AlienVault USM Anywhere
This Integration is part of the AlienVault USM Anywhere Pack.#
Search and monitor alarms and events from AlienVault USM Anywhere.
Use Cases
- Fetch new AlienVault alarms as Cortex XSOAR incidents.
- Search AlienVault alarms.
- Search AlienVault events.
- Retrieve events related to an AlienVault alarms.
- Navigate to Settings > Integrations > Servers & Services .
- Search for AlienVault USM Anywhere.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Server URL (e.g., https://www.example.com )
- Client ID
- Client Secret
- Trust any certificate (insecure)
- Use system proxy
- Fetch incidents
- Incident type
- Fetch limit
- Time format
- First fetch timestamp (
- Click Test to validate the URLs, token, and connection.
Fetched Incidents Data
{
"uuid": "9f4aa992-cc85-394a-57a2-cc3a755320a8",
"has_alarm": false,
"needs_enrichment": true,
"packet_data": [
"a415b77a-a80f-c098-5643-733a9e31f62f"
],
"priority": 20,
"suppressed": false,
"events": [
{
"_links": {
"self": {
"href": "https://paloalto-networks.alienvault.cloud/api/2.0/events/{eventId}",
"templated": true
}
},
"timeStamp": 1558311648948,
"enriched": true,
"message": {
"packet_type": "log",
"source_country": "US",
"source_port": 47301,
"source_organisation": "Digital Ocean",
"event_type": "alert",
"time_zone": "+0000",
"was_guessed": false,
"rep_device_address": "127.0.0.1",
"needs_enrichment": true,
"sensor_uuid": "dfd08cb3-5454-1c99-4f37-770935e0a941",
"event_category": "Recon",
"source_registered_country": "US",
"timestamp_received_iso8601": "2019-05-20T00:20:48.920Z",
"access_control_outcome": "Allow",
"destination_name": "192.168.1.77",
"log": "",
"source_longitude": "-74.1403",
"destination_address": "192.168.1.77",
"bytes_out": 0,
"event_severity": "2",
"source_blacklist_priority": "2",
"source_city": "Clifton",
"timestamp_occured_iso8601": "2019-05-20T00:20:48.912Z",
"was_fuzzied": false,
"source_blacklist_reliability": "4",
"source_name": "159.203.169.16",
"source_address": "159.203.169.16",
"bytes_in": 60,
"timestamp_occured": "1558311648912",
"plugin_device": "AlienVault NIDS",
"transport_protocol": "TCP",
"malware_family": "nmap",
"suppressed": "false",
"event_name": "ET SCAN NMAP -sS window 1024",
"packets_sent": 0,
"plugin_version": "0.11",
"received_from": "USMA-Sensor",
"plugin": "AlienVault NIDS",
"plugin_device_type": "Intrusion Detection",
"destination_canonical": "ab6cde77-8082-df02-a087-a0bdd08fff38",
"timestamp_received": "1558311648920",
"plugin_enrichment_script": "dns.lua",
"used_hint": true,
"event_subcategory": "Scanner",
"destination_port": 80,
"source_region": "NJ",
"source_blacklist_activity": "Malicious Host",
"uuid": "a415b77a-a70f-cf98-5643-733a9e31f62f",
"has_alarm": "false",
"source_latitude": "40.8364",
"tag": "lt-suricata",
"device_direction": "inbound",
"device_event_category": "Attempted Information Leak",
"highlight_fields": [
"event_category",
"event_subcategory",
"event_activity",
"http_hostname",
"malware_family",
"event_cve",
"rep_device_rule_id",
"transport_protocol",
"request_url",
"file_name",
"dns_rrname",
"file_hash",
"tls_subject",
"ssh_server_version",
"request_user_agent",
"affected_platform",
"tls_sni",
"tls_fingerprint",
"packets_received",
"packets_sent",
"bytes_in",
"bytes_out"
],
"rep_dev_canonical": "127.0.0.1",
"rep_device_rule_id": "2009582",
"source_canonical": "159.203.169.16",
"destination_asset_id": "ab6cde77-8082-df02-a087-a0bdd08fff38",
"destination_fqdn": "192.168.1.77",
"packets_received": 1,
"transient": false,
"destination_port_label": "HTTP"
}
}
],
"_links": {
"self": {
"href": "https://paloalto-networks.alienvault.cloud/api/2.0/alarms/9f4aa992-cc85-394a-57a2-cc3a755320a8"
}
},
"rule_intent": "Reconnaissance & Probing",
"alarm_events_count": 1,
"alarm_source_countries": [
"US"
],
"alarm_sensor_sources": [
"dfd08cb3-5454-1c99-4f37-770935e0a941"
],
"destination_name": "192.168.1.77",
"rule_dictionary": "SuricataScanRules-Dict",
"timestamp_occured": "1558311648912",
"source_organisation": "Digital Ocean",
"alarm_source_cities": [
"Clifton"
],
"event_type": "Alarm",
"rule_method": "Nmap",
"priority_label": "low",
"rule_attack_tactic": [
"Discovery"
],
"source_name": "159.203.169.16",
"timestamp_received": "1558311648971",
"destination_canonical": "ab6cde77-8082-df02-a087-a0bdd08fff38",
"rule_strategy": "Portscan",
"timestamp_received_iso8601": "2019-05-20T00:20:48.971Z",
"alarm_destination_assset_ids": [
"ab6cde77-8082-df02-a087-a0bdd08fff38"
],
"alarm_destinations": [
"ab6cde77-8082-df02-a087-a0bdd08fff38"
],
"alarm_sources": [
"159.203.169.16"
],
"rule_attack_id": "T1046",
"highlight_fields": [
"source_canonical",
" destination_canonical",
" malware_family",
"rule_attack_id",
"rule_attack_tactic",
"rule_attack_technique"
],
"alarm_source_names": [
"159.203.169.16"
],
"destination_asset_id": "ab6cde77-8082-df02-a087-a0bdd08fff38",
"alarm_source_longitudes": [
"-74.1403"
],
"rule_id": "Nmap",
"alarm_source_organisations": [
"Digital Ocean"
],
"alarm_source_latitudes": [
"40.8364"
],
"sensor_uuid": "25032f5b-3707-442a-8d8d-7c4ff8965b14",
"timestamp_occured_iso8601": "2019-05-20T00:20:48.912Z",
"alarm_destination_names": [
"192.168.1.77"
],
"transient": false,
"alarm_source_blacklist_activity": [
"Malicious Host"
],
"rule_attack_technique": "Network Service Scanning",
"source_canonical": "159.203.169.16",
"packet_type": "alarm"
}
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Get alarms: alienvault-search-alarms
- Get alarm details: alienvault-get-alarm
- Search for events: alienvault-search-events
- Get alarm events: alienvault-get-events-by-alarm
1. Get alarms
Retrieves alarms from AlienVault.
Base Command
alienvault-search-alarms
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | Maximum number of alarms to return. | Optional |
| status | Filter by alarm status. | Optional |
| priority | Filter by alarm priority. | Optional |
| show_suppressed | Whether to include suppressed alarms in the search. | Optional |
| time_frame | Filter by time frame, for example: Last 48 Hours. | Optional |
| start_time | If time_frame is Custom, specify the start time for the time range, for example: 2017-06-01T12:48:16Z. | Optional |
| end_time | If time_frame is Custom, specify the end time for the time range, for example: 2017-06-01T12:48:16Z. | Optional |
| rule_intent | Filter alarms by rule intention. | Optional |
| rule_method | Filter alarms by rule method. | Optional |
| rule_strategy | Filter alarms by rule strategy | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| AlienVault.Alarm.ID | String | Alarm ID. |
| AlienVault.Alarm.Priority | String | Alarm priority. |
| AlienVault.Alarm.OccurredTime | Date | Time the alarm occurred. |
| AlienVault.Alarm.ReceivedTime | Date | Time the alarm was received. |
| AlienVault.Alarm.Source | Unknown | Alarm source object. |
| AlienVault.Alarm.Source.IPAddress | String | Alarm Source IP Address. |
| AlienVault.Alarm.Source.Organization | String | Source organization. |
| AlienVault.Alarm.Source.Country | String | Source country. |
| AlienVault.Alarm.Destination | Unknown | Alarm destination object. |
| AlienVault.Alarm.Destination.IPAddress | String | Alarm destination IP Address. |
| AlienVault.Alarm.RuleAttackID | String | Rule attack ID. |
| AlienVault.Alarm.RuleStrategy | String | Rule strategy. |
| AlienVault.Alarm.RuleIntent | String | Rule intent. |
| AlienVault.Alarm.RuleID | String | Rule ID. |
| AlienVault.Alarm.RuleDictionary | String | Rule dictionary. |
| AlienVault.Alarm.RuleMethod | String | Rule method. |
| AlienVault.Alarm.RuleAttackTactic | Unknown | Rule attack tactic. |
| AlienVault.Alarm.RuleAttackTechnique | String | Rule attack technique. |
Command Example
!alienvault-search-alarms limit=2 time_frame="Last 7 Days" rule_method=Nmap
Context Example
{
"AlienVault.Alarm": [
{
"Source": {
"Country": [
"RU"
],
"IPAddress": [
"185.176.27.118"
],
"Organization": [
"IP Khnykin Vitaliy Yakovlevich"
]
},
"RuleMethod": "Nmap",
"OccurredTime": "2019-05-21T10:11:39.226Z",
"RuleID": "Nmap",
"RuleDictionary": "SuricataScanRules-Dict",
"ReceivedTime": "2019-05-21T10:11:39.288Z",
"Destination": {
"IPAddress": [
"192.168.1.201"
]
},
"RuleAttackTactic": [
"Discovery"
],
"ID": "62c61fd9-cb74-2ca3-fe53-f7e43489c807",
"Priority": "low",
"RuleAttackID": "T1046",
"RuleStrategy": "Portscan",
"RuleAttackTechnique": "Network Service Scanning",
"Event": [
{
"ReceivedTime": "2019-05-21T10:11:39.228Z",
"ID": "7c076810-22dd-47f1-b745-f4b559fa26df",
"OccurredTime": "2019-05-21T10:11:39.226Z"
}
],
"RuleIntent": "Reconnaissance & Probing"
},
{
"Source": {
"Country": [
"RU"
],
"IPAddress": [
"92.119.160.40"
],
"Organization": [
"SingleHost"
]
},
"RuleMethod": "Nmap",
"OccurredTime": "2019-05-21T09:53:07.962Z",
"RuleID": "Nmap",
"RuleDictionary": "SuricataScanRules-Dict",
"ReceivedTime": "2019-05-21T09:53:08.044Z",
"Destination": {
"IPAddress": [
"192.168.1.31"
]
},
"RuleAttackTactic": [
"Discovery"
],
"ID": "45ccbeb3-b69f-9bee-7427-a3e0cfd4666b",
"Priority": "low",
"RuleAttackID": "T1046",
"RuleStrategy": "Portscan",
"RuleAttackTechnique": "Network Service Scanning",
"Event": [
{
"ReceivedTime": "2019-05-27T09:34:45.224Z",
"ID": "009e8bab-34e4-2882-c1a8-7349e9ecff88",
"OccurredTime": "2019-05-27T09:34:45.220Z"
}
],
"RuleIntent": "Reconnaissance & Probing"
}
]
}
Human Readable Output
Alarms:
| ID | Priority | OccurredTime | ReceivedTime | RuleAttackID | RuleAttackTactic | RuleAttackTechnique | RuleDictionary | RuleID | RuleIntent | RuleMethod | RuleStrategy | Source | Destination | Event |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 62c61fd9-cb74-2ca3-fe53-f7e43489c807 | low | 2019-05-21T10:11:39.226Z | 2019-05-21T10:11:39.288Z | T1046 | Discovery | Network Service Scanning | SuricataScanRules-Dict | Nmap | Reconnaissance & Probing | Nmap | Portscan |
IPAddress: 185.176.27.118
Organization: IP Khnykin Vitaliy Yakovlevich Country: RU |
IPAddress: 192.168.1.201 | {‘ID’: ‘7c076810-22dd-47f1-b745-f4b559fa26df’, ‘OccurredTime’: ‘2019-05-21T10:11:39.226Z’, ‘ReceivedTime’: ‘2019-05-21T10:11:39.228Z’} |
| 45ccbeb3-b69f-9bee-7427-a3e0cfd4666b | low | 2019-05-21T09:53:07.962Z | 2019-05-21T09:53:08.044Z | T1046 | Discovery | Network Service Scanning | SuricataScanRules-Dict | Nmap | Reconnaissance & Probing | Nmap | Portscan |
IPAddress: 92.119.160.40
Organization: OOO Network of data-centers Selectel Country: RU |
IPAddress: 192.168.1.31 | {‘ID’: ‘41ee3f2d-ad61-0130-52b7-ebf31bdb79a2’, ‘OccurredTime’: ‘2019-05-21T09:53:07.962Z’, ‘ReceivedTime’: ‘2019-05-21T09:53:07.968Z’} |
2. Get alarm details
Retrieves details for an alarm, using alarm_id.
Base Command
alienvault-get-alarm
Input
| Argument Name | Description | Required |
|---|---|---|
| alarm_id |
Alarm ID. Can be obtained by running the
alienvault-search-alarms
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| AlienVault.Alarm.ID | String | Alarm ID. |
| AlienVault.Alarm.Priority | String | Alarm priority. |
| AlienVault.Alarm.OccurredTime | Date | Time the alarm occurred. |
| AlienVault.Alarm.ReceivedTime | Date | Time the alarm was received. |
| AlienVault.Alarm.Source | Unknown | Alarm source object. |
| AlienVault.Alarm.Source.IPAddress | String | Alarm source IP address. |
| AlienVault.Alarm.Source.Organization | String | Source organization. |
| AlienVault.Alarm.Source.Country | String | Source country. |
| AlienVault.Alarm.Destination | Unknown | Alarm destination object. |
| AlienVault.Alarm.Destination.IPAddress | String | Alarm destination IP address. |
| AlienVault.Alarm.RuleAttackID | String | Rule attack ID. |
| AlienVault.Alarm.RuleStrategy | String | Rule strategy. |
| AlienVault.Alarm.RuleIntent | String | Rule intent. |
| AlienVault.Alarm.RuleID | String | Rule ID. |
| AlienVault.Alarm.RuleDictionary | String | Rule dictionary. |
| AlienVault.Alarm.RuleMethod | String | Rule method. |
| AlienVault.Alarm.RuleAttackTactic | Unknown | Rule attack tactic. |
| AlienVault.Alarm.RuleAttackTechnique | String | Rule attack technique. |
Command Example
!alienvault-get-alarm alarm_id=3194f0f5-0350-7a09-87b2-8fb20b963ed8
Context Example
{
"AlienVault.Alarm": [
{
"Source": {
"Country": [
"PL"
],
"IPAddress": [
"85.93.20.34"
],
"Organization": [
"GHOSTnet GmbH"
]
},
"RuleMethod": "Microsoft Remote Desktop",
"OccurredTime": "2019-05-15T12:42:10.743Z",
"RuleID": "RDP",
"RuleDictionary": "SuricataBruteforceRules-Dict",
"ReceivedTime": "2019-05-15T12:42:20.815Z",
"Destination": {
"IPAddress": [
"192.168.1.8"
]
},
"RuleAttackTactic": [
"Credential Access"
],
"ID": "3194f0f5-0350-7a09-87b2-8fb20b963ed8",
"Priority": "medium",
"RuleAttackID": "T1110",
"RuleStrategy": "Brute Force Authentication",
"RuleAttackTechnique": "Brute Force",
"Event": [
{
"ReceivedTime": "2019-05-15T12:40:46.076Z",
"ID": "b36a0259-6203-ecfc-5023-aa198c1e4329",
"OccurredTime": "2019-05-15T12:40:46.071Z"
},
{
"ReceivedTime": "2019-05-15T12:40:48.745Z",
"ID": "eab1d04d-4251-44a4-6cf8-0b1ad7f23c36",
"OccurredTime": "2019-05-15T12:40:48.740Z"
},
{
"ReceivedTime": "2019-05-15T12:40:51.048Z",
"ID": "1a0f4f1a-c855-2808-f758-127e5578bda9",
"OccurredTime": "2019-05-15T12:40:51.041Z"
},
{
"ReceivedTime": "2019-05-15T12:40:51.049Z",
"ID": "4c6d5d9d-a5f8-2d24-0176-060f4139e5a0",
"OccurredTime": "2019-05-15T12:40:51.041Z"
},
{
"ReceivedTime": "2019-05-15T12:40:55.940Z",
"ID": "a14ef1a1-2617-3b85-02dc-8c5531b96e5f",
"OccurredTime": "2019-05-15T12:40:55.936Z"
},
{
"ReceivedTime": "2019-05-15T12:40:55.943Z",
"ID": "36233284-0aea-14cf-a90f-91f8c3952056",
"OccurredTime": "2019-05-15T12:40:55.936Z"
},
{
"ReceivedTime": "2019-05-15T12:40:55.947Z",
"ID": "551c58fd-0f22-e3a8-5478-056444759f5d",
"OccurredTime": "2019-05-15T12:40:55.936Z"
},
{
"ReceivedTime": "2019-05-15T12:41:03.414Z",
"ID": "9c019302-7f60-3c33-f725-dd12c9bdb97a",
"OccurredTime": "2019-05-15T12:41:03.405Z"
},
{
"ReceivedTime": "2019-05-15T12:41:10.809Z",
"ID": "7f7011b9-b57e-c46e-3e95-5e86e51832e0",
"OccurredTime": "2019-05-15T12:41:10.803Z"
},
{
"ReceivedTime": "2019-05-15T12:41:10.814Z",
"ID": "6dddab25-f3e2-c293-afd4-84081e5a41ff",
"OccurredTime": "2019-05-15T12:41:10.803Z"
},
{
"ReceivedTime": "2019-05-15T12:41:10.815Z",
"ID": "211627df-ec2e-52c4-ff76-dc103951d340",
"OccurredTime": "2019-05-15T12:41:10.803Z"
},
{
"ReceivedTime": "2019-05-15T12:41:10.815Z",
"ID": "52bf99f5-1f79-e04e-9fad-1b423a644e89",
"OccurredTime": "2019-05-15T12:41:10.803Z"
},
{
"ReceivedTime": "2019-05-15T12:41:18.014Z",
"ID": "6553b62f-d1db-2318-7e9d-4ae5f0de5d41",
"OccurredTime": "2019-05-15T12:41:18.007Z"
},
{
"ReceivedTime": "2019-05-15T12:41:24.554Z",
"ID": "1e635a85-d8a5-66cc-abf4-9067db82955a",
"OccurredTime": "2019-05-15T12:41:20.525Z"
},
{
"ReceivedTime": "2019-05-15T12:41:31.840Z",
"ID": "124314f7-bcb2-c706-ada3-50a57ef2d8b3",
"OccurredTime": "2019-05-15T12:41:31.837Z"
},
{
"ReceivedTime": "2019-05-15T12:41:31.845Z",
"ID": "35cafad8-2e36-9bef-45ce-d37f919bb3ac",
"OccurredTime": "2019-05-15T12:41:31.837Z"
},
{
"ReceivedTime": "2019-05-15T12:41:37.224Z",
"ID": "ea2b003a-44b7-4b17-9438-993a0a5fe7c5",
"OccurredTime": "2019-05-15T12:41:37.221Z"
},
{
"ReceivedTime": "2019-05-15T12:41:41.945Z",
"ID": "318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402",
"OccurredTime": "2019-05-15T12:41:41.942Z"
},
{
"ReceivedTime": "2019-05-15T12:41:50.283Z",
"ID": "22a04ec4-cbbd-49c2-dcee-4329e97dbcd3",
"OccurredTime": "2019-05-15T12:41:46.766Z"
},
{
"ReceivedTime": "2019-05-15T12:41:52.654Z",
"ID": "d2d62bbd-5db2-823c-28a1-a1acf21af7fc",
"OccurredTime": "2019-05-15T12:41:46.766Z"
},
{
"ReceivedTime": "2019-05-15T12:41:54.125Z",
"ID": "6042e4a2-4982-7016-bbd3-5506030d2dc4",
"OccurredTime": "2019-05-15T12:41:46.766Z"
},
{
"ReceivedTime": "2019-05-15T12:42:06.010Z",
"ID": "b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f",
"OccurredTime": "2019-05-15T12:42:06.005Z"
},
{
"ReceivedTime": "2019-05-15T12:40:46.079Z",
"ID": "720d9a9d-92cc-45b1-bbb3-604fb053282b",
"OccurredTime": "2019-05-15T12:40:46.071Z"
},
{
"ReceivedTime": "2019-05-15T12:40:46.080Z",
"ID": "79549d86-40df-0032-e3cf-cf6d1cd86ecf",
"OccurredTime": "2019-05-15T12:40:46.071Z"
},
{
"ReceivedTime": "2019-05-15T12:40:46.081Z",
"ID": "220a996a-a64c-a7ea-14b6-3aca57681722",
"OccurredTime": "2019-05-15T12:40:46.071Z"
},
{
"ReceivedTime": "2019-05-15T12:40:53.608Z",
"ID": "bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795",
"OccurredTime": "2019-05-15T12:40:53.604Z"
},
{
"ReceivedTime": "2019-05-15T12:40:55.945Z",
"ID": "a21fd0a8-b2ae-fbae-ef22-f23d30a30099",
"OccurredTime": "2019-05-15T12:40:55.936Z"
},
{
"ReceivedTime": "2019-05-15T12:41:03.409Z",
"ID": "249827bf-e31d-79d7-8725-cee8ffc7037f",
"OccurredTime": "2019-05-15T12:41:03.405Z"
},
{
"ReceivedTime": "2019-05-15T12:41:03.413Z",
"ID": "ed0c4580-69a6-d462-2205-d06fc436ecde",
"OccurredTime": "2019-05-15T12:41:03.405Z"
},
{
"ReceivedTime": "2019-05-15T12:41:13.246Z",
"ID": "7a3ceb92-9ea7-2387-39b8-deddfd1000ec",
"OccurredTime": "2019-05-15T12:41:13.242Z"
},
{
"ReceivedTime": "2019-05-15T12:41:18.013Z",
"ID": "42b0c4dc-c260-0cfd-6b44-e99716f8a736",
"OccurredTime": "2019-05-15T12:41:18.007Z"
},
{
"ReceivedTime": "2019-05-15T12:41:18.016Z",
"ID": "69be0a19-9b9b-f226-02fd-cb694bb24197",
"OccurredTime": "2019-05-15T12:41:18.007Z"
},
{
"ReceivedTime": "2019-05-15T12:41:26.070Z",
"ID": "47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a",
"OccurredTime": "2019-05-15T12:41:22.874Z"
},
{
"ReceivedTime": "2019-05-15T12:41:31.848Z",
"ID": "be9f159f-1225-3461-d863-c55d46517b81",
"OccurredTime": "2019-05-15T12:41:31.837Z"
},
{
"ReceivedTime": "2019-05-15T12:41:34.821Z",
"ID": "8a6639c8-db0e-3077-aa0d-764c83726590",
"OccurredTime": "2019-05-15T12:41:34.816Z"
},
{
"ReceivedTime": "2019-05-15T12:41:56.364Z",
"ID": "f65faf00-d0d8-6059-7784-20407a8a1231",
"OccurredTime": "2019-05-15T12:41:56.359Z"
},
{
"ReceivedTime": "2019-05-15T12:42:06.013Z",
"ID": "21684ce5-55dd-8017-71b5-46369ae14e17",
"OccurredTime": "2019-05-15T12:42:06.005Z"
},
{
"ReceivedTime": "2019-05-15T12:42:10.744Z",
"ID": "b56d2afd-a5e3-aab8-5509-0a9dcabdedb0",
"OccurredTime": "2019-05-15T12:42:10.743Z"
},
{
"ReceivedTime": "2019-05-15T12:40:51.046Z",
"ID": "2ce1d100-de85-1ef0-0673-8bfae574c1ce",
"OccurredTime": "2019-05-15T12:40:51.041Z"
},
{
"ReceivedTime": "2019-05-15T12:40:51.044Z",
"ID": "09550d30-e275-6bfe-fdf3-1d01b43ba6ef",
"OccurredTime": "2019-05-15T12:40:51.041Z"
},
{
"ReceivedTime": "2019-05-15T12:41:03.410Z",
"ID": "15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40",
"OccurredTime": "2019-05-15T12:41:03.405Z"
},
{
"ReceivedTime": "2019-05-15T12:41:08.100Z",
"ID": "d9736b73-d8ad-6c39-1df5-49a2f3784337",
"OccurredTime": "2019-05-15T12:41:08.098Z"
},
{
"ReceivedTime": "2019-05-15T12:41:18.012Z",
"ID": "93e98ec6-d6b6-cca9-255e-2944ce5fad4c",
"OccurredTime": "2019-05-15T12:41:18.007Z"
},
{
"ReceivedTime": "2019-05-15T12:41:31.843Z",
"ID": "6b526907-c9d6-eabe-f2d5-9eb783b28715",
"OccurredTime": "2019-05-15T12:41:31.837Z"
},
{
"ReceivedTime": "2019-05-15T12:41:50.287Z",
"ID": "b5312239-5c45-d036-66fc-1c1fbb3d7260",
"OccurredTime": "2019-05-15T12:41:49.216Z"
},
{
"ReceivedTime": "2019-05-15T12:41:51.693Z",
"ID": "1cfb337f-9725-7c44-34dc-4f18172c3f6c",
"OccurredTime": "2019-05-15T12:41:51.690Z"
},
{
"ReceivedTime": "2019-05-15T12:41:54.807Z",
"ID": "c2ef5423-76b1-a0a0-0a0b-b4443507d4a5",
"OccurredTime": "2019-05-15T12:41:46.766Z"
},
{
"ReceivedTime": "2019-05-15T12:41:54.808Z",
"ID": "463049df-c917-821a-9d43-d1d813394eac",
"OccurredTime": "2019-05-15T12:41:51.690Z"
},
{
"ReceivedTime": "2019-05-15T12:42:06.010Z",
"ID": "94d8203b-6db5-702c-3e7f-d2601f888ea3",
"OccurredTime": "2019-05-15T12:42:06.005Z"
},
{
"ReceivedTime": "2019-05-15T12:42:06.011Z",
"ID": "8868f432-89b1-2740-3007-7dadc57700e4",
"OccurredTime": "2019-05-15T12:42:06.005Z"
}
],
"RuleIntent": "Delivery & Attack"
}
]
}
Human Readable Output
Alarm 3194f0f5-0350-7a09-87b2-8fb20b963ed8
| ID | Priority | OccurredTime | ReceivedTime | RuleAttackID | RuleAttackTactic | RuleAttackTechnique | RuleDictionary | RuleID | RuleIntent | RuleMethod | RuleStrategy | Source | Destination | Event |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 3194f0f5-0350-7a09-87b2-8fb20b963ed8 | medium | 2019-05-15T12:42:10.743Z | 2019-05-15T12:42:20.815Z | T1110 | Credential Access | Brute Force | SuricataBruteforceRules-Dict | RDP | Delivery & Attack | Microsoft Remote Desktop | Brute Force Authentication |
IPAddress: 85.93.20.34
Organization: GHOSTnet GmbH Country: PL |
IPAddress: 192.168.1.8 |
{‘ID’: ‘b36a0259-6203-ecfc-5023-aa198c1e4329’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.076Z’},
{‘ID’: ‘eab1d04d-4251-44a4-6cf8-0b1ad7f23c36’, ‘OccurredTime’: ‘2019-05-15T12:40:48.740Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:48.745Z’}, {‘ID’: ‘1a0f4f1a-c855-2808-f758-127e5578bda9’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.048Z’}, {‘ID’: ‘4c6d5d9d-a5f8-2d24-0176-060f4139e5a0’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.049Z’}, {‘ID’: ‘a14ef1a1-2617-3b85-02dc-8c5531b96e5f’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.940Z’}, {‘ID’: ‘36233284-0aea-14cf-a90f-91f8c3952056’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.943Z’}, {‘ID’: ‘551c58fd-0f22-e3a8-5478-056444759f5d’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.947Z’}, {‘ID’: ‘9c019302-7f60-3c33-f725-dd12c9bdb97a’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.414Z’}, {‘ID’: ‘7f7011b9-b57e-c46e-3e95-5e86e51832e0’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.809Z’}, {‘ID’: ‘6dddab25-f3e2-c293-afd4-84081e5a41ff’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.814Z’}, {‘ID’: ‘211627df-ec2e-52c4-ff76-dc103951d340’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.815Z’}, {‘ID’: ‘52bf99f5-1f79-e04e-9fad-1b423a644e89’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.815Z’}, {‘ID’: ‘6553b62f-d1db-2318-7e9d-4ae5f0de5d41’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.014Z’}, {‘ID’: ‘1e635a85-d8a5-66cc-abf4-9067db82955a’, ‘OccurredTime’: ‘2019-05-15T12:41:20.525Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:24.554Z’}, {‘ID’: ‘124314f7-bcb2-c706-ada3-50a57ef2d8b3’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.840Z’}, {‘ID’: ‘35cafad8-2e36-9bef-45ce-d37f919bb3ac’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.845Z’}, {‘ID’: ‘ea2b003a-44b7-4b17-9438-993a0a5fe7c5’, ‘OccurredTime’: ‘2019-05-15T12:41:37.221Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:37.224Z’}, {‘ID’: ‘318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402’, ‘OccurredTime’: ‘2019-05-15T12:41:41.942Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:41.945Z’}, {‘ID’: ‘22a04ec4-cbbd-49c2-dcee-4329e97dbcd3’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:50.283Z’}, {‘ID’: ‘d2d62bbd-5db2-823c-28a1-a1acf21af7fc’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:52.654Z’}, {‘ID’: ‘6042e4a2-4982-7016-bbd3-5506030d2dc4’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:54.125Z’}, {‘ID’: ‘b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.010Z’}, {‘ID’: ‘720d9a9d-92cc-45b1-bbb3-604fb053282b’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.079Z’}, {‘ID’: ‘79549d86-40df-0032-e3cf-cf6d1cd86ecf’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.080Z’}, {‘ID’: ‘220a996a-a64c-a7ea-14b6-3aca57681722’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.081Z’}, {‘ID’: ‘bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795’, ‘OccurredTime’: ‘2019-05-15T12:40:53.604Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:53.608Z’}, {‘ID’: ‘a21fd0a8-b2ae-fbae-ef22-f23d30a30099’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.945Z’}, {‘ID’: ‘249827bf-e31d-79d7-8725-cee8ffc7037f’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.409Z’}, {‘ID’: ‘ed0c4580-69a6-d462-2205-d06fc436ecde’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.413Z’}, {‘ID’: ‘7a3ceb92-9ea7-2387-39b8-deddfd1000ec’, ‘OccurredTime’: ‘2019-05-15T12:41:13.242Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:13.246Z’}, {‘ID’: ‘42b0c4dc-c260-0cfd-6b44-e99716f8a736’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.013Z’}, {‘ID’: ‘69be0a19-9b9b-f226-02fd-cb694bb24197’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.016Z’}, {‘ID’: ‘47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a’, ‘OccurredTime’: ‘2019-05-15T12:41:22.874Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:26.070Z’}, {‘ID’: ‘be9f159f-1225-3461-d863-c55d46517b81’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.848Z’}, {‘ID’: ‘8a6639c8-db0e-3077-aa0d-764c83726590’, ‘OccurredTime’: ‘2019-05-15T12:41:34.816Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:34.821Z’}, {‘ID’: ‘f65faf00-d0d8-6059-7784-20407a8a1231’, ‘OccurredTime’: ‘2019-05-15T12:41:56.359Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:56.364Z’}, {‘ID’: ‘21684ce5-55dd-8017-71b5-46369ae14e17’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.013Z’}, {‘ID’: ‘b56d2afd-a5e3-aab8-5509-0a9dcabdedb0’, ‘OccurredTime’: ‘2019-05-15T12:42:10.743Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:10.744Z’}, {‘ID’: ‘2ce1d100-de85-1ef0-0673-8bfae574c1ce’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.046Z’}, {‘ID’: ‘09550d30-e275-6bfe-fdf3-1d01b43ba6ef’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.044Z’}, {‘ID’: ‘15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.410Z’}, {‘ID’: ‘d9736b73-d8ad-6c39-1df5-49a2f3784337’, ‘OccurredTime’: ‘2019-05-15T12:41:08.098Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:08.100Z’}, {‘ID’: ‘93e98ec6-d6b6-cca9-255e-2944ce5fad4c’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.012Z’}, {‘ID’: ‘6b526907-c9d6-eabe-f2d5-9eb783b28715’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.843Z’}, {‘ID’: ‘b5312239-5c45-d036-66fc-1c1fbb3d7260’, ‘OccurredTime’: ‘2019-05-15T12:41:49.216Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:50.287Z’}, {‘ID’: ‘1cfb337f-9725-7c44-34dc-4f18172c3f6c’, ‘OccurredTime’: ‘2019-05-15T12:41:51.690Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:51.693Z’}, {‘ID’: ‘c2ef5423-76b1-a0a0-0a0b-b4443507d4a5’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:54.807Z’}, {‘ID’: ‘463049df-c917-821a-9d43-d1d813394eac’, ‘OccurredTime’: ‘2019-05-15T12:41:51.690Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:54.808Z’}, {‘ID’: ‘94d8203b-6db5-702c-3e7f-d2601f888ea3’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.010Z’}, {‘ID’: ‘8868f432-89b1-2740-3007-7dadc57700e4’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.011Z’} |
3. Search for events
Search for events.
Base Command
alienvault-search-events
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | Maximum number of alarms to return. | Optional |
| account_name | The account name. | Optional |
| event_name | Event name. | Optional |
| source_name | Source name. | Optional |
| time_frame | Filter by time frame, for example: Last 48 Hours. | Optional |
| start_time | If time_frame is Custom, specify the start time for the time range, for example: 2017-06-01T12:48:16Z. | Optional |
| end_time | If time_frame is Custom, specify the end time for the time range, for exmaple: 2017-06-01T12:48:16Z. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| AlienVault.Event.Category | String | Event category. |
| AlienVault.Event.Source.IPAddress | String | Source IP address. |
| AlienVault.Event.Source.Port | Number | Source port. |
| AlienVault.Event.Destination.IPAddress | String | Destination IP address. |
| AlienVault.Event.Destination.Port | Number | Destination port. |
| AlienVault.Event.Severity | String | Event severity. |
| AlienVault.Event.OccurredTime | String | Time the even occurred. |
| AlienVault.Event.ReceivedTime | String | Time the even was received. |
| AlienVault.Event.AccessControlOutcome | String | Access control outcome. |
| AlienVault.Event.Suppressed | Bool | Whether the even is suppressed. |
| AlienVault.Event.ID | String | Event ID. |
| AlienVault.Event.Name | String | Event name. |
| AlienVault.Event.Subcategory | String | Event subcategory. |
Command Example
!alienvault-search-events limit="5" event_name="ET POLICY RDP connection confirm" time_frame="Today"
Context Example
{
"AlienVault.Event": [
{
"Category": "Information",
"Subcategory": "Remote access application",
"Name": "ET POLICY RDP connection confirm",
"OccurredTime": "2019-05-27T12:27:58.457Z",
"ReceivedTime": "2019-05-27T12:27:58.463Z",
"Destination": {
"IPAddress": "77.247.110.59",
"Port": 30304
},
"Source": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "f4f4c3bf-9b49-f080-3b14-8f1b348a5cbd",
"Severity": "3"
},
{
"Category": "Information",
"Subcategory": "Remote access application",
"Name": "ET POLICY RDP connection confirm",
"OccurredTime": "2019-05-27T12:27:50.390Z",
"ReceivedTime": "2019-05-27T12:27:57.338Z",
"Destination": {
"IPAddress": "185.254.120.27",
"Port": 29411
},
"Source": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "b71d0aa1-e234-6007-69d8-d880c1955336",
"Severity": "3"
},
{
"Category": "Information",
"Subcategory": "Remote access application",
"Name": "ET POLICY RDP connection confirm",
"OccurredTime": "2019-05-27T12:27:50.390Z",
"ReceivedTime": "2019-05-27T12:27:56.050Z",
"Destination": {
"IPAddress": "185.254.120.27",
"Port": 29411
},
"Source": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "c380e2ee-acc7-a899-d8eb-22095fbd1a9b",
"Severity": "3"
},
{
"Category": "Information",
"Subcategory": "Remote access application",
"Name": "ET POLICY RDP connection confirm",
"OccurredTime": "2019-05-27T12:27:50.390Z",
"ReceivedTime": "2019-05-27T12:27:58.586Z",
"Destination": {
"IPAddress": "185.254.120.27",
"Port": 29411
},
"Source": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "d8f5c4f7-3466-2342-6ee0-6beeff7587ae",
"Severity": "3"
},
{
"Category": "Information",
"Subcategory": "Remote access application",
"Name": "ET POLICY RDP connection confirm",
"OccurredTime": "2019-05-27T12:27:50.390Z",
"ReceivedTime": "2019-05-27T12:27:54.841Z",
"Destination": {
"IPAddress": "185.254.120.27",
"Port": 29411
},
"Source": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "1f9d3d71-5ec2-b58f-e3a6-f575a525b3d5",
"Severity": "3"
}
]
}
Human Readable Output
Events:
| ID | Name | OccurredTime | ReceivedTime | Suppressed | AccessControlOutcome | Category | Severity | Subcategory | Source | Destination |
|---|---|---|---|---|---|---|---|---|---|---|
| f4f4c3bf-9b49-f080-3b14-8f1b348a5cbd | ET POLICY RDP connection confirm | 2019-05-27T12:27:58.457Z | 2019-05-27T12:27:58.463Z | false | Allow | Information | 3 | Remote access application |
IPAddress: 192.168.1.8
Port: 3389 |
IPAddress: 77.247.110.59
Port: 30304 |
| b71d0aa1-e234-6007-69d8-d880c1955336 | ET POLICY RDP connection confirm | 2019-05-27T12:27:50.390Z | 2019-05-27T12:27:57.338Z | false | Allow | Information | 3 | Remote access application |
IPAddress: 192.168.1.8
Port: 3389 |
IPAddress: 185.254.120.27
Port: 29411 |
| c380e2ee-acc7-a899-d8eb-22095fbd1a9b | ET POLICY RDP connection confirm | 2019-05-27T12:27:50.390Z | 2019-05-27T12:27:56.050Z | false | Allow | Information | 3 | Remote access application |
IPAddress: 192.168.1.8
Port: 3389 |
IPAddress: 185.254.120.27
Port: 29411 |
| d8f5c4f7-3466-2342-6ee0-6beeff7587ae | ET POLICY RDP connection confirm | 2019-05-27T12:27:50.390Z | 2019-05-27T12:27:58.586Z | false | Allow | Information | 3 | Remote access application |
IPAddress: 192.168.1.8
Port: 3389 |
IPAddress: 185.254.120.27
Port: 29411 |
| 1f9d3d71-5ec2-b58f-e3a6-f575a525b3d5 | ET POLICY RDP connection confirm | 2019-05-27T12:27:50.390Z | 2019-05-27T12:27:54.841Z | false | Allow | Information | 3 | Remote access application |
IPAddress: 192.168.1.8
Port: 3389 |
IPAddress: 185.254.120.27
Port: 29411 |
4. Get alarm events
Retrieves events associated with an alarm.
Base Command
alienvault-get-events-by-alarm
Input
| Argument Name | Description | Required |
|---|---|---|
| alarm_id |
Alarm ID to get events for. Can be obtained by running the
alienvault-search-alarms
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| AlienVault.Event.Category | String | Event category. |
| AlienVault.Event.Source.IPAddress | String | Source IP address. |
| AlienVault.Event.Source.Port | Number | Source port. |
| AlienVault.Event.Destination.IPAddress | String | Destination IP address. |
| AlienVault.Event.Destination.Port | Number | Destination port. |
| AlienVault.Event.Severity | String | Event severity. |
| AlienVault.Event.OccurredTime | String | Time the event occurred. |
| AlienVault.Event.ReceivedTime | String | Time the event was received. |
| AlienVault.Event.AccessControlOutcome | String | Access control outcome. |
| AlienVault.Event.Suppressed | Bool | Whether the event is suppressed. |
| AlienVault.Event.ID | String | Event ID. |
| AlienVault.Event.Name | String | Event name. |
| AlienVault.Event.Subcategory | String | Event subcategory. |
Command Example
!alienvault-get-events-by-alarm alarm_id=3194f0f5-0350-7a09-87b2-8fb20b963ed8
Context Example
{
"AlienVault.Event": [
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:46.071Z",
"ReceivedTime": "2019-05-15T12:40:46.076Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 50243
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "b36a0259-6203-ecfc-5023-aa198c1e4329",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:48.740Z",
"ReceivedTime": "2019-05-15T12:40:48.745Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 50243
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "eab1d04d-4251-44a4-6cf8-0b1ad7f23c36",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:51.041Z",
"ReceivedTime": "2019-05-15T12:40:51.048Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 53013
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "1a0f4f1a-c855-2808-f758-127e5578bda9",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:51.041Z",
"ReceivedTime": "2019-05-15T12:40:51.049Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 53013
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "4c6d5d9d-a5f8-2d24-0176-060f4139e5a0",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:55.936Z",
"ReceivedTime": "2019-05-15T12:40:55.940Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 54739
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "a14ef1a1-2617-3b85-02dc-8c5531b96e5f",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:55.936Z",
"ReceivedTime": "2019-05-15T12:40:55.943Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 54739
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "36233284-0aea-14cf-a90f-91f8c3952056",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:55.936Z",
"ReceivedTime": "2019-05-15T12:40:55.947Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 54739
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "551c58fd-0f22-e3a8-5478-056444759f5d",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:03.405Z",
"ReceivedTime": "2019-05-15T12:41:03.414Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 58090
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "9c019302-7f60-3c33-f725-dd12c9bdb97a",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:10.803Z",
"ReceivedTime": "2019-05-15T12:41:10.809Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 1969
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "7f7011b9-b57e-c46e-3e95-5e86e51832e0",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:10.803Z",
"ReceivedTime": "2019-05-15T12:41:10.814Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 1969
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "6dddab25-f3e2-c293-afd4-84081e5a41ff",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:10.803Z",
"ReceivedTime": "2019-05-15T12:41:10.815Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 1969
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "211627df-ec2e-52c4-ff76-dc103951d340",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:10.803Z",
"ReceivedTime": "2019-05-15T12:41:10.815Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 1969
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "52bf99f5-1f79-e04e-9fad-1b423a644e89",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:18.007Z",
"ReceivedTime": "2019-05-15T12:41:18.014Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 5213
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "6553b62f-d1db-2318-7e9d-4ae5f0de5d41",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:20.525Z",
"ReceivedTime": "2019-05-15T12:41:24.554Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 5213
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "1e635a85-d8a5-66cc-abf4-9067db82955a",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:31.837Z",
"ReceivedTime": "2019-05-15T12:41:31.840Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 10772
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "124314f7-bcb2-c706-ada3-50a57ef2d8b3",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:31.837Z",
"ReceivedTime": "2019-05-15T12:41:31.845Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 10772
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "35cafad8-2e36-9bef-45ce-d37f919bb3ac",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:37.221Z",
"ReceivedTime": "2019-05-15T12:41:37.224Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 13554
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "ea2b003a-44b7-4b17-9438-993a0a5fe7c5",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:41.942Z",
"ReceivedTime": "2019-05-15T12:41:41.945Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 13554
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:46.766Z",
"ReceivedTime": "2019-05-15T12:41:50.283Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 17267
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "22a04ec4-cbbd-49c2-dcee-4329e97dbcd3",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:46.766Z",
"ReceivedTime": "2019-05-15T12:41:52.654Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 17267
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "d2d62bbd-5db2-823c-28a1-a1acf21af7fc",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:46.766Z",
"ReceivedTime": "2019-05-15T12:41:54.125Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 17267
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "6042e4a2-4982-7016-bbd3-5506030d2dc4",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:42:06.005Z",
"ReceivedTime": "2019-05-15T12:42:06.010Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 25757
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:46.071Z",
"ReceivedTime": "2019-05-15T12:40:46.079Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 50243
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "720d9a9d-92cc-45b1-bbb3-604fb053282b",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:46.071Z",
"ReceivedTime": "2019-05-15T12:40:46.080Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 50243
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "79549d86-40df-0032-e3cf-cf6d1cd86ecf",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:46.071Z",
"ReceivedTime": "2019-05-15T12:40:46.081Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 50243
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "220a996a-a64c-a7ea-14b6-3aca57681722",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:53.604Z",
"ReceivedTime": "2019-05-15T12:40:53.608Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 53013
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:55.936Z",
"ReceivedTime": "2019-05-15T12:40:55.945Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 54739
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "a21fd0a8-b2ae-fbae-ef22-f23d30a30099",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:03.405Z",
"ReceivedTime": "2019-05-15T12:41:03.409Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 58090
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "249827bf-e31d-79d7-8725-cee8ffc7037f",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:03.405Z",
"ReceivedTime": "2019-05-15T12:41:03.413Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 58090
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "ed0c4580-69a6-d462-2205-d06fc436ecde",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:13.242Z",
"ReceivedTime": "2019-05-15T12:41:13.246Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 1969
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "7a3ceb92-9ea7-2387-39b8-deddfd1000ec",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:18.007Z",
"ReceivedTime": "2019-05-15T12:41:18.013Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 5213
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "42b0c4dc-c260-0cfd-6b44-e99716f8a736",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:18.007Z",
"ReceivedTime": "2019-05-15T12:41:18.016Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 5213
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "69be0a19-9b9b-f226-02fd-cb694bb24197",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:22.874Z",
"ReceivedTime": "2019-05-15T12:41:26.070Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 7372
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:31.837Z",
"ReceivedTime": "2019-05-15T12:41:31.848Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 10772
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "be9f159f-1225-3461-d863-c55d46517b81",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:34.816Z",
"ReceivedTime": "2019-05-15T12:41:34.821Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 10772
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "8a6639c8-db0e-3077-aa0d-764c83726590",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:56.359Z",
"ReceivedTime": "2019-05-15T12:41:56.364Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 19868
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "f65faf00-d0d8-6059-7784-20407a8a1231",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:42:06.005Z",
"ReceivedTime": "2019-05-15T12:42:06.013Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 25757
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "21684ce5-55dd-8017-71b5-46369ae14e17",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:42:10.743Z",
"ReceivedTime": "2019-05-15T12:42:10.744Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 25757
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "b56d2afd-a5e3-aab8-5509-0a9dcabdedb0",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:51.041Z",
"ReceivedTime": "2019-05-15T12:40:51.046Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 53013
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "2ce1d100-de85-1ef0-0673-8bfae574c1ce",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:40:51.041Z",
"ReceivedTime": "2019-05-15T12:40:51.044Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 53013
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "09550d30-e275-6bfe-fdf3-1d01b43ba6ef",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:03.405Z",
"ReceivedTime": "2019-05-15T12:41:03.410Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 58090
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:08.098Z",
"ReceivedTime": "2019-05-15T12:41:08.100Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 58090
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "d9736b73-d8ad-6c39-1df5-49a2f3784337",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:18.007Z",
"ReceivedTime": "2019-05-15T12:41:18.012Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 5213
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "93e98ec6-d6b6-cca9-255e-2944ce5fad4c",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:31.837Z",
"ReceivedTime": "2019-05-15T12:41:31.843Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 10772
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "6b526907-c9d6-eabe-f2d5-9eb783b28715",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:49.216Z",
"ReceivedTime": "2019-05-15T12:41:50.287Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 17267
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "b5312239-5c45-d036-66fc-1c1fbb3d7260",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:51.690Z",
"ReceivedTime": "2019-05-15T12:41:51.693Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 19868
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "1cfb337f-9725-7c44-34dc-4f18172c3f6c",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:46.766Z",
"ReceivedTime": "2019-05-15T12:41:54.807Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 17267
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "c2ef5423-76b1-a0a0-0a0b-b4443507d4a5",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:41:51.690Z",
"ReceivedTime": "2019-05-15T12:41:54.808Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 19868
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "463049df-c917-821a-9d43-d1d813394eac",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:42:06.005Z",
"ReceivedTime": "2019-05-15T12:42:06.010Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 25757
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "94d8203b-6db5-702c-3e7f-d2601f888ea3",
"Severity": "3"
},
{
"Category": "Policy Violation",
"Subcategory": "Remote access application",
"Name": "ET POLICY MS Remote Desktop Administrator Login Request",
"OccurredTime": "2019-05-15T12:42:06.005Z",
"ReceivedTime": "2019-05-15T12:42:06.011Z",
"Destination": {
"IPAddress": "192.168.1.8",
"Port": 3389
},
"Source": {
"IPAddress": "85.93.20.34",
"Port": 25757
},
"AccessControlOutcome": "Allow",
"Suppressed": false,
"ID": "8868f432-89b1-2740-3007-7dadc57700e4",
"Severity": "3"
}
]
}
Human Readable Output
Events of Alarm 3194f0f5-0350-7a09-87b2-8fb20b963ed8:
| ID | Name | OccurredTime | ReceivedTime | Suppressed | AccessControlOutcome | Category | Severity | Subcategory | Source | Destination |
|---|---|---|---|---|---|---|---|---|---|---|
| b36a0259-6203-ecfc-5023-aa198c1e4329 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:46.071Z | 2019-05-15T12:40:46.076Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 50243 |
IPAddress: 192.168.1.8
Port: 3389 |
| eab1d04d-4251-44a4-6cf8-0b1ad7f23c36 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:48.740Z | 2019-05-15T12:40:48.745Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 50243 |
IPAddress: 192.168.1.8
Port: 3389 |
| 1a0f4f1a-c855-2808-f758-127e5578bda9 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:51.041Z | 2019-05-15T12:40:51.048Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 53013 |
IPAddress: 192.168.1.8
Port: 3389 |
| 4c6d5d9d-a5f8-2d24-0176-060f4139e5a0 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:51.041Z | 2019-05-15T12:40:51.049Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 53013 |
IPAddress: 192.168.1.8
Port: 3389 |
| a14ef1a1-2617-3b85-02dc-8c5531b96e5f | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:55.936Z | 2019-05-15T12:40:55.940Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 54739 |
IPAddress: 192.168.1.8
Port: 3389 |
| 36233284-0aea-14cf-a90f-91f8c3952056 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:55.936Z | 2019-05-15T12:40:55.943Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 54739 |
IPAddress: 192.168.1.8
Port: 3389 |
| 551c58fd-0f22-e3a8-5478-056444759f5d | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:55.936Z | 2019-05-15T12:40:55.947Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 54739 |
IPAddress: 192.168.1.8
Port: 3389 |
| 9c019302-7f60-3c33-f725-dd12c9bdb97a | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:03.405Z | 2019-05-15T12:41:03.414Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 58090 |
IPAddress: 192.168.1.8
Port: 3389 |
| 7f7011b9-b57e-c46e-3e95-5e86e51832e0 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:10.803Z | 2019-05-15T12:41:10.809Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 1969 |
IPAddress: 192.168.1.8
Port: 3389 |
| 6dddab25-f3e2-c293-afd4-84081e5a41ff | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:10.803Z | 2019-05-15T12:41:10.814Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 1969 |
IPAddress: 192.168.1.8
Port: 3389 |
| 211627df-ec2e-52c4-ff76-dc103951d340 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:10.803Z | 2019-05-15T12:41:10.815Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 1969 |
IPAddress: 192.168.1.8
Port: 3389 |
| 52bf99f5-1f79-e04e-9fad-1b423a644e89 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:10.803Z | 2019-05-15T12:41:10.815Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 1969 |
IPAddress: 192.168.1.8
Port: 3389 |
| 6553b62f-d1db-2318-7e9d-4ae5f0de5d41 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:18.007Z | 2019-05-15T12:41:18.014Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 5213 |
IPAddress: 192.168.1.8
Port: 3389 |
| 1e635a85-d8a5-66cc-abf4-9067db82955a | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:20.525Z | 2019-05-15T12:41:24.554Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 5213 |
IPAddress: 192.168.1.8
Port: 3389 |
| 124314f7-bcb2-c706-ada3-50a57ef2d8b3 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:31.837Z | 2019-05-15T12:41:31.840Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 10772 |
IPAddress: 192.168.1.8
Port: 3389 |
| 35cafad8-2e36-9bef-45ce-d37f919bb3ac | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:31.837Z | 2019-05-15T12:41:31.845Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 10772 |
IPAddress: 192.168.1.8
Port: 3389 |
| ea2b003a-44b7-4b17-9438-993a0a5fe7c5 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:37.221Z | 2019-05-15T12:41:37.224Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 13554 |
IPAddress: 192.168.1.8
Port: 3389 |
| 318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:41.942Z | 2019-05-15T12:41:41.945Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 13554 |
IPAddress: 192.168.1.8
Port: 3389 |
| 22a04ec4-cbbd-49c2-dcee-4329e97dbcd3 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:46.766Z | 2019-05-15T12:41:50.283Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 17267 |
IPAddress: 192.168.1.8
Port: 3389 |
| d2d62bbd-5db2-823c-28a1-a1acf21af7fc | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:46.766Z | 2019-05-15T12:41:52.654Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 17267 |
IPAddress: 192.168.1.8
Port: 3389 |
| 6042e4a2-4982-7016-bbd3-5506030d2dc4 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:46.766Z | 2019-05-15T12:41:54.125Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 17267 |
IPAddress: 192.168.1.8
Port: 3389 |
| b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:42:06.005Z | 2019-05-15T12:42:06.010Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 25757 |
IPAddress: 192.168.1.8
Port: 3389 |
| 720d9a9d-92cc-45b1-bbb3-604fb053282b | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:46.071Z | 2019-05-15T12:40:46.079Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 50243 |
IPAddress: 192.168.1.8
Port: 3389 |
| 79549d86-40df-0032-e3cf-cf6d1cd86ecf | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:46.071Z | 2019-05-15T12:40:46.080Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 50243 |
IPAddress: 192.168.1.8
Port: 3389 |
| 220a996a-a64c-a7ea-14b6-3aca57681722 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:46.071Z | 2019-05-15T12:40:46.081Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 50243 |
IPAddress: 192.168.1.8
Port: 3389 |
| bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:53.604Z | 2019-05-15T12:40:53.608Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 53013 |
IPAddress: 192.168.1.8
Port: 3389 |
| a21fd0a8-b2ae-fbae-ef22-f23d30a30099 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:55.936Z | 2019-05-15T12:40:55.945Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 54739 |
IPAddress: 192.168.1.8
Port: 3389 |
| 249827bf-e31d-79d7-8725-cee8ffc7037f | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:03.405Z | 2019-05-15T12:41:03.409Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 58090 |
IPAddress: 192.168.1.8
Port: 3389 |
| ed0c4580-69a6-d462-2205-d06fc436ecde | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:03.405Z | 2019-05-15T12:41:03.413Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 58090 |
IPAddress: 192.168.1.8
Port: 3389 |
| 7a3ceb92-9ea7-2387-39b8-deddfd1000ec | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:13.242Z | 2019-05-15T12:41:13.246Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 1969 |
IPAddress: 192.168.1.8
Port: 3389 |
| 42b0c4dc-c260-0cfd-6b44-e99716f8a736 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:18.007Z | 2019-05-15T12:41:18.013Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 5213 |
IPAddress: 192.168.1.8
Port: 3389 |
| 69be0a19-9b9b-f226-02fd-cb694bb24197 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:18.007Z | 2019-05-15T12:41:18.016Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 5213 |
IPAddress: 192.168.1.8
Port: 3389 |
| 47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:22.874Z | 2019-05-15T12:41:26.070Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 7372 |
IPAddress: 192.168.1.8
Port: 3389 |
| be9f159f-1225-3461-d863-c55d46517b81 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:31.837Z | 2019-05-15T12:41:31.848Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 10772 |
IPAddress: 192.168.1.8
Port: 3389 |
| 8a6639c8-db0e-3077-aa0d-764c83726590 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:34.816Z | 2019-05-15T12:41:34.821Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 10772 |
IPAddress: 192.168.1.8
Port: 3389 |
| f65faf00-d0d8-6059-7784-20407a8a1231 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:56.359Z | 2019-05-15T12:41:56.364Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 19868 |
IPAddress: 192.168.1.8
Port: 3389 |
| 21684ce5-55dd-8017-71b5-46369ae14e17 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:42:06.005Z | 2019-05-15T12:42:06.013Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 25757 |
IPAddress: 192.168.1.8
Port: 3389 |
| b56d2afd-a5e3-aab8-5509-0a9dcabdedb0 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:42:10.743Z | 2019-05-15T12:42:10.744Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 25757 |
IPAddress: 192.168.1.8
Port: 3389 |
| 2ce1d100-de85-1ef0-0673-8bfae574c1ce | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:51.041Z | 2019-05-15T12:40:51.046Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 53013 |
IPAddress: 192.168.1.8
Port: 3389 |
| 09550d30-e275-6bfe-fdf3-1d01b43ba6ef | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:40:51.041Z | 2019-05-15T12:40:51.044Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 53013 |
IPAddress: 192.168.1.8
Port: 3389 |
| 15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:03.405Z | 2019-05-15T12:41:03.410Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 58090 |
IPAddress: 192.168.1.8
Port: 3389 |
| d9736b73-d8ad-6c39-1df5-49a2f3784337 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:08.098Z | 2019-05-15T12:41:08.100Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 58090 |
IPAddress: 192.168.1.8
Port: 3389 |
| 93e98ec6-d6b6-cca9-255e-2944ce5fad4c | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:18.007Z | 2019-05-15T12:41:18.012Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 5213 |
IPAddress: 192.168.1.8
Port: 3389 |
| 6b526907-c9d6-eabe-f2d5-9eb783b28715 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:31.837Z | 2019-05-15T12:41:31.843Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 10772 |
IPAddress: 192.168.1.8
Port: 3389 |
| b5312239-5c45-d036-66fc-1c1fbb3d7260 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:49.216Z | 2019-05-15T12:41:50.287Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 17267 |
IPAddress: 192.168.1.8
Port: 3389 |
| 1cfb337f-9725-7c44-34dc-4f18172c3f6c | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:51.690Z | 2019-05-15T12:41:51.693Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 19868 |
IPAddress: 192.168.1.8
Port: 3389 |
| c2ef5423-76b1-a0a0-0a0b-b4443507d4a5 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:46.766Z | 2019-05-15T12:41:54.807Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 17267 |
IPAddress: 192.168.1.8
Port: 3389 |
| 463049df-c917-821a-9d43-d1d813394eac | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:41:51.690Z | 2019-05-15T12:41:54.808Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 19868 |
IPAddress: 192.168.1.8
Port: 3389 |
| 94d8203b-6db5-702c-3e7f-d2601f888ea3 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:42:06.005Z | 2019-05-15T12:42:06.010Z | false | Allow | Policy Violation | 3 | Remote access application |
IPAddress: 85.93.20.34
Port: 25757 |
IPAddress: 192.168.1.8
Port: 3389 |
| 8868f432-89b1-2740-3007-7dadc57700e4 | ET POLICY MS Remote Desktop Administrator Login Request | 2019-05-15T12:42:06.005Z | 2019-05-15T12:42:06.011Z | false | Allow |