| \n", " | TimeGenerated | \n", "UserId | \n", "ClientIP | \n", "Operation | \n", "Parameters | \n", "
|---|---|---|---|---|---|
| 0 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\6490d00c-7ba1-42cf-a... | \n", "
| 1 | \n", "2020-04-18T04:50:31Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\ba36f0a4-6d73-4ba4-9... | \n", "
| 2 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\5fd0c4ff-1cd7-4bf6-8... | \n", "
| 3 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\b2915792-0396-4abe-9... | \n", "
| 4 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\83a057fb-dbca-4ba8-b... | \n", "
| \n", " | TimeGenerated | \n", "UserId | \n", "ClientIP | \n", "Operation | \n", "Parameters | \n", "cmd_param | \n", "cmd_param_val | \n", "
|---|---|---|---|---|---|---|---|
| 0 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\6490d00c-7ba1-42cf-a... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\6490d0... | \n", "
| 1 | \n", "2020-04-18T04:50:31Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\ba36f0a4-6d73-4ba4-9... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\ba36f0... | \n", "
| 2 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\5fd0c4ff-1cd7-4bf6-8... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\5fd0c4... | \n", "
| 3 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\b2915792-0396-4abe-9... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\b29157... | \n", "
| 4 | \n", "2020-04-18T04:50:30Z | \n", "NaN | \n", "NaN | \n", "Set-ConditionalAccessPolicy | \n", "[\\n {\\n \"Name\": \"Identity\",\\n \"Value\": \"seccxpninja.onmicrosoft.com\\\\83a057fb-dbca-4ba8-b... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString... | \n", "Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\83a057... | \n", "
| \n", " | UserId | \n", "ClientIP | \n", "TimeGenerated_min | \n", "TimeGenerated_max | \n", "Operation_list | \n", "duration | \n", "number_events | \n", "
|---|---|---|---|---|---|---|---|
| 0 | \n", "NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker) | \n", "NaN | \n", "2020-05-12 01:34:59+00:00 | \n", "2020-05-12 01:35:02+00:00 | \n", "[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond... | \n", "00:00:03 | \n", "13 | \n", "
| 1 | \n", "NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker) | \n", "NaN | \n", "2020-05-12 04:48:43+00:00 | \n", "2020-05-12 04:48:46+00:00 | \n", "[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond... | \n", "00:00:03 | \n", "13 | \n", "
| 2 | \n", "NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker) | \n", "NaN | \n", "2020-05-20 02:18:27+00:00 | \n", "2020-05-20 02:18:31+00:00 | \n", "[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond... | \n", "00:00:04 | \n", "14 | \n", "
| 3 | \n", "NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker) | \n", "NaN | \n", "2020-05-20 05:12:55+00:00 | \n", "2020-05-20 05:12:58+00:00 | \n", "[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond... | \n", "00:00:03 | \n", "14 | \n", "
| 4 | \n", "NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker) | \n", "NaN | \n", "2020-05-21 01:50:12+00:00 | \n", "2020-05-21 01:50:13+00:00 | \n", "[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond... | \n", "00:00:01 | \n", "14 | \n", "
| \n", " | UserId | \n", "ClientIP | \n", "TimeGenerated_min | \n", "TimeGenerated_max | \n", "Operation_list | \n", "duration | \n", "number_events | \n", "rarest_window3_likelihood | \n", "rarest_window3 | \n", "
|---|---|---|---|---|---|---|---|---|---|
| 157 | \n", "NaN | \n", "NaN | \n", "2020-03-26 22:40:30+00:00 | \n", "2020-03-26 22:40:33+00:00 | \n", "[New-Mailbox, Set-Mailbox] | \n", "00:00:03 | \n", "2 | \n", "0.000021 | \n", "[New-Mailbox, Set-Mailbox] | \n", "
| 216 | \n", "NaN | \n", "NaN | \n", "2020-04-17 21:00:31+00:00 | \n", "2020-04-17 21:00:31+00:00 | \n", "[New-App, New-App] | \n", "00:00:00 | \n", "2 | \n", "0.000028 | \n", "[New-App, New-App] | \n", "
| 261 | \n", "NaN | \n", "NaN | \n", "2020-05-06 01:49:17+00:00 | \n", "2020-05-06 01:50:56+00:00 | \n", "[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha... | \n", "00:01:39 | \n", "48 | \n", "0.000063 | \n", "[Set-ExchangeAssistanceConfig, Set-TransportConfig, Set-RecipientEnforcementProvisioningPolicy] | \n", "
| 247 | \n", "NaN | \n", "NaN | \n", "2020-05-02 11:31:53+00:00 | \n", "2020-05-02 11:33:14+00:00 | \n", "[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha... | \n", "00:01:21 | \n", "49 | \n", "0.000081 | \n", "[Set-ExchangeAssistanceConfig, Set-AdminAuditLogConfig, Set-TenantObjectVersion] | \n", "
| 224 | \n", "NaN | \n", "NaN | \n", "2020-04-23 21:42:48+00:00 | \n", "2020-04-23 21:44:45+00:00 | \n", "[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha... | \n", "00:01:57 | \n", "49 | \n", "0.000085 | \n", "[Set-OwaMailboxPolicy, Set-Mailbox, Add-MailboxPermission] | \n", "
\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"| \n", " | UserId | \n", "ClientIP | \n", "nCmds | \n", "nDistinctCmds | \n", "begin | \n", "end | \n", "duration | \n", "cmds | \n", "params | \n", "
|---|---|---|---|---|---|---|---|---|---|
| 0 | \n", "\n", " | \n", " | 2 | \n", "2 | \n", "2020-03-31 02:19:26+00:00 | \n", "2020-03-31 02:19:28+00:00 | \n", "00:00:02 | \n", "[Remove-MailboxLocation, Set-User] | \n", "[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c... | \n", "
| 1 | \n", "\n", " | \n", " | 1 | \n", "1 | \n", "2020-03-31 22:02:51+00:00 | \n", "2020-03-31 22:02:51+00:00 | \n", "00:00:00 | \n", "[Set-User] | \n", "[{'Set-User': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\\\a2409f54-2a3... | \n", "
| 2 | \n", "\n", " | \n", " | 2 | \n", "2 | \n", "2020-04-01 20:12:19+00:00 | \n", "2020-04-01 20:12:55+00:00 | \n", "00:00:36 | \n", "[Remove-MailboxLocation, Set-User] | \n", "[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c... | \n", "
| 3 | \n", "\n", " | \n", " | 3 | \n", "2 | \n", "2020-04-02 09:01:22+00:00 | \n", "2020-04-02 09:01:38+00:00 | \n", "00:00:16 | \n", "[Remove-MailboxLocation, Remove-MailboxLocation, Set-User] | \n", "[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c... | \n", "
| 4 | \n", "\n", " | \n", " | 1 | \n", "1 | \n", "2020-04-02 13:49:42+00:00 | \n", "2020-04-02 13:49:42+00:00 | \n", "00:00:00 | \n", "[Set-ConditionalAccessPolicy] | \n", "[{'Set-ConditionalAccessPolicy': [{'Name': 'Identity', 'Value': 'seccxpninja.onmicrosoft.com\\\\64... | \n", "
\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"| \n", " | UserId | \n", "ClientIP | \n", "nCmds | \n", "nDistinctCmds | \n", "begin | \n", "end | \n", "duration | \n", "role | \n", "UserAgent | \n", "cmds | \n", "params | \n", "
|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | \n", "AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1 | \n", "13.68.133.167 | \n", "15 | \n", "1 | \n", "2020-05-28 04:18:17+00:00 | \n", "2020-05-28 04:18:18+00:00 | \n", "00:00:01 | \n", "Ashwin-AzSentinel | \n", "aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS... | \n", "[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent... | \n", "[{'LookupEvents': {'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}... | \n", "
| 1 | \n", "AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1 | \n", "13.68.133.167 | \n", "14 | \n", "1 | \n", "2020-05-28 04:23:23+00:00 | \n", "2020-05-28 04:23:23+00:00 | \n", "00:00:00 | \n", "Ashwin-AzSentinel | \n", "aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS... | \n", "[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent... | \n", "[{'LookupEvents': {'startTime': 'May 28, 2020 4:02:26 AM', 'endTime': 'May 28, 2020 4:07:26 AM'}... | \n", "
| 2 | \n", "AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1 | \n", "40.87.53.92 | \n", "14 | \n", "1 | \n", "2020-05-28 04:13:08+00:00 | \n", "2020-05-28 04:13:09+00:00 | \n", "00:00:01 | \n", "Ashwin-AzSentinel | \n", "aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS... | \n", "[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent... | \n", "[{'LookupEvents': {'startTime': 'May 28, 2020 3:52:26 AM', 'endTime': 'May 28, 2020 3:57:26 AM'}... | \n", "
| 3 | \n", "AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1 | \n", "40.87.53.92 | \n", "16 | \n", "1 | \n", "2020-05-28 04:42:30+00:00 | \n", "2020-05-28 04:42:30+00:00 | \n", "00:00:00 | \n", "Ashwin-AzSentinel | \n", "aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS... | \n", "[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent... | \n", "[{'LookupEvents': {'startTime': 'May 28, 2020 4:22:26 AM', 'endTime': 'May 28, 2020 4:27:26 AM'}... | \n", "
| 4 | \n", "AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1 | \n", "52.170.0.208 | \n", "16 | \n", "1 | \n", "2020-05-28 04:02:45+00:00 | \n", "2020-05-28 04:02:45+00:00 | \n", "00:00:00 | \n", "Ashwin-AzSentinel | \n", "aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS... | \n", "[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent... | \n", "[{'LookupEvents': {'startTime': 'May 28, 2020 3:42:26 AM', 'endTime': 'May 28, 2020 3:47:26 AM'}... | \n", "
\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"| \n", " | UserId | \n", "Computer | \n", "nExecutables | \n", "nDistinctExecutables | \n", "begin | \n", "end | \n", "duration | \n", "executables | \n", "params | \n", "
|---|---|---|---|---|---|---|---|---|---|
| 0 | \n", "AAD_c47380e4e88e--CONTOSO | \n", "ContosoDc.Contoso.Azure | \n", "1 | \n", "1 | \n", "2020-05-21 18:32:45.557000+00:00 | \n", "2020-05-21 18:32:45.557000+00:00 | \n", "0 days | \n", "[miiserver] | \n", "[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',... | \n", "
| 1 | \n", "AAD_c47380e4e88e--CONTOSO | \n", "ContosoDc.Contoso.Azure | \n", "1 | \n", "1 | \n", "2020-05-21 19:32:45.731000+00:00 | \n", "2020-05-21 19:32:45.731000+00:00 | \n", "0 days | \n", "[miiserver] | \n", "[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',... | \n", "
| 2 | \n", "AAD_c47380e4e88e--CONTOSO | \n", "ContosoDc.Contoso.Azure | \n", "1 | \n", "1 | \n", "2020-05-21 20:32:45.911000+00:00 | \n", "2020-05-21 20:32:45.911000+00:00 | \n", "0 days | \n", "[miiserver] | \n", "[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',... | \n", "
| 3 | \n", "AAD_c47380e4e88e--CONTOSO | \n", "ContosoDc.Contoso.Azure | \n", "1 | \n", "1 | \n", "2020-05-21 21:32:46.104000+00:00 | \n", "2020-05-21 21:32:46.104000+00:00 | \n", "0 days | \n", "[miiserver] | \n", "[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',... | \n", "
| 4 | \n", "AAD_c47380e4e88e--CONTOSO | \n", "ContosoDc.Contoso.Azure | \n", "1 | \n", "1 | \n", "2020-05-21 22:32:46.271000+00:00 | \n", "2020-05-21 22:32:46.271000+00:00 | \n", "0 days | \n", "[miiserver] | \n", "[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',... | \n", "
\\n\"+\n", " \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n", " \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n", " \"
\\n\"+\n", " \"\\n\"+\n",
" \"from bokeh.resources import INLINE\\n\"+\n",
" \"output_notebook(resources=INLINE)\\n\"+\n",
" \"\\n\"+\n",
" \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"