsHxBzcSvlFKphFMqzBgrwcBPwgBvVjlJhGvbxrjnCzwWcqtMrhpQwmpWBVWnrzhmXCCdTG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 3:52:02 PM;REPORTED_ON=November 20, 2020 3:52:14 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:47.766 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1716;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1716;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:45 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:47.891 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1715;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1715;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:45 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:48.029 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1722;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1722;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:46 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:48.072 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1725;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1725;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:46 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:48.167 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1728;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1728;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:48.187 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1731;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1731;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:48.300 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1735;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1735;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:48 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:48.326 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1738;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1738;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:48 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:39.781 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1717;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1717;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:45 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:39.870 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1723;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1723;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:46 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:39.886 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1727;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1727;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:39.967 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1730;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1730;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:48:10.218 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1709;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1709;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:48:11 AM;REPORTED_ON=November 19, 2020 8:48:18 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:48:10.242 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1710;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1710;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:48:13 AM;REPORTED_ON=November 19, 2020 8:48:18 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:48:10.314 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1713;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1713;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:48:15 AM;REPORTED_ON=November 19, 2020 8:48:18 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:48:25.286 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1707;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1707;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:48:11 AM;REPORTED_ON=November 19, 2020 8:48:18 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:48:25.322 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1711;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1711;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:48:14 AM;REPORTED_ON=November 19, 2020 8:48:18 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:48:34.077 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1714;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1714;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:48:16 AM;REPORTED_ON=November 19, 2020 8:48:28 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.124 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1763;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1763;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.255 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1768;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1768;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.344 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1771;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1771;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.362 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1775;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1775;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:22 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.429 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1777;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1777;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:22 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.506 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1781;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1781;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:23 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.526 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1783;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1783;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:23 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:30.614 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1786;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1786;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:23 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.374 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1764;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1764;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:20 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.563 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1766;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1766;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.632 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1770;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1770;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.668 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1773;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1773;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.733 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1776;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1776;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:22 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.787 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1779;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1779;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:22 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.841 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1782;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1782;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:23 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:21.926 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1785;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1785;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:23 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:13.005 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1772;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1772;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:22 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:13.063 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1774;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1774;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:22 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:13.125 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1778;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1778;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrslwRwzKhTvGjmmtvqkNrJKnmRFsDNRMJlPTrJQHxdqNwvxDTfmjkDnkPCQZKwbhgdZHLKXlQmSkjpp;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:22 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:13.904 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1784;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1784;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:23 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:13.509 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1780;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1780;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXGmvgQfGqhfdMjpQScRQwCZJjXZltTtdVRxLcKTZNGXVvjlCDVVkrfGBwMbJSLVHLgZHwBsHrxJlgVxjJrCttcwbtDzHQWJDrPQJvbzzGplcwHTdmcRclDtHQtlPcpnWfGrmlJHCZsGlhcWhgGQNsQtDtWLhLXHSVsz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:23 PM;REPORTED_ON=November 19, 2020 4:23:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:14.601 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1765;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1765;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:20 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:14.805 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1767;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1767;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 11:23:15.661 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1769;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1769;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 4:23:21 PM;REPORTED_ON=November 19, 2020 4:23:29 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.242 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1742;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1742;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:18 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.353 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1744;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1744;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:18 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.482 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1747;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1747;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:19 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.541 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1751;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1751;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:19 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.569 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1753;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1753;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:20 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.657 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1757;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1757;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:20 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.696 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1760;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1760;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:21 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:15.927 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1756;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1756;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:20 PM;REPORTED_ON=November 19, 2020 2:13:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:37.737 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1749;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1749;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:19 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:37.809 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1750;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1750;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:19 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:37.857 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1755;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1755;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:20 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:37.964 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1758;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1758;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:20 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:38.822 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1761;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1761;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:21 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:05.548 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1754;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1754;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:20 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:06.521 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1743;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1743;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:18 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:06.551 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1745;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1745;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:19 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:06.667 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1748;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1748;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:19 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:06.713 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1752;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1752;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=lqrsljbfNkBNMwVClWPtbHGHBFFTKHWRwTxctdsrhFtDTHzrvRrgJKLJWZgWTnLcgTdCpzvRMNgvjmXXz;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:19 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:06.393 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1739;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1739;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:18 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:06.841 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1759;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1759;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:20 PM;REPORTED_ON=November 19, 2020 2:13:23 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 9:13:06.965 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1762;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1762;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=LxRWXCTLbWDTsRNkZLRhtntzhKQQMVsPrHXRRqMjNTbgCJDxPTSxVcmZDmZPXmqQwwPnqDXbBdgDfMPDVLMVRlqLbWdVPqXJfjQJDHMtxthrJzCpxSHhxpMFsfMhJjllhBKcfxxnSpkdtDHzTxVHLfdHljQbkSlkfnScBdK;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 2:13:21 PM;REPORTED_ON=November 19, 2020 2:13:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:34.586 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1691;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1691;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:22 AM;REPORTED_ON=November 19, 2020 8:31:28 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:34.722 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1695;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1695;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:24 AM;REPORTED_ON=November 19, 2020 8:31:28 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:20.016 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1693;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1693;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:21 AM;REPORTED_ON=November 19, 2020 8:31:28 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:20.129 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1694;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1694;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:23 AM;REPORTED_ON=November 19, 2020 8:31:28 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:29.313 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1697;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1697;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:25 AM;REPORTED_ON=November 19, 2020 8:31:37 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:44.219 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1698;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1698;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:26 AM;REPORTED_ON=November 19, 2020 8:31:37 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:10.620 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1692;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1692;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:21 AM;REPORTED_ON=November 19, 2020 8:31:28 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:32:04.008 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1700;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1700;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:49 AM;REPORTED_ON=November 19, 2020 8:31:57 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:32:04.047 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1706;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1706;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:53 AM;REPORTED_ON=November 19, 2020 8:31:57 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:50.947 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1703;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1703;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:51 AM;REPORTED_ON=November 19, 2020 8:31:57 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:50.950 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1704;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1704;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:52 AM;REPORTED_ON=November 19, 2020 8:31:57 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:50.687 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1701;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1701;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:50 AM;REPORTED_ON=November 19, 2020 8:31:57 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 3:31:11.256 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1696;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1696;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 8:31:25 AM;REPORTED_ON=November 19, 2020 8:31:28 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:55.727 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1807;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1807;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvSmCvfmKXJVXRVsgGDkfppKhbXkhxQsSqzRKrMhLxbJsRLQHFpndDlbNtNFRNmSVFgpcGtHNZhPPzqBKxSCCLrpfCCrfnmqFVwqjzLNxKlWqfqZdmppQXcsPNHZKCmMKsBMgjFDBzVvDrCpggkktpBPvlhqClwNbpG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:46 AM;REPORTED_ON=November 20, 2020 9:06:04 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:55.768 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1809;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1809;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvSmCvfmKXJVXRVsgGDkfppKhbXkhxQsSqzRKrMhLxbJsRLQHFpndDlbNtNFRNmSVFgpcGtHNZhPPzqBKxSCCLrpfCCrfnmqFVwqjzLNxKlWqfqZdmppQXcsPNHZKCmMKsBMgjFDBzVvDrCpggkktpBPvlhqClwNbpG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:47 AM;REPORTED_ON=November 20, 2020 9:06:04 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:46.257 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1788;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1788;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:46.456 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1792;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1792;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:46.511 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1795;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1795;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:45 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:46.576 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1798;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1798;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:45 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:46.625 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1801;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1801;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:45 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:56.740 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1787;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1787;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:56.882 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1793;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1793;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:56.918 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1797;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1797;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:45 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:56.946 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1800;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1800;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:45 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:56.981 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1802;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1802;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:46 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:06:06.079 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1804;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1804;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvSmCvfmKXJVXRVsgGDkfppKhbXkhxQsSqzRKrMhLxbJsRLQHFpndDlbNtNFRNmSVFgpcGtHNZhPPzqBKxSCCLrpfCCrfnmqFVwqjzLNxKlWqfqZdmppQXcsPNHZKCmMKsBMgjFDBzVvDrCpggkktpBPvlhqClwNbpG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:46 AM;REPORTED_ON=November 20, 2020 9:06:04 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:06:06.123 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1806;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1806;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvSmCvfmKXJVXRVsgGDkfppKhbXkhxQsSqzRKrMhLxbJsRLQHFpndDlbNtNFRNmSVFgpcGtHNZhPPzqBKxSCCLrpfCCrfnmqFVwqjzLNxKlWqfqZdmppQXcsPNHZKCmMKsBMgjFDBzVvDrCpggkktpBPvlhqClwNbpG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:46 AM;REPORTED_ON=November 20, 2020 9:06:04 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:06:06.154 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1810;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1810;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvSmCvfmKXJVXRVsgGDkfppKhbXkhxQsSqzRKrMhLxbJsRLQHFpndDlbNtNFRNmSVFgpcGtHNZhPPzqBKxSCCLrpfCCrfnmqFVwqjzLNxKlWqfqZdmppQXcsPNHZKCmMKsBMgjFDBzVvDrCpggkktpBPvlhqClwNbpG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:47 AM;REPORTED_ON=November 20, 2020 9:06:04 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:55.534 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1803;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1803;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=HfxTvSmCvfmKXJVXRVsgGDkfppKhbXkhxQsSqzRKrMhLxbJsRLQHFpndDlbNtNFRNmSVFgpcGtHNZhPPzqBKxSCCLrpfCCrfnmqFVwqjzLNxKlWqfqZdmppQXcsPNHZKCmMKsBMgjFDBzVvDrCpggkktpBPvlhqClwNbpG;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:46 AM;REPORTED_ON=November 20, 2020 9:06:04 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:33.772 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1791;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1791;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:33.929 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1794;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1794;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:34.013 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1796;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1796;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:45 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:34.052 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1799;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1799;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlMBDGjdpfKLvrfjHHfjZfcsxvTTKXDTCXNqGdxGCggCfcTzZVMPMnkpSBfxsJZsDHCvVQPcFQKRb;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:45 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:34.299 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1790;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1790;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/20/2020, 4:05:35.553 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1789;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1789;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.2;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 20, 2020 9:05:44 AM;REPORTED_ON=November 20, 2020 9:05:55 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.2;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:14.946 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1726;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1726;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:46 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:15.069 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1729;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1729;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:15.119 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1732;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1732;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:15.217 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1733;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1733;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:16.748 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1736;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1736;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:48 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:37.659 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1734;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1734;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:47 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:30:37.701 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1737;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1737;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=vkmnKxCGJMndtjnjzDTBzMsNLPvMZPhRqmRzstxChCLNdwLdjCgMrrZlndrtMCgtvQkhXHqrRRdqGNtSDmzFSnZZXJVJPLddVsmbskVvKJPwvhNwDBxbwJPmPrsnLPdPSXnfrDvqHxHCNKlVfvRGjnhWsxRGwnLlHxdKhTmrtv;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:48 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:14.624 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1718;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1718;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:45 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:14.671 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1720;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1720;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:46 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/19/2020, 6:31:14.919 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1724;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1724;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=CrpPbDzKVkQfjVFLLmLbWRNtgGnhnLscFbQKGMVTxvTlFMvtgXpmBVTlWHVvLzWFZXGqQxZnqnKTCPTKlDXq;SENDER=10.221.253.30;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 19, 2020 11:30:46 AM;REPORTED_ON=November 19, 2020 11:30:56 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.253.30;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:42.963 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1669;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1669;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:41 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:43.166 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1672;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1672;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:42 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:43.196 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1673;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1673;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:42 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:43.264 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1675;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1675;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:42 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:43.312 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1679;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1679;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:43.345 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1682;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1682;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:43.419 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1685;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1685;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:51 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:43.443 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1688;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1688;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:44 PM;REPORTED_ON=November 18, 2020 3:40:51 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:37.505 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1667;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1667;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:41 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:38.030 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1671;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1671;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:42 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:38.102 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1676;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1676;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:42 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:38.117 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1678;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1678;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:38.169 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1681;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1681;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:38.203 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1684;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1684;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:51 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:38.248 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1687;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1687;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:44 PM;REPORTED_ON=November 18, 2020 3:40:51 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:38.325 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1690;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1690;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:44 PM;REPORTED_ON=November 18, 2020 3:40:51 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:54.052 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1648;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1648;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:24 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:54.163 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1652;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1652;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:25 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:54.190 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1654;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1654;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:25 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:54.252 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1657;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1657;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:25 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:56.330 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1645;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1645;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:24 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:09.603 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1620;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1620;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:06 AM;REPORTED_ON=November 18, 2020 10:48:16 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:09.687 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1621;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1621;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:06 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:09.806 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1627;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1627;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:07 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:09.853 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1630;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1630;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:08 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:09.937 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1633;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1633;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:08 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.253 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1668;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1668;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:41 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.384 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1670;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1670;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:41 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.412 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1674;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1674;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:42 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.427 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1677;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1677;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:42 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.457 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1680;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1680;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.473 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1683;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1683;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:43 PM;REPORTED_ON=November 18, 2020 3:40:50 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.502 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1686;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1686;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:44 PM;REPORTED_ON=November 18, 2020 3:40:51 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 10:40:57.517 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1689;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1689;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 3:40:44 PM;REPORTED_ON=November 18, 2020 3:40:51 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:27.332 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1568;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1568;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:13 AM;REPORTED_ON=November 18, 2020 8:54:21 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:27.450 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1570;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1570;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:14 AM;REPORTED_ON=November 18, 2020 8:54:21 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:27.619 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1574;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1574;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:14 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:27.648 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1577;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1577;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:14 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:27.706 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1580;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1580;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:15 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:09.400 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1575;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1575;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:14 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:09.455 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1578;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1578;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:15 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:10.484 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1581;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1581;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:15 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:52:00.645 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1659;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1659;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:56 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:52:00.796 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1663;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1663;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:56 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:52:00.816 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1665;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1665;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:56 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:52:17.470 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1661;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1661;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:55 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:52:17.647 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1662;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1662;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:56 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:52:17.676 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1666;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1666;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:56 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:51:54.552 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1660;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1660;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:55 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:51:54.765 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1664;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1664;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:51:56 PM;REPORTED_ON=November 18, 2020 2:52:08 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:29.626 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1635;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1635;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:24 AM;REPORTED_ON=November 18, 2020 11:04:36 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:29.650 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1637;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1637;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:24 AM;REPORTED_ON=November 18, 2020 11:04:36 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:29.717 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1641;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1641;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:24 AM;REPORTED_ON=November 18, 2020 11:04:37 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:56.771 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1636;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1636;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:23 AM;REPORTED_ON=November 18, 2020 11:04:36 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:56.823 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1639;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1639;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:24 AM;REPORTED_ON=November 18, 2020 11:04:36 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:57.339 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1642;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1642;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:24 AM;REPORTED_ON=November 18, 2020 11:04:37 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:23.730 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1643;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1643;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:24 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:29.436 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1644;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1644;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:24 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:29.635 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1647;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1647;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:24 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:29.707 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1650;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1650;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:24 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:29.741 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1651;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1651;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:25 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 9:19:29.805 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1656;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1656;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 2:19:25 PM;REPORTED_ON=November 18, 2020 2:19:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:23.511 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1638;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1638;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:24 AM;REPORTED_ON=November 18, 2020 11:04:36 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 6:04:23.933 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1640;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1640;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 11:04:24 AM;REPORTED_ON=November 18, 2020 11:04:36 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:14.474 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1567;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1567;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:13 AM;REPORTED_ON=November 18, 2020 8:54:21 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:14.619 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1572;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1572;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:14 AM;REPORTED_ON=November 18, 2020 8:54:21 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:14.640 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1573;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1573;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:14 AM;REPORTED_ON=November 18, 2020 8:54:21 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:14.800 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1576;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1576;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:14 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:14.819 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1579;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1579;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:15 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 3:54:14.917 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1582;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1582;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 8:54:15 AM;REPORTED_ON=November 18, 2020 8:54:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:39.419 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1585;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1585;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:32 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:39.537 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1586;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1586;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:32 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:39.597 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1591;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1591;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=Unknown;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.024 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1597;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1597;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:39.987 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1594;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1594;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=Unknown;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.608 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1600;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1600;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.678 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1605;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1605;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.883 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1612;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1612;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.915 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1615;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1615;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:36 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.944 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1603;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1603;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.806 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1606;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1606;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:40.827 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1610;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1610;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:05.921 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1602;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1602;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:06.145 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1604;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1604;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:03.628 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1583;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1583;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:32 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:03.984 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1587;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1587;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:32 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:04.076 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1590;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1590;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:04.203 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1592;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1592;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=Unknown;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:04.391 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1609;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1609;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:04.533 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1611;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1611;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:04.579 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1616;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1616;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:36 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:04.746 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1617;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1617;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:36 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:05.395 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1596;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1596;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:16:05.446 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1598;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1598;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:31.403 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1601;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1601;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:31.576 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1607;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1607;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:31.599 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1608;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1608;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:33.000 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1595;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1595;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:33.016 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1599;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1599;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=XBcJlJmwqHmtCPczNFGTxpcLWzZDTcWqBfwkgXQFpBRGtGTVwHCktRggpbCzWJVpdrBkpdVXCfrMZzjQ;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:34 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:32.766 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1589;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1589;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:32 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:32.840 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1593;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1593;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=Unknown;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:33 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:31.698 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1613;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1613;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:35 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:31.732 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1614;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1614;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:36 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:31.802 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1618;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1618;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:36 AM;REPORTED_ON=November 18, 2020 10:15:46 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:32.223 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1584;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1584;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:32 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:15:32.549 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1588;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1588;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:15:32 AM;REPORTED_ON=November 18, 2020 10:15:45 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 11:45:14.570 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Blocking", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1473;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1473;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=502;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.252.148;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=November 10, 2020 4:44:55 PM;REPORTED_ON=November 10, 2020 4:45:13 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.252.148;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 10:07:38.984 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1471;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1471;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.252.148;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 10, 2020 3:07:25 PM;REPORTED_ON=November 10, 2020 3:07:39 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.252.148;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 10:07:45.658 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Blocking", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1470;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1470;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=502;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.252.148;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=November 10, 2020 3:07:25 PM;REPORTED_ON=November 10, 2020 3:07:44 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.252.148;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/12/2020, 6:25:17.525 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1525;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1525;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.240.221;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 12, 2020 11:25:04 AM;REPORTED_ON=November 12, 2020 11:25:19 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.240.221;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 11:45:05.438 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1474;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1474;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.252.148;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 10, 2020 4:44:55 PM;REPORTED_ON=November 10, 2020 4:45:04 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.252.148;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:35.319 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1628;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1628;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:07 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:35.370 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1631;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1631;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:08 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:35.506 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1634;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1634;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:08 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:34.630 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1624;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1624;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:07 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:34.703 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1626;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1626;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:07 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:04.678 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1619;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1619;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:06 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/18/2020, 5:48:04.788 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1625;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1625;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.237.66;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 18, 2020 10:48:07 AM;REPORTED_ON=November 18, 2020 10:48:17 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.237.66;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 5:04:21.300 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1467;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1467;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.227.19;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 10, 2020 10:03:50 AM;REPORTED_ON=November 10, 2020 10:04:06 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.227.19;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 5:04:05.544 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1465;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1465;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.227.19;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 10, 2020 10:03:50 AM;REPORTED_ON=November 10, 2020 10:04:06 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.227.19;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 5:04:05.568 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1468;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1468;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.227.19;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 10, 2020 10:03:50 AM;REPORTED_ON=November 10, 2020 10:04:06 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.227.19;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:59.684 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1546;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1546;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:39 PM;REPORTED_ON=November 17, 2020 3:55:54 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:59.784 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1547;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1547;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:39 PM;REPORTED_ON=November 17, 2020 3:55:54 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:59.869 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1551;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1551;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:40 PM;REPORTED_ON=November 17, 2020 3:55:54 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:56:00.049 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1561;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1561;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:41 PM;REPORTED_ON=November 17, 2020 3:55:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:56:00.115 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1562;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1562;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:41 PM;REPORTED_ON=November 17, 2020 3:55:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:56:00.765 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1565;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1565;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:42 PM;REPORTED_ON=November 17, 2020 3:55:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:48.072 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1549;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1549;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:39 PM;REPORTED_ON=November 17, 2020 3:55:54 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:48.147 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1548;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1548;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:39 PM;REPORTED_ON=November 17, 2020 3:55:54 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:48.349 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1559;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1559;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:41 PM;REPORTED_ON=November 17, 2020 3:55:54 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:48.382 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1560;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1560;ATTACHMENT_FILENAME=DLP_Excel_BAN count2a.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:41 PM;REPORTED_ON=November 17, 2020 3:55:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:48.467 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1566;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1566;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:42 PM;REPORTED_ON=November 17, 2020 3:55:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:45.062 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1563;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1563;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:41 PM;REPORTED_ON=November 17, 2020 3:55:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/17/2020, 10:55:45.110 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1564;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1564;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/#!!&app=io.ox/mail/compose:compose;SENDER=10.221.232.163;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 17, 2020 3:55:41 PM;REPORTED_ON=November 17, 2020 3:55:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.232.163;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 12:17:39.078 PM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Blocking", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1476;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1476;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=502;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.252.148;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=November 10, 2020 5:17:25 PM;REPORTED_ON=November 10, 2020 5:17:39 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.252.148;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0003" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/10/2020, 12:17:57.039 PM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1477;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1477;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.252.148;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 10, 2020 5:17:25 PM;REPORTED_ON=November 10, 2020 5:17:35 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.222.252.148;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:34:52.571 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1172;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1172;ATTACHMENT_FILENAME=DLP_Excel_BAN-001d.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (BAN001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:34:25 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 9:44:54.832 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Office Excel;INCIDENT_ID=1156;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1156;ATTACHMENT_FILENAME=N/A;FILE_NAME=DLP_Excel_BAN count1.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Printer/Fax;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 7, 2020 2:44:26 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/9/2020, 5:06:42.108 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1446;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1446;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=DmwnWrRrlrHlPPVfqLdPWhWCGVHtjNNcNbMLNgTwvGqsmCmtmxMWXqVKmPcjrZHxfGRnZrMDLQwQ;SENDER=10.221.227.58;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 9, 2020 10:06:23 AM;REPORTED_ON=November 9, 2020 10:06:32 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.227.58;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 11:27:16.275 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1404;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1404;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info November 5, 2020 4:27:43 PM;REPORTED_ON=November 5, 2020 4:28:00 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:32:04.873 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1258;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1258;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_Excel_NINO count 1.xlsx ;FILE_NAME=DLP_Excel_NINO count 1.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:31:58 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:32:04.961 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "IRGT - DPA", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1259;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1259;ATTACHMENT_FILENAME=DPA12345.docx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=FW: test email;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 2:31:58 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:32:05.333 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Office Excel;INCIDENT_ID=1257;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1257;ATTACHMENT_FILENAME=N/A;FILE_NAME=DLP_Excel_PCIMON- count 1.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Printer/Fax;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:31:58 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:24.705 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1385;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1385;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:25.468 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1390;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1390;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:25.476 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1392;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1392;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:25.477 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1395;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1395;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/?ictd[master]=;vid~94849c99-128f-4255-8a34-676cbf41022c&ictd[il4484]=;rlt~1604587404~land~2_37970_direct_250a05b40b591c0704089ba54ab1ef5a#!!&app=io.ox/mail/compose:compose;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:25.514 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1394;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1394;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/?ictd[master]=;vid~94849c99-128f-4255-8a34-676cbf41022c&ictd[il4484]=;rlt~1604587404~land~2_37970_direct_250a05b40b591c0704089ba54ab1ef5a#!!&app=io.ox/mail/compose:compose;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:25.518 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1398;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1398;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/?ictd[master]=;vid~94849c99-128f-4255-8a34-676cbf41022c&ictd[il4484]=;rlt~1604587404~land~2_37970_direct_250a05b40b591c0704089ba54ab1ef5a#!!&app=io.ox/mail/compose:compose;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:25.526 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1389;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1389;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:46:25.565 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1400;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1400;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://apps.talktalk.co.uk/appsuite/?ictd[master]=;vid~94849c99-128f-4255-8a34-676cbf41022c&ictd[il4484]=;rlt~1604587404~land~2_37970_direct_250a05b40b591c0704089ba54ab1ef5a#!!&app=io.ox/mail/compose:compose;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:47:06 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/22/2020, 9:05:42.516 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1253;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1253;ATTACHMENT_FILENAME=PAN2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.221.226.209;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 22, 2020 2:05:40 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/6/2020, 11:27:57.358 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1425;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1425;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.232.91;SUBJECT=N/A;SEVERITY=4:Info November 6, 2020 4:28:40 PM;REPORTED_ON=November 6, 2020 4:28:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.232.91;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/26/2020, 7:10:19.575 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1284;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1284;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.252.95;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 26, 2020 11:10:44 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.252.95;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/26/2020, 7:10:40.465 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1284;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1284;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.252.95;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 26, 2020 11:10:44 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.252.95;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:43.485 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - BAN001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1314;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1314;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_BAN-001.xlsx ;FILE_NAME=DLP_Excel_BAN-001.xlsx;MATCH_COUNT=498;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:43.487 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - BAN001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1314;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1314;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_BAN-001.xlsx ;FILE_NAME=DLP_Excel_BAN-001.xlsx;MATCH_COUNT=498;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:53.984 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1312;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1312;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_PCI-001.xlsx ;FILE_NAME=DLP_Excel_PCI-001.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:54.040 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1312;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1312;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_PCI-001.xlsx ;FILE_NAME=DLP_Excel_PCI-001.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:54.258 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1313;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1313;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_BAN-001.xlsx ;FILE_NAME=DLP_Excel_BAN-001.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:54.409 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1315;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1315;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_DOB-001.xlsx ;FILE_NAME=DLP_Excel_DOB-001.xlsx;MATCH_COUNT=427;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:54.445 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1317;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1317;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_NINO-001.xlsx ;FILE_NAME=DLP_Excel_NINO-001.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:54.618 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1320;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1320;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_PAN-001.xlsx ;FILE_NAME=DLP_Excel_PAN-001.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/20/2020, 8:51:12.616 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "IRGT- DPLIA", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1225;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1225;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=TEST;SEVERITY=1:High;OCCURRED_ON=October 20, 2020 1:50:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/20/2020, 8:51:13.205 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "IRGT - SAR Request", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1224;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1224;ATTACHMENT_FILENAME=SAR12345.docx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=TEST email;SEVERITY=1:High;OCCURRED_ON=October 20, 2020 1:50:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/6/2020, 11:25:40.557 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1133;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1133;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=5;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 6, 2020 4:25:06 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.243.241;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/6/2020, 11:24:46.027 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Office Word;INCIDENT_ID=1132;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1132;ATTACHMENT_FILENAME=N/A;FILE_NAME=Microsoft Word - DLP_WORD+DOB_1 count;MATCH_COUNT=5;PROTOCOL=Endpoint Printer/Fax;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 6, 2020 4:25:06 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.243.241;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:29:55.430 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1377;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1377;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:30:35 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:29:55.547 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1380;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1380;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:30:35 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:29:55.549 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1382;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1382;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:30:35 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:29:55.562 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1384;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1384;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:30:36 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:30:30.662 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1378;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1378;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=6;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:30:35 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 9:30:30.684 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1379;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1379;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 2:30:35 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 9:44:54.712 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1153;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1153;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_Excel_NINO count 1.xlsx ;FILE_NAME=DLP_Excel_NINO count 1.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 7, 2020 2:44:25 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 9:43:57.152 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1154;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1154;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=DLP_Excel_PCIMON- count 1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 7, 2020 2:44:25 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 9:43:57.494 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Office Excel;INCIDENT_ID=1157;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1157;ATTACHMENT_FILENAME=N/A;FILE_NAME=DLP_Excel_PCIMON- count 1.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Printer/Fax;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 7, 2020 2:44:26 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 9:43:57.586 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1155;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1155;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_WORD+DOB_1 count.docx ;FILE_NAME=DLP_WORD+DOB_1 count.docx;MATCH_COUNT=5;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 7, 2020 2:44:25 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/4/2020, 8:41:53.562 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1367;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1367;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/_/upload?authuser=;0&dcp=;asu-n&upload_id=;ABg5-UyIQSLYwp3tLXXV8dhKXbs3Dj1OU2Z0kiDYaJRBxwCAic5aKy-MUpPQnW3LS5tnUOdy8McmYIe8ZbTrrMqSRgKAoV8r-w&upload_protocol=resumable;SENDER=10.221.234.112;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 4, 2020 1:42:17 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.234.112;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 9:28:43.988 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1152;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1152;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_Excel_BAN count1.xlsx ;FILE_NAME=DLP_Excel_BAN count1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 7, 2020 2:28:10 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:57:42.001 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1329;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1329;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=427;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:57:54.081 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers (Unclassified) - PCI-001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1322;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1322;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=306;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:57:54.466 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth (Unclassified) - DOB001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1328;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1328;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=849;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:57:54.664 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - BAN001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1330;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1330;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=498;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:57.300 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers (Unclassified) - PCI-001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1311;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1311;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_PCI-001.xlsx ;FILE_NAME=DLP_Excel_PCI-001.xlsx;MATCH_COUNT=306;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:57.351 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers (Unclassified) - PCI-001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1311;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1311;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_PCI-001.xlsx ;FILE_NAME=DLP_Excel_PCI-001.xlsx;MATCH_COUNT=306;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:57.628 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers (Unclassified) - PAN-001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1319;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1319;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_PAN-001.xlsx ;FILE_NAME=DLP_Excel_PAN-001.xlsx;MATCH_COUNT=413;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:57.665 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers (Unclassified) - PAN-001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1319;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1319;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_PAN-001.xlsx ;FILE_NAME=DLP_Excel_PAN-001.xlsx;MATCH_COUNT=413;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:57.676 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) -NINO-001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1318;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1318;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_NINO-001.xlsx ;FILE_NAME=DLP_Excel_NINO-001.xlsx;MATCH_COUNT=502;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/22/2020, 6:55:33.753 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1246;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1246;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.221.226.209;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 22, 2020 11:55:19 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 8:59:16.192 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1254;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1254;ATTACHMENT_FILENAME=PAN2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.221.226.209;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 1:59:27 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 8:59:32.712 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1254;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1254;ATTACHMENT_FILENAME=PAN2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.221.226.209;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 1:59:27 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:31:44.713 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1258;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1258;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_Excel_NINO count 1.xlsx ;FILE_NAME=DLP_Excel_NINO count 1.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:31:58 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:31:44.913 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Office Excel;INCIDENT_ID=1257;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1257;ATTACHMENT_FILENAME=N/A;FILE_NAME=DLP_Excel_PCIMON- count 1.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Printer/Fax;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:31:58 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "8/25/2020, 9:42:30.098 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Test Policy", "AdditionalExtensions": "POLICY_RULE_VIOLATED=[UNKNOWN VARIABLE: POLICY_RULES];BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=667;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=667;ATTACHMENT_FILENAME=N/A ;FILE_NAME=N/A;MATCH_COUNT=13;PROTOCOL=Endpoint HTTPS;RECIPIENTS=https://www.dropbox.com/log_js_sw_data;SENDER=10.221.228.91;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=[UNKNOWN VARIABLE: OCCURED_ON];URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.91;ENDPOINT_USER_NAME=[UNKNOWN VARIABLE: ENDPOINT_USER_NAME];SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "8/25/2020, 9:42:30.218 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Test Policy", "AdditionalExtensions": "POLICY_RULE_VIOLATED=[UNKNOWN VARIABLE: POLICY_RULES];BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=666;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=666;ATTACHMENT_FILENAME=N/A ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=https://www.dropbox.com/alternate_wtl;SENDER=10.221.228.91;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=[UNKNOWN VARIABLE: OCCURED_ON];URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.91;ENDPOINT_USER_NAME=[UNKNOWN VARIABLE: ENDPOINT_USER_NAME];SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:15:25.420 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1256;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1256;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_WORD+DOB_2 count.docx ;FILE_NAME=DLP_WORD+DOB_2 count.docx;MATCH_COUNT=6;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 2:15:42 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:15:25.450 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1256;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1256;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_WORD+DOB_2 count.docx ;FILE_NAME=DLP_WORD+DOB_2 count.docx;MATCH_COUNT=6;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 2:15:42 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/20/2020, 5:52:27.106 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1205;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1205;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_Excel_BAN count1.xlsx ;FILE_NAME=DLP_Excel_BAN count1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 20, 2020 10:52:11 AM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/28/2020, 6:17:11.455 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Legal & Property", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1307;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1307;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=18;PROTOCOL=Endpoint HTTPS;RECIPIENTS=https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/CancelCondition.do;SENDER=10.221.252.28;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 28, 2020 10:17:58 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.252.28;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/28/2020, 6:17:11.491 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Legal & Property", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1306;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1306;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=18;PROTOCOL=Endpoint HTTPS;RECIPIENTS=https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/CancelCondition.do;SENDER=10.221.252.28;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 28, 2020 10:17:58 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.252.28;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/9/2020, 4:50:38.630 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1445;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1445;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.221.227.58;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 9, 2020 9:50:08 AM;REPORTED_ON=November 9, 2020 9:50:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=ABC\\sampleuser01;MACHINE_IP=10.221.227.58;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/5/2020, 10:52:26.761 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1402;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1402;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://test.abccompany.com/sites/A2821/Data%20Loss%20Prevention/Forms/AllItems.aspx?csf=;1&web=;1&e=;zUbg5J&cid=;5ce64a6b%2D67a7%2D4130%2Db1e0%2Dfb6592e6c070&FolderCTID=;0x01200051E85ACE21DEF84E890E133F75010058&id=;%2Fsites%2FA2821%2FData%20Loss%20Prevention%2F010%20%2D%20Project%20Folders%2FTesting%2FWeb%20channel%20test%20files&viewid=5374dca0%2D518b%2D479a%2Dbce7%2Deed6a3e15af8;SENDER=10.221.228.210;SUBJECT=N/A;SEVERITY=4:Info;REPORTED_ON=November 5, 2020 3:53:09 PM ;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.228.210;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/28/2020, 6:01:21.511 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Legal & Property", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1305;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1305;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=18;PROTOCOL=Endpoint HTTPS;RECIPIENTS=https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/CancelCondition.do;SENDER=10.221.252.28;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 28, 2020 10:01:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.252.28;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/28/2020, 6:00:42.437 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Legal & Property", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1305;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1305;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=18;PROTOCOL=Endpoint HTTPS;RECIPIENTS=https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/CancelCondition.do;SENDER=10.221.252.28;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 28, 2020 10:01:22 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.252.28;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/6/2020, 11:11:08.621 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1410;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1410;ATTACHMENT_FILENAME=DLP DATA.zip ;FILE_NAME=N/A;MATCH_COUNT=9;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.232.91;SUBJECT=N/A;SEVERITY=4:Info November 6, 2020 4:11:36 PM;REPORTED_ON=November 6, 2020 4:11:57 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.232.91;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/6/2020, 11:11:08.703 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1411;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1411;ATTACHMENT_FILENAME=DLP DATA.zip ;FILE_NAME=N/A;MATCH_COUNT=5625;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.232.91;SUBJECT=N/A;SEVERITY=4:Info November 6, 2020 4:11:36 PM;REPORTED_ON=November 6, 2020 4:11:57 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.232.91;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/6/2020, 11:11:08.868 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers - Web Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1414;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1414;ATTACHMENT_FILENAME=DLP DATA.zip ;FILE_NAME=N/A;MATCH_COUNT=48;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/?hl=;en-GB#inbox?compose=new;SENDER=10.222.232.91;SUBJECT=N/A;SEVERITY=4:Info November 6, 2020 4:11:36 PM;REPORTED_ON=November 6, 2020 4:11:57 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.232.91;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:32.877 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1359;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1359;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=new;SENDER=10.221.233.14;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:37 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:23.357 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1345;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1345;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_BAN count2.xlsx ;FILE_NAME=DLP_Excel_BAN count2.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:35 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:48.168 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1346;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1346;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_BAN count1.xlsx ;FILE_NAME=DLP_Excel_BAN count1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:35 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:48.189 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1344;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1344;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_WORD+DOB_2 count.docx ;FILE_NAME=DLP_WORD+DOB_2 count.docx;MATCH_COUNT=6;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=November 2, 2020 3:35:35 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:32.040 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1349;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1349;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=DLP_Excel_PCIMON- count 1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:35 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:32.076 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1350;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1350;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=DLP_Excel_PCIMON- count 2.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:32.114 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1352;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1352;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=new;SENDER=10.221.233.14;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:32.119 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1354;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1354;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=new;SENDER=10.221.233.14;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:32.126 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1356;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1356;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=new;SENDER=10.221.233.14;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:51.819 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1348;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1348;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_NINO count 2.xlsx ;FILE_NAME=DLP_Excel_NINO count 2.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:35 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:51.966 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1347;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1347;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_NINO count 1.xlsx ;FILE_NAME=DLP_Excel_NINO count 1.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:35 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:51.969 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1351;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1351;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_WORD+DOB_1 count.docx ;FILE_NAME=DLP_WORD+DOB_1 count.docx;MATCH_COUNT=5;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:52.030 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1353;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1353;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=new;SENDER=10.221.233.14;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:52.208 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1355;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1355;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=new;SENDER=10.221.233.14;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "11/2/2020, 10:35:52.266 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1357;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1357;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=new;SENDER=10.221.233.14;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=November 2, 2020 3:35:36 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.233.14;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 10:32:37.996 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Adobe Reader;INCIDENT_ID=1162;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1162;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\DLP PoC2 Prints\\nino2.pdf ;FILE_NAME=nino2.pdf;MATCH_COUNT=3;PROTOCOL=Endpoint Printer/Fax;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 7, 2020 3:33:12 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/7/2020, 10:32:45.686 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "IRGT - Rights", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1164;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1164;ATTACHMENT_FILENAME=right to be informed.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 7, 2020 3:33:12 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:48:01.199 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1261;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1261;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:48:13 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:48:01.230 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1261;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1261;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:48:13 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:48:01.294 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1260;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1260;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:48:13 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:48:15.765 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1262;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1262;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:48:13 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:48:15.811 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1262;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1262;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:48:13 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 9:48:15.862 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1260;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1260;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CrpPbDzHzkjQDzjzhTBPXBtcXmJbGdQZHjNvJSXdplSDgPpntBBhZFgWZPtmKDJkMvlsvxPkzcPWmsKcVwCL;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 2:48:13 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 6:23:33.328 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - BAN001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1183;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1183;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\DLP_Excel_BAN-001a.xlsx ;FILE_NAME=DLP_Excel_BAN-001a.xlsx;MATCH_COUNT=498;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 16, 2020 11:23:11 AM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/22/2020, 8:49:32.217 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Legal & Property", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1248;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1248;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\DLP\\PoC1\\Legal & Property\\LAP01_02.docx ;FILE_NAME=LAP01_02.docx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 22, 2020 1:49:25 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/22/2020, 8:49:32.319 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1250;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1250;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=FW: Test File (PCI001);SEVERITY=4:Info;OCCURRED_ON=October 22, 2020 1:49:25 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/22/2020, 8:49:32.396 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Office Excel;INCIDENT_ID=1251;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1251;ATTACHMENT_FILENAME=N/A;FILE_NAME=PAN2.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Printer/Fax;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 22, 2020 1:49:24 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/22/2020, 8:49:50.464 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers (Unclassified) - PCI-001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1249;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1249;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=306;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=FW: Test File (PCI001);SEVERITY=1:High;OCCURRED_ON=October 22, 2020 1:49:25 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:18.802 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1264;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1264;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_WORD+DOB_2 count.docx ;FILE_NAME=DLP_WORD+DOB_2 count.docx;MATCH_COUNT=6;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 4:09:28 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:18.841 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1263;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1263;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_BAN count2.xlsx ;FILE_NAME=DLP_Excel_BAN count2.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:18.853 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1266;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1266;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_NINO count 1.xlsx ;FILE_NAME=DLP_Excel_NINO count 1.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:18.931 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1267;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1267;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_NINO count 2.xlsx ;FILE_NAME=DLP_Excel_NINO count 2.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:18.945 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1267;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1267;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_NINO count 2.xlsx ;FILE_NAME=DLP_Excel_NINO count 2.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:19.017 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1268;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1268;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=DLP_Excel_PCIMON- count 1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:19.055 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1270;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1270;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_WORD+DOB_1 count.docx ;FILE_NAME=DLP_WORD+DOB_1 count.docx;MATCH_COUNT=5;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:19.096 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1271;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1271;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:19.118 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1272;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1272;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:19.132 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1272;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1272;ATTACHMENT_FILENAME=DLP_Excel_BAN count2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:38.660 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1263;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1263;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_BAN count2.xlsx ;FILE_NAME=DLP_Excel_BAN count2.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:38.715 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1264;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1264;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_WORD+DOB_2 count.docx ;FILE_NAME=DLP_WORD+DOB_2 count.docx;MATCH_COUNT=6;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 4:09:28 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:38.841 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1266;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1266;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_NINO count 1.xlsx ;FILE_NAME=DLP_Excel_NINO count 1.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:40.389 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1265;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1265;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_BAN count1.xlsx ;FILE_NAME=DLP_Excel_BAN count1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:40.413 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1265;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1265;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_BAN count1.xlsx ;FILE_NAME=DLP_Excel_BAN count1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:40.571 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1268;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1268;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_PCIMON- count 1.xlsx ;FILE_NAME=DLP_Excel_PCIMON- count 1.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:40.936 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1270;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1270;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_WORD+DOB_1 count.docx ;FILE_NAME=DLP_WORD+DOB_1 count.docx;MATCH_COUNT=5;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:40.987 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1271;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1271;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.017 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1273;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1273;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.037 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1273;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1273;ATTACHMENT_FILENAME=DLP_Excel_NINO count 1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.177 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1274;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1274;ATTACHMENT_FILENAME=DLP_Excel_NINO count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.181 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1276;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1276;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.212 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1276;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1276;ATTACHMENT_FILENAME=DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.223 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1278;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1278;ATTACHMENT_FILENAME=DLP_WORD+DOB_1 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.253 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=1277;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1277;ATTACHMENT_FILENAME=DLP_WORD+DOB_2 count.docx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint HTTPS;RECIPIENTS=;https://mail.google.com/mail/u/0/#inbox?compose=CXlTgQlqhQCHCPtRmrcXGdjCntfBZDQdQvsKnljzRCRXkMFVwsvNFwRKrnRMshhKmtwVWlxCrtgbfdsMSqKDfgRhRJzPNQTPTpCVLNxBPpHRwgVKFsSpZhnQcFKxXrjBWBHzQHgCKjmrxhBbzTJzTQlTxQSrmjkGpQxZhpQcBFWT;SENDER=10.222.248.54;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:30 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/23/2020, 11:09:41.634 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1269;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1269;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\Test Data Files\\Monitoring Files\\DLP_Excel_PCIMON- count 2.xlsx ;FILE_NAME=DLP_Excel_PCIMON- count 2.xlsx;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 23, 2020 4:09:29 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/28/2020, 5:44:18.357 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "IRGT - Rights", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Google Chrome;INCIDENT_ID=1304;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1304;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=7;PROTOCOL=Endpoint HTTPS;RECIPIENTS=Unknown;SENDER=10.221.252.28;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 28, 2020 9:45:07 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.252.28;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/20/2020, 8:34:53.248 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1221;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1221;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Desktop\\DLP PoC2 Prints\\pan2.pdf ;FILE_NAME=pan2.pdf;MATCH_COUNT=2;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 20, 2020 1:34:40 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 9:52:24.556 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1310;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1310;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com,sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=RE: test email;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 1:52:18 PM;URL=N/A;DESTINATION_IP=null null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:39.521 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1313;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1313;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_BAN-001.xlsx ;FILE_NAME=DLP_Excel_BAN-001.xlsx;MATCH_COUNT=4;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:39.578 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1317;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1317;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_NINO-001.xlsx ;FILE_NAME=DLP_Excel_NINO-001.xlsx;MATCH_COUNT=3;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:39.584 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1315;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1315;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_DOB-001.xlsx ;FILE_NAME=DLP_Excel_DOB-001.xlsx;MATCH_COUNT=427;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/30/2020, 10:08:44.536 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "sampledevice.abc.abccompany.com", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) -NINO-001", "AdditionalExtensions": "BLOCKED=Action Blocked;APPLICATION_NAME=Explorer.EXE;INCIDENT_ID=1318;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1318;ATTACHMENT_FILENAME=C:\\Users\\dlp.test1\\OneDrive - ABC Company Inc.\\Documents\\DLP DATA\\DLP_Excel_NINO-001.xlsx ;FILE_NAME=DLP_Excel_NINO-001.xlsx;MATCH_COUNT=502;PROTOCOL=Endpoint Removable Storage Device;RECIPIENTS=N/A;SENDER=N/A;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:08:34 PM;URL=N/A;DESTINATION_IP=N/A;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=USBSTOR\\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\\60A44C3FAF75B251199809EF&0;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "8/25/2020, 9:42:49.658 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Test Policy", "AdditionalExtensions": "POLICY_RULE_VIOLATED=[UNKNOWN VARIABLE: POLICY_RULES];BLOCKED=None;APPLICATION_NAME=Microsoft Internet Explorer;INCIDENT_ID=681;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=681;ATTACHMENT_FILENAME=N/A ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint HTTPS;RECIPIENTS=https://www.dropbox.com/alternate_wtl;SENDER=10.221.240.118;SUBJECT=N/A;SEVERITY=1:High;OCCURRED_ON=[UNKNOWN VARIABLE: OCCURED_ON];URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.240.118;ENDPOINT_USER_NAME=[UNKNOWN VARIABLE: ENDPOINT_USER_NAME];SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:35:09.867 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Bank Account Numbers (Unclassified) - BAN001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1173;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1173;ATTACHMENT_FILENAME=DLP_Excel_BAN-001d.xlsx ;FILE_NAME=N/A;MATCH_COUNT=498;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (BAN001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:34:25 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:50:57.739 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Passport Numbers (Unclassified) - PAN-001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1175;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1175;ATTACHMENT_FILENAME=DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=413;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (PAN002);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:50:58.867 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1174;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1174;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (NINO001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:51:02.153 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth - Monitoring", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1180;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1180;ATTACHMENT_FILENAME=DLP_PDF_DOB-001.pdf ;FILE_NAME=N/A;MATCH_COUNT=504;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (DOB001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:51:04.256 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "National Insurance Numbers (Unclassified) -NINO-001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1176;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1176;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=502;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (NINO001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:51:09.627 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Payment Card Numbers - Monitoring Only", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1179;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1179;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (PCI001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" }, { "TenantId": "11111111-1111-1111-1111-111111111111", "SourceSystem": "OpsManager", "TimeGenerated [Eastern Time (US and Canada)]": "10/16/2020, 5:51:17.187 AM", "ReceiptTime": "", "DeviceVendor": "Symantec", "DeviceProduct": "DLP", "DeviceEventClassID": "ruleID", "LogSeverity": "3", "OriginalLogSeverity": "", "DeviceAction": "", "SimplifiedDeviceAction": "", "Computer": "", "CommunicationDirection": "", "DeviceFacility": "", "DestinationPort": "", "DeviceVersion": "15.5.0", "Activity": "Date of Birth (Unclassified) - DOB001", "AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1181;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1181;ATTACHMENT_FILENAME=DLP_PDF_DOB-001.pdf ;FILE_NAME=N/A;MATCH_COUNT=1003;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (DOB001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A", "Type": "CommonSecurityLog", "_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002" } ]