AlienVault USM Anywhere

Search and monitor alarms and events from AlienVault USM Anywhere.

Use Cases

  1. Fetch new AlienVault alarms as Demisto incidents.
  2. Search AlienVault alarms.
  3. Search AlienVault events.
  4. Retrieve events related to an AlienVault alarms.
  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for AlienVault USM Anywhere.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • Server URL (e.g., https://www.example.com )
    • Client ID
    • Client Secret
    • Trust any certificate (insecure)
    • Use system proxy
    • Fetch incidents
    • Incident type
    • Fetch limit
    • Time format
    • First fetch timestamp (
  4. Click Test to validate the URLs, token, and connection.

Fetched Incidents Data

{
    "uuid": "9f4aa992-cc85-394a-57a2-cc3a755320a8",
    "has_alarm": false,
    "needs_enrichment": true,
    "packet_data": [
        "a415b77a-a80f-c098-5643-733a9e31f62f"
    ],
    "priority": 20,
    "suppressed": false,
    "events": [
        {
            "_links": {
                "self": {
                    "href": "https://paloalto-networks.alienvault.cloud/api/2.0/events/{eventId}",
                    "templated": true
                }
            },
            "timeStamp": 1558311648948,
            "enriched": true,
            "message": {
                "packet_type": "log",
                "source_country": "US",
                "source_port": 47301,
                "source_organisation": "Digital Ocean",
                "event_type": "alert",
                "time_zone": "+0000",
                "was_guessed": false,
                "rep_device_address": "127.0.0.1",
                "needs_enrichment": true,
                "sensor_uuid": "dfd08cb3-5454-1c99-4f37-770935e0a941",
                "event_category": "Recon",
                "source_registered_country": "US",
                "timestamp_received_iso8601": "2019-05-20T00:20:48.920Z",
                "access_control_outcome": "Allow",
                "destination_name": "192.168.1.77",
                "log": "",
                "source_longitude": "-74.1403",
                "destination_address": "192.168.1.77",
                "bytes_out": 0,
                "event_severity": "2",
                "source_blacklist_priority": "2",
                "source_city": "Clifton",
                "timestamp_occured_iso8601": "2019-05-20T00:20:48.912Z",
                "was_fuzzied": false,
                "source_blacklist_reliability": "4",
                "source_name": "159.203.169.16",
                "source_address": "159.203.169.16",
                "bytes_in": 60,
                "timestamp_occured": "1558311648912",
                "plugin_device": "AlienVault NIDS",
                "transport_protocol": "TCP",
                "malware_family": "nmap",
                "suppressed": "false",
                "event_name": "ET SCAN NMAP -sS window 1024",
                "packets_sent": 0,
                "plugin_version": "0.11",
                "received_from": "USMA-Sensor",
                "plugin": "AlienVault NIDS",
                "plugin_device_type": "Intrusion Detection",
                "destination_canonical": "ab6cde77-8082-df02-a087-a0bdd08fff38",
                "timestamp_received": "1558311648920",
                "plugin_enrichment_script": "dns.lua",
                "used_hint": true,
                "event_subcategory": "Scanner",
                "destination_port": 80,
                "source_region": "NJ",
                "source_blacklist_activity": "Malicious Host",
                "uuid": "a415b77a-a70f-cf98-5643-733a9e31f62f",
                "has_alarm": "false",
                "source_latitude": "40.8364",
                "tag": "lt-suricata",
                "device_direction": "inbound",
                "device_event_category": "Attempted Information Leak",
                "highlight_fields": [
                    "event_category",
                    "event_subcategory",
                    "event_activity",
                    "http_hostname",
                    "malware_family",
                    "event_cve",
                    "rep_device_rule_id",
                    "transport_protocol",
                    "request_url",
                    "file_name",
                    "dns_rrname",
                    "file_hash",
                    "tls_subject",
                    "ssh_server_version",
                    "request_user_agent",
                    "affected_platform",
                    "tls_sni",
                    "tls_fingerprint",
                    "packets_received",
                    "packets_sent",
                    "bytes_in",
                    "bytes_out"
                ],
                "rep_dev_canonical": "127.0.0.1",
                "rep_device_rule_id": "2009582",
                "source_canonical": "159.203.169.16",
                "destination_asset_id": "ab6cde77-8082-df02-a087-a0bdd08fff38",
                "destination_fqdn": "192.168.1.77",
                "packets_received": 1,
                "transient": false,
                "destination_port_label": "HTTP"
            }
        }
    ],
    "_links": {
        "self": {
            "href": "https://paloalto-networks.alienvault.cloud/api/2.0/alarms/9f4aa992-cc85-394a-57a2-cc3a755320a8"
        }
    },
    "rule_intent": "Reconnaissance & Probing",
    "alarm_events_count": 1,
    "alarm_source_countries": [
        "US"
    ],
    "alarm_sensor_sources": [
        "dfd08cb3-5454-1c99-4f37-770935e0a941"
    ],
    "destination_name": "192.168.1.77",
    "rule_dictionary": "SuricataScanRules-Dict",
    "timestamp_occured": "1558311648912",
    "source_organisation": "Digital Ocean",
    "alarm_source_cities": [
        "Clifton"
    ],
    "event_type": "Alarm",
    "rule_method": "Nmap",
    "priority_label": "low",
    "rule_attack_tactic": [
        "Discovery"
    ],
    "source_name": "159.203.169.16",
    "timestamp_received": "1558311648971",
    "destination_canonical": "ab6cde77-8082-df02-a087-a0bdd08fff38",
    "rule_strategy": "Portscan",
    "timestamp_received_iso8601": "2019-05-20T00:20:48.971Z",
    "alarm_destination_assset_ids": [
        "ab6cde77-8082-df02-a087-a0bdd08fff38"
    ],
    "alarm_destinations": [
        "ab6cde77-8082-df02-a087-a0bdd08fff38"
    ],
    "alarm_sources": [
        "159.203.169.16"
    ],
    "rule_attack_id": "T1046",
    "highlight_fields": [
        "source_canonical",
        " destination_canonical",
        " malware_family",
        "rule_attack_id",
        "rule_attack_tactic",
        "rule_attack_technique"
    ],
    "alarm_source_names": [
        "159.203.169.16"
    ],
    "destination_asset_id": "ab6cde77-8082-df02-a087-a0bdd08fff38",
    "alarm_source_longitudes": [
        "-74.1403"
    ],
    "rule_id": "Nmap",
    "alarm_source_organisations": [
        "Digital Ocean"
    ],
    "alarm_source_latitudes": [
        "40.8364"
    ],
    "sensor_uuid": "25032f5b-3707-442a-8d8d-7c4ff8965b14",
    "timestamp_occured_iso8601": "2019-05-20T00:20:48.912Z",
    "alarm_destination_names": [
        "192.168.1.77"
    ],
    "transient": false,
    "alarm_source_blacklist_activity": [
        "Malicious Host"
    ],
    "rule_attack_technique": "Network Service Scanning",
    "source_canonical": "159.203.169.16",
    "packet_type": "alarm"
}

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Get alarms: alienvault-search-alarms
  2. Get alarm details: alienvault-get-alarm
  3. Search for events: alienvault-search-events
  4. Get alarm events: alienvault-get-events-by-alarm

1. Get alarms


Retrieves alarms from AlienVault.

Base Command

alienvault-search-alarms

Input
Argument Name Description Required
limit Maximum number of alarms to return. Optional
status Filter by alarm status. Optional
priority Filter by alarm priority. Optional
show_suppressed Whether to include suppressed alarms in the search. Optional
time_frame Filter by time frame, for example: Last 48 Hours. Optional
start_time If time_frame is Custom, specify the start time for the time range, for example: 2017-06-01T12:48:16Z. Optional
end_time If time_frame is Custom, specify the end time for the time range, for example: 2017-06-01T12:48:16Z. Optional
rule_intent Filter alarms by rule intention. Optional
rule_method Filter alarms by rule method. Optional
rule_strategy Filter alarms by rule strategy Optional

Context Output
Path Type Description
AlienVault.Alarm.ID String Alarm ID.
AlienVault.Alarm.Priority String Alarm priority.
AlienVault.Alarm.OccurredTime Date Time the alarm occurred.
AlienVault.Alarm.ReceivedTime Date Time the alarm was received.
AlienVault.Alarm.Source Unknown Alarm source object.
AlienVault.Alarm.Source.IPAddress String Alarm Source IP Address.
AlienVault.Alarm.Source.Organization String Source organization.
AlienVault.Alarm.Source.Country String Source country.
AlienVault.Alarm.Destination Unknown Alarm destination object.
AlienVault.Alarm.Destination.IPAddress String Alarm destination IP Address.
AlienVault.Alarm.RuleAttackID String Rule attack ID.
AlienVault.Alarm.RuleStrategy String Rule strategy.
AlienVault.Alarm.RuleIntent String Rule intent.
AlienVault.Alarm.RuleID String Rule ID.
AlienVault.Alarm.RuleDictionary String Rule dictionary.
AlienVault.Alarm.RuleMethod String Rule method.
AlienVault.Alarm.RuleAttackTactic Unknown Rule attack tactic.
AlienVault.Alarm.RuleAttackTechnique String Rule attack technique.

Command Example
!alienvault-search-alarms limit=2 time_frame="Last 7 Days" rule_method=Nmap
Context Example
{
    "AlienVault.Alarm": [
        {
            "Source": {
                "Country": [
                    "RU"
                ], 
                "IPAddress": [
                    "185.176.27.118"
                ], 
                "Organization": [
                    "IP Khnykin Vitaliy Yakovlevich"
                ]
            }, 
            "RuleMethod": "Nmap", 
            "OccurredTime": "2019-05-21T10:11:39.226Z", 
            "RuleID": "Nmap", 
            "RuleDictionary": "SuricataScanRules-Dict", 
            "ReceivedTime": "2019-05-21T10:11:39.288Z", 
            "Destination": {
                "IPAddress": [
                    "192.168.1.201"
                ]
            }, 
            "RuleAttackTactic": [
                "Discovery"
            ], 
            "ID": "62c61fd9-cb74-2ca3-fe53-f7e43489c807", 
            "Priority": "low", 
            "RuleAttackID": "T1046", 
            "RuleStrategy": "Portscan", 
            "RuleAttackTechnique": "Network Service Scanning", 
            "Event": [
                {
                    "ReceivedTime": "2019-05-21T10:11:39.228Z", 
                    "ID": "7c076810-22dd-47f1-b745-f4b559fa26df", 
                    "OccurredTime": "2019-05-21T10:11:39.226Z"
                }
            ], 
            "RuleIntent": "Reconnaissance & Probing"
        }, 
        {
            "Source": {
                "Country": [
                    "RU"
                ], 
                "IPAddress": [
                    "92.119.160.40"
                ], 
                "Organization": [
                    "SingleHost"
                ]
            }, 
            "RuleMethod": "Nmap", 
            "OccurredTime": "2019-05-21T09:53:07.962Z", 
            "RuleID": "Nmap", 
            "RuleDictionary": "SuricataScanRules-Dict", 
            "ReceivedTime": "2019-05-21T09:53:08.044Z", 
            "Destination": {
                "IPAddress": [
                    "192.168.1.31"
                ]
            }, 
            "RuleAttackTactic": [
                "Discovery"
            ], 
            "ID": "45ccbeb3-b69f-9bee-7427-a3e0cfd4666b", 
            "Priority": "low", 
            "RuleAttackID": "T1046", 
            "RuleStrategy": "Portscan", 
            "RuleAttackTechnique": "Network Service Scanning", 
            "Event": [
                {
                    "ReceivedTime": "2019-05-27T09:34:45.224Z", 
                    "ID": "009e8bab-34e4-2882-c1a8-7349e9ecff88", 
                    "OccurredTime": "2019-05-27T09:34:45.220Z"
                }
            ], 
            "RuleIntent": "Reconnaissance & Probing"
        }
    ]
}
Human Readable Output

Alarms:

ID Priority OccurredTime ReceivedTime RuleAttackID RuleAttackTactic RuleAttackTechnique RuleDictionary RuleID RuleIntent RuleMethod RuleStrategy Source Destination Event
62c61fd9-cb74-2ca3-fe53-f7e43489c807 low 2019-05-21T10:11:39.226Z 2019-05-21T10:11:39.288Z T1046 Discovery Network Service Scanning SuricataScanRules-Dict Nmap Reconnaissance & Probing Nmap Portscan IPAddress: 185.176.27.118
Organization: IP Khnykin Vitaliy Yakovlevich
Country: RU
IPAddress: 192.168.1.201 {‘ID’: ‘7c076810-22dd-47f1-b745-f4b559fa26df’, ‘OccurredTime’: ‘2019-05-21T10:11:39.226Z’, ‘ReceivedTime’: ‘2019-05-21T10:11:39.228Z’}
45ccbeb3-b69f-9bee-7427-a3e0cfd4666b low 2019-05-21T09:53:07.962Z 2019-05-21T09:53:08.044Z T1046 Discovery Network Service Scanning SuricataScanRules-Dict Nmap Reconnaissance & Probing Nmap Portscan IPAddress: 92.119.160.40
Organization: OOO Network of data-centers Selectel
Country: RU
IPAddress: 192.168.1.31 {‘ID’: ‘41ee3f2d-ad61-0130-52b7-ebf31bdb79a2’, ‘OccurredTime’: ‘2019-05-21T09:53:07.962Z’, ‘ReceivedTime’: ‘2019-05-21T09:53:07.968Z’}

2. Get alarm details


Retrieves details for an alarm, using alarm_id.

Base Command

alienvault-get-alarm

Input
Argument Name Description Required
alarm_id Alarm ID. Can be obtained by running the alienvault-search-alarms command. Required

Context Output
Path Type Description
AlienVault.Alarm.ID String Alarm ID.
AlienVault.Alarm.Priority String Alarm priority.
AlienVault.Alarm.OccurredTime Date Time the alarm occurred.
AlienVault.Alarm.ReceivedTime Date Time the alarm was received.
AlienVault.Alarm.Source Unknown Alarm source object.
AlienVault.Alarm.Source.IPAddress String Alarm source IP address.
AlienVault.Alarm.Source.Organization String Source organization.
AlienVault.Alarm.Source.Country String Source country.
AlienVault.Alarm.Destination Unknown Alarm destination object.
AlienVault.Alarm.Destination.IPAddress String Alarm destination IP address.
AlienVault.Alarm.RuleAttackID String Rule attack ID.
AlienVault.Alarm.RuleStrategy String Rule strategy.
AlienVault.Alarm.RuleIntent String Rule intent.
AlienVault.Alarm.RuleID String Rule ID.
AlienVault.Alarm.RuleDictionary String Rule dictionary.
AlienVault.Alarm.RuleMethod String Rule method.
AlienVault.Alarm.RuleAttackTactic Unknown Rule attack tactic.
AlienVault.Alarm.RuleAttackTechnique String Rule attack technique.

Command Example
!alienvault-get-alarm alarm_id=3194f0f5-0350-7a09-87b2-8fb20b963ed8
Context Example
{
    "AlienVault.Alarm": [
        {
            "Source": {
                "Country": [
                    "PL"
                ], 
                "IPAddress": [
                    "85.93.20.34"
                ], 
                "Organization": [
                    "GHOSTnet GmbH"
                ]
            }, 
            "RuleMethod": "Microsoft Remote Desktop", 
            "OccurredTime": "2019-05-15T12:42:10.743Z", 
            "RuleID": "RDP", 
            "RuleDictionary": "SuricataBruteforceRules-Dict", 
            "ReceivedTime": "2019-05-15T12:42:20.815Z", 
            "Destination": {
                "IPAddress": [
                    "192.168.1.8"
                ]
            }, 
            "RuleAttackTactic": [
                "Credential Access"
            ], 
            "ID": "3194f0f5-0350-7a09-87b2-8fb20b963ed8", 
            "Priority": "medium", 
            "RuleAttackID": "T1110", 
            "RuleStrategy": "Brute Force Authentication", 
            "RuleAttackTechnique": "Brute Force", 
            "Event": [
                {
                    "ReceivedTime": "2019-05-15T12:40:46.076Z", 
                    "ID": "b36a0259-6203-ecfc-5023-aa198c1e4329", 
                    "OccurredTime": "2019-05-15T12:40:46.071Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:48.745Z", 
                    "ID": "eab1d04d-4251-44a4-6cf8-0b1ad7f23c36", 
                    "OccurredTime": "2019-05-15T12:40:48.740Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:51.048Z", 
                    "ID": "1a0f4f1a-c855-2808-f758-127e5578bda9", 
                    "OccurredTime": "2019-05-15T12:40:51.041Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:51.049Z", 
                    "ID": "4c6d5d9d-a5f8-2d24-0176-060f4139e5a0", 
                    "OccurredTime": "2019-05-15T12:40:51.041Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:55.940Z", 
                    "ID": "a14ef1a1-2617-3b85-02dc-8c5531b96e5f", 
                    "OccurredTime": "2019-05-15T12:40:55.936Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:55.943Z", 
                    "ID": "36233284-0aea-14cf-a90f-91f8c3952056", 
                    "OccurredTime": "2019-05-15T12:40:55.936Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:55.947Z", 
                    "ID": "551c58fd-0f22-e3a8-5478-056444759f5d", 
                    "OccurredTime": "2019-05-15T12:40:55.936Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:03.414Z", 
                    "ID": "9c019302-7f60-3c33-f725-dd12c9bdb97a", 
                    "OccurredTime": "2019-05-15T12:41:03.405Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:10.809Z", 
                    "ID": "7f7011b9-b57e-c46e-3e95-5e86e51832e0", 
                    "OccurredTime": "2019-05-15T12:41:10.803Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:10.814Z", 
                    "ID": "6dddab25-f3e2-c293-afd4-84081e5a41ff", 
                    "OccurredTime": "2019-05-15T12:41:10.803Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:10.815Z", 
                    "ID": "211627df-ec2e-52c4-ff76-dc103951d340", 
                    "OccurredTime": "2019-05-15T12:41:10.803Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:10.815Z", 
                    "ID": "52bf99f5-1f79-e04e-9fad-1b423a644e89", 
                    "OccurredTime": "2019-05-15T12:41:10.803Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:18.014Z", 
                    "ID": "6553b62f-d1db-2318-7e9d-4ae5f0de5d41", 
                    "OccurredTime": "2019-05-15T12:41:18.007Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:24.554Z", 
                    "ID": "1e635a85-d8a5-66cc-abf4-9067db82955a", 
                    "OccurredTime": "2019-05-15T12:41:20.525Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:31.840Z", 
                    "ID": "124314f7-bcb2-c706-ada3-50a57ef2d8b3", 
                    "OccurredTime": "2019-05-15T12:41:31.837Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:31.845Z", 
                    "ID": "35cafad8-2e36-9bef-45ce-d37f919bb3ac", 
                    "OccurredTime": "2019-05-15T12:41:31.837Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:37.224Z", 
                    "ID": "ea2b003a-44b7-4b17-9438-993a0a5fe7c5", 
                    "OccurredTime": "2019-05-15T12:41:37.221Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:41.945Z", 
                    "ID": "318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402", 
                    "OccurredTime": "2019-05-15T12:41:41.942Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:50.283Z", 
                    "ID": "22a04ec4-cbbd-49c2-dcee-4329e97dbcd3", 
                    "OccurredTime": "2019-05-15T12:41:46.766Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:52.654Z", 
                    "ID": "d2d62bbd-5db2-823c-28a1-a1acf21af7fc", 
                    "OccurredTime": "2019-05-15T12:41:46.766Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:54.125Z", 
                    "ID": "6042e4a2-4982-7016-bbd3-5506030d2dc4", 
                    "OccurredTime": "2019-05-15T12:41:46.766Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:42:06.010Z", 
                    "ID": "b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f", 
                    "OccurredTime": "2019-05-15T12:42:06.005Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:46.079Z", 
                    "ID": "720d9a9d-92cc-45b1-bbb3-604fb053282b", 
                    "OccurredTime": "2019-05-15T12:40:46.071Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:46.080Z", 
                    "ID": "79549d86-40df-0032-e3cf-cf6d1cd86ecf", 
                    "OccurredTime": "2019-05-15T12:40:46.071Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:46.081Z", 
                    "ID": "220a996a-a64c-a7ea-14b6-3aca57681722", 
                    "OccurredTime": "2019-05-15T12:40:46.071Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:53.608Z", 
                    "ID": "bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795", 
                    "OccurredTime": "2019-05-15T12:40:53.604Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:55.945Z", 
                    "ID": "a21fd0a8-b2ae-fbae-ef22-f23d30a30099", 
                    "OccurredTime": "2019-05-15T12:40:55.936Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:03.409Z", 
                    "ID": "249827bf-e31d-79d7-8725-cee8ffc7037f", 
                    "OccurredTime": "2019-05-15T12:41:03.405Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:03.413Z", 
                    "ID": "ed0c4580-69a6-d462-2205-d06fc436ecde", 
                    "OccurredTime": "2019-05-15T12:41:03.405Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:13.246Z", 
                    "ID": "7a3ceb92-9ea7-2387-39b8-deddfd1000ec", 
                    "OccurredTime": "2019-05-15T12:41:13.242Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:18.013Z", 
                    "ID": "42b0c4dc-c260-0cfd-6b44-e99716f8a736", 
                    "OccurredTime": "2019-05-15T12:41:18.007Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:18.016Z", 
                    "ID": "69be0a19-9b9b-f226-02fd-cb694bb24197", 
                    "OccurredTime": "2019-05-15T12:41:18.007Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:26.070Z", 
                    "ID": "47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a", 
                    "OccurredTime": "2019-05-15T12:41:22.874Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:31.848Z", 
                    "ID": "be9f159f-1225-3461-d863-c55d46517b81", 
                    "OccurredTime": "2019-05-15T12:41:31.837Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:34.821Z", 
                    "ID": "8a6639c8-db0e-3077-aa0d-764c83726590", 
                    "OccurredTime": "2019-05-15T12:41:34.816Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:56.364Z", 
                    "ID": "f65faf00-d0d8-6059-7784-20407a8a1231", 
                    "OccurredTime": "2019-05-15T12:41:56.359Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:42:06.013Z", 
                    "ID": "21684ce5-55dd-8017-71b5-46369ae14e17", 
                    "OccurredTime": "2019-05-15T12:42:06.005Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:42:10.744Z", 
                    "ID": "b56d2afd-a5e3-aab8-5509-0a9dcabdedb0", 
                    "OccurredTime": "2019-05-15T12:42:10.743Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:51.046Z", 
                    "ID": "2ce1d100-de85-1ef0-0673-8bfae574c1ce", 
                    "OccurredTime": "2019-05-15T12:40:51.041Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:40:51.044Z", 
                    "ID": "09550d30-e275-6bfe-fdf3-1d01b43ba6ef", 
                    "OccurredTime": "2019-05-15T12:40:51.041Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:03.410Z", 
                    "ID": "15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40", 
                    "OccurredTime": "2019-05-15T12:41:03.405Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:08.100Z", 
                    "ID": "d9736b73-d8ad-6c39-1df5-49a2f3784337", 
                    "OccurredTime": "2019-05-15T12:41:08.098Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:18.012Z", 
                    "ID": "93e98ec6-d6b6-cca9-255e-2944ce5fad4c", 
                    "OccurredTime": "2019-05-15T12:41:18.007Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:31.843Z", 
                    "ID": "6b526907-c9d6-eabe-f2d5-9eb783b28715", 
                    "OccurredTime": "2019-05-15T12:41:31.837Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:50.287Z", 
                    "ID": "b5312239-5c45-d036-66fc-1c1fbb3d7260", 
                    "OccurredTime": "2019-05-15T12:41:49.216Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:51.693Z", 
                    "ID": "1cfb337f-9725-7c44-34dc-4f18172c3f6c", 
                    "OccurredTime": "2019-05-15T12:41:51.690Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:54.807Z", 
                    "ID": "c2ef5423-76b1-a0a0-0a0b-b4443507d4a5", 
                    "OccurredTime": "2019-05-15T12:41:46.766Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:41:54.808Z", 
                    "ID": "463049df-c917-821a-9d43-d1d813394eac", 
                    "OccurredTime": "2019-05-15T12:41:51.690Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:42:06.010Z", 
                    "ID": "94d8203b-6db5-702c-3e7f-d2601f888ea3", 
                    "OccurredTime": "2019-05-15T12:42:06.005Z"
                }, 
                {
                    "ReceivedTime": "2019-05-15T12:42:06.011Z", 
                    "ID": "8868f432-89b1-2740-3007-7dadc57700e4", 
                    "OccurredTime": "2019-05-15T12:42:06.005Z"
                }
            ], 
            "RuleIntent": "Delivery & Attack"
        }
    ]
}
Human Readable Output

Alarm 3194f0f5-0350-7a09-87b2-8fb20b963ed8

ID Priority OccurredTime ReceivedTime RuleAttackID RuleAttackTactic RuleAttackTechnique RuleDictionary RuleID RuleIntent RuleMethod RuleStrategy Source Destination Event
3194f0f5-0350-7a09-87b2-8fb20b963ed8 medium 2019-05-15T12:42:10.743Z 2019-05-15T12:42:20.815Z T1110 Credential Access Brute Force SuricataBruteforceRules-Dict RDP Delivery & Attack Microsoft Remote Desktop Brute Force Authentication IPAddress: 85.93.20.34
Organization: GHOSTnet GmbH
Country: PL
IPAddress: 192.168.1.8 {‘ID’: ‘b36a0259-6203-ecfc-5023-aa198c1e4329’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.076Z’},
{‘ID’: ‘eab1d04d-4251-44a4-6cf8-0b1ad7f23c36’, ‘OccurredTime’: ‘2019-05-15T12:40:48.740Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:48.745Z’},
{‘ID’: ‘1a0f4f1a-c855-2808-f758-127e5578bda9’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.048Z’},
{‘ID’: ‘4c6d5d9d-a5f8-2d24-0176-060f4139e5a0’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.049Z’},
{‘ID’: ‘a14ef1a1-2617-3b85-02dc-8c5531b96e5f’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.940Z’},
{‘ID’: ‘36233284-0aea-14cf-a90f-91f8c3952056’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.943Z’},
{‘ID’: ‘551c58fd-0f22-e3a8-5478-056444759f5d’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.947Z’},
{‘ID’: ‘9c019302-7f60-3c33-f725-dd12c9bdb97a’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.414Z’},
{‘ID’: ‘7f7011b9-b57e-c46e-3e95-5e86e51832e0’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.809Z’},
{‘ID’: ‘6dddab25-f3e2-c293-afd4-84081e5a41ff’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.814Z’},
{‘ID’: ‘211627df-ec2e-52c4-ff76-dc103951d340’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.815Z’},
{‘ID’: ‘52bf99f5-1f79-e04e-9fad-1b423a644e89’, ‘OccurredTime’: ‘2019-05-15T12:41:10.803Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:10.815Z’},
{‘ID’: ‘6553b62f-d1db-2318-7e9d-4ae5f0de5d41’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.014Z’},
{‘ID’: ‘1e635a85-d8a5-66cc-abf4-9067db82955a’, ‘OccurredTime’: ‘2019-05-15T12:41:20.525Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:24.554Z’},
{‘ID’: ‘124314f7-bcb2-c706-ada3-50a57ef2d8b3’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.840Z’},
{‘ID’: ‘35cafad8-2e36-9bef-45ce-d37f919bb3ac’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.845Z’},
{‘ID’: ‘ea2b003a-44b7-4b17-9438-993a0a5fe7c5’, ‘OccurredTime’: ‘2019-05-15T12:41:37.221Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:37.224Z’},
{‘ID’: ‘318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402’, ‘OccurredTime’: ‘2019-05-15T12:41:41.942Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:41.945Z’},
{‘ID’: ‘22a04ec4-cbbd-49c2-dcee-4329e97dbcd3’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:50.283Z’},
{‘ID’: ‘d2d62bbd-5db2-823c-28a1-a1acf21af7fc’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:52.654Z’},
{‘ID’: ‘6042e4a2-4982-7016-bbd3-5506030d2dc4’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:54.125Z’},
{‘ID’: ‘b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.010Z’},
{‘ID’: ‘720d9a9d-92cc-45b1-bbb3-604fb053282b’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.079Z’},
{‘ID’: ‘79549d86-40df-0032-e3cf-cf6d1cd86ecf’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.080Z’},
{‘ID’: ‘220a996a-a64c-a7ea-14b6-3aca57681722’, ‘OccurredTime’: ‘2019-05-15T12:40:46.071Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:46.081Z’},
{‘ID’: ‘bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795’, ‘OccurredTime’: ‘2019-05-15T12:40:53.604Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:53.608Z’},
{‘ID’: ‘a21fd0a8-b2ae-fbae-ef22-f23d30a30099’, ‘OccurredTime’: ‘2019-05-15T12:40:55.936Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:55.945Z’},
{‘ID’: ‘249827bf-e31d-79d7-8725-cee8ffc7037f’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.409Z’},
{‘ID’: ‘ed0c4580-69a6-d462-2205-d06fc436ecde’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.413Z’},
{‘ID’: ‘7a3ceb92-9ea7-2387-39b8-deddfd1000ec’, ‘OccurredTime’: ‘2019-05-15T12:41:13.242Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:13.246Z’},
{‘ID’: ‘42b0c4dc-c260-0cfd-6b44-e99716f8a736’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.013Z’},
{‘ID’: ‘69be0a19-9b9b-f226-02fd-cb694bb24197’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.016Z’},
{‘ID’: ‘47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a’, ‘OccurredTime’: ‘2019-05-15T12:41:22.874Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:26.070Z’},
{‘ID’: ‘be9f159f-1225-3461-d863-c55d46517b81’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.848Z’},
{‘ID’: ‘8a6639c8-db0e-3077-aa0d-764c83726590’, ‘OccurredTime’: ‘2019-05-15T12:41:34.816Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:34.821Z’},
{‘ID’: ‘f65faf00-d0d8-6059-7784-20407a8a1231’, ‘OccurredTime’: ‘2019-05-15T12:41:56.359Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:56.364Z’},
{‘ID’: ‘21684ce5-55dd-8017-71b5-46369ae14e17’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.013Z’},
{‘ID’: ‘b56d2afd-a5e3-aab8-5509-0a9dcabdedb0’, ‘OccurredTime’: ‘2019-05-15T12:42:10.743Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:10.744Z’},
{‘ID’: ‘2ce1d100-de85-1ef0-0673-8bfae574c1ce’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.046Z’},
{‘ID’: ‘09550d30-e275-6bfe-fdf3-1d01b43ba6ef’, ‘OccurredTime’: ‘2019-05-15T12:40:51.041Z’, ‘ReceivedTime’: ‘2019-05-15T12:40:51.044Z’},
{‘ID’: ‘15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40’, ‘OccurredTime’: ‘2019-05-15T12:41:03.405Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:03.410Z’},
{‘ID’: ‘d9736b73-d8ad-6c39-1df5-49a2f3784337’, ‘OccurredTime’: ‘2019-05-15T12:41:08.098Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:08.100Z’},
{‘ID’: ‘93e98ec6-d6b6-cca9-255e-2944ce5fad4c’, ‘OccurredTime’: ‘2019-05-15T12:41:18.007Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:18.012Z’},
{‘ID’: ‘6b526907-c9d6-eabe-f2d5-9eb783b28715’, ‘OccurredTime’: ‘2019-05-15T12:41:31.837Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:31.843Z’},
{‘ID’: ‘b5312239-5c45-d036-66fc-1c1fbb3d7260’, ‘OccurredTime’: ‘2019-05-15T12:41:49.216Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:50.287Z’},
{‘ID’: ‘1cfb337f-9725-7c44-34dc-4f18172c3f6c’, ‘OccurredTime’: ‘2019-05-15T12:41:51.690Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:51.693Z’},
{‘ID’: ‘c2ef5423-76b1-a0a0-0a0b-b4443507d4a5’, ‘OccurredTime’: ‘2019-05-15T12:41:46.766Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:54.807Z’},
{‘ID’: ‘463049df-c917-821a-9d43-d1d813394eac’, ‘OccurredTime’: ‘2019-05-15T12:41:51.690Z’, ‘ReceivedTime’: ‘2019-05-15T12:41:54.808Z’},
{‘ID’: ‘94d8203b-6db5-702c-3e7f-d2601f888ea3’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.010Z’},
{‘ID’: ‘8868f432-89b1-2740-3007-7dadc57700e4’, ‘OccurredTime’: ‘2019-05-15T12:42:06.005Z’, ‘ReceivedTime’: ‘2019-05-15T12:42:06.011Z’}

3. Search for events


Search for events.

Base Command

alienvault-search-events

Input
Argument Name Description Required
limit Maximum number of alarms to return. Optional
account_name The account name. Optional
event_name Event name. Optional
source_name Source name. Optional
time_frame Filter by time frame, for example: Last 48 Hours. Optional
start_time If time_frame is Custom, specify the start time for the time range, for example: 2017-06-01T12:48:16Z. Optional
end_time If time_frame is Custom, specify the end time for the time range, for exmaple: 2017-06-01T12:48:16Z. Optional

Context Output
Path Type Description
AlienVault.Event.Category String Event category.
AlienVault.Event.Source.IPAddress String Source IP address.
AlienVault.Event.Source.Port Number Source port.
AlienVault.Event.Destination.IPAddress String Destination IP address.
AlienVault.Event.Destination.Port Number Destination port.
AlienVault.Event.Severity String Event severity.
AlienVault.Event.OccurredTime String Time the even occurred.
AlienVault.Event.ReceivedTime String Time the even was received.
AlienVault.Event.AccessControlOutcome String Access control outcome.
AlienVault.Event.Suppressed Bool Whether the even is suppressed.
AlienVault.Event.ID String Event ID.
AlienVault.Event.Name String Event name.
AlienVault.Event.Subcategory String Event subcategory.

Command Example
!alienvault-search-events limit="5" event_name="ET POLICY RDP connection confirm" time_frame="Today"
Context Example
{
    "AlienVault.Event": [
        {
            "Category": "Information", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY RDP connection confirm", 
            "OccurredTime": "2019-05-27T12:27:58.457Z", 
            "ReceivedTime": "2019-05-27T12:27:58.463Z", 
            "Destination": {
                "IPAddress": "77.247.110.59", 
                "Port": 30304
            }, 
            "Source": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "f4f4c3bf-9b49-f080-3b14-8f1b348a5cbd", 
            "Severity": "3"
        }, 
        {
            "Category": "Information", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY RDP connection confirm", 
            "OccurredTime": "2019-05-27T12:27:50.390Z", 
            "ReceivedTime": "2019-05-27T12:27:57.338Z", 
            "Destination": {
                "IPAddress": "185.254.120.27", 
                "Port": 29411
            }, 
            "Source": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "b71d0aa1-e234-6007-69d8-d880c1955336", 
            "Severity": "3"
        }, 
        {
            "Category": "Information", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY RDP connection confirm", 
            "OccurredTime": "2019-05-27T12:27:50.390Z", 
            "ReceivedTime": "2019-05-27T12:27:56.050Z", 
            "Destination": {
                "IPAddress": "185.254.120.27", 
                "Port": 29411
            }, 
            "Source": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "c380e2ee-acc7-a899-d8eb-22095fbd1a9b", 
            "Severity": "3"
        }, 
        {
            "Category": "Information", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY RDP connection confirm", 
            "OccurredTime": "2019-05-27T12:27:50.390Z", 
            "ReceivedTime": "2019-05-27T12:27:58.586Z", 
            "Destination": {
                "IPAddress": "185.254.120.27", 
                "Port": 29411
            }, 
            "Source": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "d8f5c4f7-3466-2342-6ee0-6beeff7587ae", 
            "Severity": "3"
        }, 
        {
            "Category": "Information", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY RDP connection confirm", 
            "OccurredTime": "2019-05-27T12:27:50.390Z", 
            "ReceivedTime": "2019-05-27T12:27:54.841Z", 
            "Destination": {
                "IPAddress": "185.254.120.27", 
                "Port": 29411
            }, 
            "Source": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "1f9d3d71-5ec2-b58f-e3a6-f575a525b3d5", 
            "Severity": "3"
        }
    ]
}
Human Readable Output

Events:

ID Name OccurredTime ReceivedTime Suppressed AccessControlOutcome Category Severity Subcategory Source Destination
f4f4c3bf-9b49-f080-3b14-8f1b348a5cbd ET POLICY RDP connection confirm 2019-05-27T12:27:58.457Z 2019-05-27T12:27:58.463Z false Allow Information 3 Remote access application IPAddress: 192.168.1.8
Port: 3389
IPAddress: 77.247.110.59
Port: 30304
b71d0aa1-e234-6007-69d8-d880c1955336 ET POLICY RDP connection confirm 2019-05-27T12:27:50.390Z 2019-05-27T12:27:57.338Z false Allow Information 3 Remote access application IPAddress: 192.168.1.8
Port: 3389
IPAddress: 185.254.120.27
Port: 29411
c380e2ee-acc7-a899-d8eb-22095fbd1a9b ET POLICY RDP connection confirm 2019-05-27T12:27:50.390Z 2019-05-27T12:27:56.050Z false Allow Information 3 Remote access application IPAddress: 192.168.1.8
Port: 3389
IPAddress: 185.254.120.27
Port: 29411
d8f5c4f7-3466-2342-6ee0-6beeff7587ae ET POLICY RDP connection confirm 2019-05-27T12:27:50.390Z 2019-05-27T12:27:58.586Z false Allow Information 3 Remote access application IPAddress: 192.168.1.8
Port: 3389
IPAddress: 185.254.120.27
Port: 29411
1f9d3d71-5ec2-b58f-e3a6-f575a525b3d5 ET POLICY RDP connection confirm 2019-05-27T12:27:50.390Z 2019-05-27T12:27:54.841Z false Allow Information 3 Remote access application IPAddress: 192.168.1.8
Port: 3389
IPAddress: 185.254.120.27
Port: 29411

4. Get alarm events


Retrieves events associated with an alarm.

Base Command

alienvault-get-events-by-alarm

Input
Argument Name Description Required
alarm_id Alarm ID to get events for. Can be obtained by running the alienvault-search-alarms command. Required

Context Output
Path Type Description
AlienVault.Event.Category String Event category.
AlienVault.Event.Source.IPAddress String Source IP address.
AlienVault.Event.Source.Port Number Source port.
AlienVault.Event.Destination.IPAddress String Destination IP address.
AlienVault.Event.Destination.Port Number Destination port.
AlienVault.Event.Severity String Event severity.
AlienVault.Event.OccurredTime String Time the event occurred.
AlienVault.Event.ReceivedTime String Time the event was received.
AlienVault.Event.AccessControlOutcome String Access control outcome.
AlienVault.Event.Suppressed Bool Whether the event is suppressed.
AlienVault.Event.ID String Event ID.
AlienVault.Event.Name String Event name.
AlienVault.Event.Subcategory String Event subcategory.

Command Example
!alienvault-get-events-by-alarm alarm_id=3194f0f5-0350-7a09-87b2-8fb20b963ed8
Context Example
{
    "AlienVault.Event": [
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:46.071Z", 
            "ReceivedTime": "2019-05-15T12:40:46.076Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 50243
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "b36a0259-6203-ecfc-5023-aa198c1e4329", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:48.740Z", 
            "ReceivedTime": "2019-05-15T12:40:48.745Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 50243
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "eab1d04d-4251-44a4-6cf8-0b1ad7f23c36", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:51.041Z", 
            "ReceivedTime": "2019-05-15T12:40:51.048Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 53013
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "1a0f4f1a-c855-2808-f758-127e5578bda9", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:51.041Z", 
            "ReceivedTime": "2019-05-15T12:40:51.049Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 53013
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "4c6d5d9d-a5f8-2d24-0176-060f4139e5a0", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:55.936Z", 
            "ReceivedTime": "2019-05-15T12:40:55.940Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 54739
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "a14ef1a1-2617-3b85-02dc-8c5531b96e5f", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:55.936Z", 
            "ReceivedTime": "2019-05-15T12:40:55.943Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 54739
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "36233284-0aea-14cf-a90f-91f8c3952056", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:55.936Z", 
            "ReceivedTime": "2019-05-15T12:40:55.947Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 54739
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "551c58fd-0f22-e3a8-5478-056444759f5d", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:03.405Z", 
            "ReceivedTime": "2019-05-15T12:41:03.414Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 58090
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "9c019302-7f60-3c33-f725-dd12c9bdb97a", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:10.803Z", 
            "ReceivedTime": "2019-05-15T12:41:10.809Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 1969
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "7f7011b9-b57e-c46e-3e95-5e86e51832e0", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:10.803Z", 
            "ReceivedTime": "2019-05-15T12:41:10.814Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 1969
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "6dddab25-f3e2-c293-afd4-84081e5a41ff", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:10.803Z", 
            "ReceivedTime": "2019-05-15T12:41:10.815Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 1969
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "211627df-ec2e-52c4-ff76-dc103951d340", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:10.803Z", 
            "ReceivedTime": "2019-05-15T12:41:10.815Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 1969
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "52bf99f5-1f79-e04e-9fad-1b423a644e89", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:18.007Z", 
            "ReceivedTime": "2019-05-15T12:41:18.014Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 5213
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "6553b62f-d1db-2318-7e9d-4ae5f0de5d41", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:20.525Z", 
            "ReceivedTime": "2019-05-15T12:41:24.554Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 5213
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "1e635a85-d8a5-66cc-abf4-9067db82955a", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:31.837Z", 
            "ReceivedTime": "2019-05-15T12:41:31.840Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 10772
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "124314f7-bcb2-c706-ada3-50a57ef2d8b3", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:31.837Z", 
            "ReceivedTime": "2019-05-15T12:41:31.845Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 10772
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "35cafad8-2e36-9bef-45ce-d37f919bb3ac", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:37.221Z", 
            "ReceivedTime": "2019-05-15T12:41:37.224Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 13554
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "ea2b003a-44b7-4b17-9438-993a0a5fe7c5", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:41.942Z", 
            "ReceivedTime": "2019-05-15T12:41:41.945Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 13554
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:46.766Z", 
            "ReceivedTime": "2019-05-15T12:41:50.283Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 17267
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "22a04ec4-cbbd-49c2-dcee-4329e97dbcd3", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:46.766Z", 
            "ReceivedTime": "2019-05-15T12:41:52.654Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 17267
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "d2d62bbd-5db2-823c-28a1-a1acf21af7fc", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:46.766Z", 
            "ReceivedTime": "2019-05-15T12:41:54.125Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 17267
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "6042e4a2-4982-7016-bbd3-5506030d2dc4", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:42:06.005Z", 
            "ReceivedTime": "2019-05-15T12:42:06.010Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 25757
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:46.071Z", 
            "ReceivedTime": "2019-05-15T12:40:46.079Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 50243
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "720d9a9d-92cc-45b1-bbb3-604fb053282b", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:46.071Z", 
            "ReceivedTime": "2019-05-15T12:40:46.080Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 50243
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "79549d86-40df-0032-e3cf-cf6d1cd86ecf", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:46.071Z", 
            "ReceivedTime": "2019-05-15T12:40:46.081Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 50243
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "220a996a-a64c-a7ea-14b6-3aca57681722", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:53.604Z", 
            "ReceivedTime": "2019-05-15T12:40:53.608Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 53013
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:55.936Z", 
            "ReceivedTime": "2019-05-15T12:40:55.945Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 54739
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "a21fd0a8-b2ae-fbae-ef22-f23d30a30099", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:03.405Z", 
            "ReceivedTime": "2019-05-15T12:41:03.409Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 58090
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "249827bf-e31d-79d7-8725-cee8ffc7037f", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:03.405Z", 
            "ReceivedTime": "2019-05-15T12:41:03.413Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 58090
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "ed0c4580-69a6-d462-2205-d06fc436ecde", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:13.242Z", 
            "ReceivedTime": "2019-05-15T12:41:13.246Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 1969
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "7a3ceb92-9ea7-2387-39b8-deddfd1000ec", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:18.007Z", 
            "ReceivedTime": "2019-05-15T12:41:18.013Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 5213
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "42b0c4dc-c260-0cfd-6b44-e99716f8a736", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:18.007Z", 
            "ReceivedTime": "2019-05-15T12:41:18.016Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 5213
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "69be0a19-9b9b-f226-02fd-cb694bb24197", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:22.874Z", 
            "ReceivedTime": "2019-05-15T12:41:26.070Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 7372
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:31.837Z", 
            "ReceivedTime": "2019-05-15T12:41:31.848Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 10772
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "be9f159f-1225-3461-d863-c55d46517b81", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:34.816Z", 
            "ReceivedTime": "2019-05-15T12:41:34.821Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 10772
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "8a6639c8-db0e-3077-aa0d-764c83726590", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:56.359Z", 
            "ReceivedTime": "2019-05-15T12:41:56.364Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 19868
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "f65faf00-d0d8-6059-7784-20407a8a1231", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:42:06.005Z", 
            "ReceivedTime": "2019-05-15T12:42:06.013Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 25757
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "21684ce5-55dd-8017-71b5-46369ae14e17", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:42:10.743Z", 
            "ReceivedTime": "2019-05-15T12:42:10.744Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 25757
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "b56d2afd-a5e3-aab8-5509-0a9dcabdedb0", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:51.041Z", 
            "ReceivedTime": "2019-05-15T12:40:51.046Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 53013
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "2ce1d100-de85-1ef0-0673-8bfae574c1ce", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:40:51.041Z", 
            "ReceivedTime": "2019-05-15T12:40:51.044Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 53013
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "09550d30-e275-6bfe-fdf3-1d01b43ba6ef", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:03.405Z", 
            "ReceivedTime": "2019-05-15T12:41:03.410Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 58090
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:08.098Z", 
            "ReceivedTime": "2019-05-15T12:41:08.100Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 58090
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "d9736b73-d8ad-6c39-1df5-49a2f3784337", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:18.007Z", 
            "ReceivedTime": "2019-05-15T12:41:18.012Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 5213
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "93e98ec6-d6b6-cca9-255e-2944ce5fad4c", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:31.837Z", 
            "ReceivedTime": "2019-05-15T12:41:31.843Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 10772
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "6b526907-c9d6-eabe-f2d5-9eb783b28715", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:49.216Z", 
            "ReceivedTime": "2019-05-15T12:41:50.287Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 17267
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "b5312239-5c45-d036-66fc-1c1fbb3d7260", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:51.690Z", 
            "ReceivedTime": "2019-05-15T12:41:51.693Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 19868
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "1cfb337f-9725-7c44-34dc-4f18172c3f6c", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:46.766Z", 
            "ReceivedTime": "2019-05-15T12:41:54.807Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 17267
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "c2ef5423-76b1-a0a0-0a0b-b4443507d4a5", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:41:51.690Z", 
            "ReceivedTime": "2019-05-15T12:41:54.808Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 19868
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "463049df-c917-821a-9d43-d1d813394eac", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:42:06.005Z", 
            "ReceivedTime": "2019-05-15T12:42:06.010Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 25757
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "94d8203b-6db5-702c-3e7f-d2601f888ea3", 
            "Severity": "3"
        }, 
        {
            "Category": "Policy Violation", 
            "Subcategory": "Remote access application", 
            "Name": "ET POLICY MS Remote Desktop Administrator Login Request", 
            "OccurredTime": "2019-05-15T12:42:06.005Z", 
            "ReceivedTime": "2019-05-15T12:42:06.011Z", 
            "Destination": {
                "IPAddress": "192.168.1.8", 
                "Port": 3389
            }, 
            "Source": {
                "IPAddress": "85.93.20.34", 
                "Port": 25757
            }, 
            "AccessControlOutcome": "Allow", 
            "Suppressed": false, 
            "ID": "8868f432-89b1-2740-3007-7dadc57700e4", 
            "Severity": "3"
        }
    ]
}
Human Readable Output

Events of Alarm 3194f0f5-0350-7a09-87b2-8fb20b963ed8:

ID Name OccurredTime ReceivedTime Suppressed AccessControlOutcome Category Severity Subcategory Source Destination
b36a0259-6203-ecfc-5023-aa198c1e4329 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:46.071Z 2019-05-15T12:40:46.076Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 50243
IPAddress: 192.168.1.8
Port: 3389
eab1d04d-4251-44a4-6cf8-0b1ad7f23c36 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:48.740Z 2019-05-15T12:40:48.745Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 50243
IPAddress: 192.168.1.8
Port: 3389
1a0f4f1a-c855-2808-f758-127e5578bda9 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:51.041Z 2019-05-15T12:40:51.048Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 53013
IPAddress: 192.168.1.8
Port: 3389
4c6d5d9d-a5f8-2d24-0176-060f4139e5a0 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:51.041Z 2019-05-15T12:40:51.049Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 53013
IPAddress: 192.168.1.8
Port: 3389
a14ef1a1-2617-3b85-02dc-8c5531b96e5f ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:55.936Z 2019-05-15T12:40:55.940Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 54739
IPAddress: 192.168.1.8
Port: 3389
36233284-0aea-14cf-a90f-91f8c3952056 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:55.936Z 2019-05-15T12:40:55.943Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 54739
IPAddress: 192.168.1.8
Port: 3389
551c58fd-0f22-e3a8-5478-056444759f5d ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:55.936Z 2019-05-15T12:40:55.947Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 54739
IPAddress: 192.168.1.8
Port: 3389
9c019302-7f60-3c33-f725-dd12c9bdb97a ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:03.405Z 2019-05-15T12:41:03.414Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 58090
IPAddress: 192.168.1.8
Port: 3389
7f7011b9-b57e-c46e-3e95-5e86e51832e0 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:10.803Z 2019-05-15T12:41:10.809Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 1969
IPAddress: 192.168.1.8
Port: 3389
6dddab25-f3e2-c293-afd4-84081e5a41ff ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:10.803Z 2019-05-15T12:41:10.814Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 1969
IPAddress: 192.168.1.8
Port: 3389
211627df-ec2e-52c4-ff76-dc103951d340 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:10.803Z 2019-05-15T12:41:10.815Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 1969
IPAddress: 192.168.1.8
Port: 3389
52bf99f5-1f79-e04e-9fad-1b423a644e89 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:10.803Z 2019-05-15T12:41:10.815Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 1969
IPAddress: 192.168.1.8
Port: 3389
6553b62f-d1db-2318-7e9d-4ae5f0de5d41 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:18.007Z 2019-05-15T12:41:18.014Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 5213
IPAddress: 192.168.1.8
Port: 3389
1e635a85-d8a5-66cc-abf4-9067db82955a ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:20.525Z 2019-05-15T12:41:24.554Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 5213
IPAddress: 192.168.1.8
Port: 3389
124314f7-bcb2-c706-ada3-50a57ef2d8b3 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:31.837Z 2019-05-15T12:41:31.840Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 10772
IPAddress: 192.168.1.8
Port: 3389
35cafad8-2e36-9bef-45ce-d37f919bb3ac ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:31.837Z 2019-05-15T12:41:31.845Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 10772
IPAddress: 192.168.1.8
Port: 3389
ea2b003a-44b7-4b17-9438-993a0a5fe7c5 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:37.221Z 2019-05-15T12:41:37.224Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 13554
IPAddress: 192.168.1.8
Port: 3389
318ffee9-dfd5-4ef9-ded0-b8fbf7fd0402 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:41.942Z 2019-05-15T12:41:41.945Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 13554
IPAddress: 192.168.1.8
Port: 3389
22a04ec4-cbbd-49c2-dcee-4329e97dbcd3 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:46.766Z 2019-05-15T12:41:50.283Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 17267
IPAddress: 192.168.1.8
Port: 3389
d2d62bbd-5db2-823c-28a1-a1acf21af7fc ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:46.766Z 2019-05-15T12:41:52.654Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 17267
IPAddress: 192.168.1.8
Port: 3389
6042e4a2-4982-7016-bbd3-5506030d2dc4 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:46.766Z 2019-05-15T12:41:54.125Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 17267
IPAddress: 192.168.1.8
Port: 3389
b3beeb7e-9ee2-f417-3cc8-228bd5e9a18f ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:42:06.005Z 2019-05-15T12:42:06.010Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 25757
IPAddress: 192.168.1.8
Port: 3389
720d9a9d-92cc-45b1-bbb3-604fb053282b ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:46.071Z 2019-05-15T12:40:46.079Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 50243
IPAddress: 192.168.1.8
Port: 3389
79549d86-40df-0032-e3cf-cf6d1cd86ecf ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:46.071Z 2019-05-15T12:40:46.080Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 50243
IPAddress: 192.168.1.8
Port: 3389
220a996a-a64c-a7ea-14b6-3aca57681722 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:46.071Z 2019-05-15T12:40:46.081Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 50243
IPAddress: 192.168.1.8
Port: 3389
bb2107e0-ff7e-f3ee-d7ec-f7bb32a6f795 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:53.604Z 2019-05-15T12:40:53.608Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 53013
IPAddress: 192.168.1.8
Port: 3389
a21fd0a8-b2ae-fbae-ef22-f23d30a30099 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:55.936Z 2019-05-15T12:40:55.945Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 54739
IPAddress: 192.168.1.8
Port: 3389
249827bf-e31d-79d7-8725-cee8ffc7037f ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:03.405Z 2019-05-15T12:41:03.409Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 58090
IPAddress: 192.168.1.8
Port: 3389
ed0c4580-69a6-d462-2205-d06fc436ecde ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:03.405Z 2019-05-15T12:41:03.413Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 58090
IPAddress: 192.168.1.8
Port: 3389
7a3ceb92-9ea7-2387-39b8-deddfd1000ec ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:13.242Z 2019-05-15T12:41:13.246Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 1969
IPAddress: 192.168.1.8
Port: 3389
42b0c4dc-c260-0cfd-6b44-e99716f8a736 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:18.007Z 2019-05-15T12:41:18.013Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 5213
IPAddress: 192.168.1.8
Port: 3389
69be0a19-9b9b-f226-02fd-cb694bb24197 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:18.007Z 2019-05-15T12:41:18.016Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 5213
IPAddress: 192.168.1.8
Port: 3389
47bdc7ee-9679-714c-a5b2-b9bbbb68cc4a ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:22.874Z 2019-05-15T12:41:26.070Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 7372
IPAddress: 192.168.1.8
Port: 3389
be9f159f-1225-3461-d863-c55d46517b81 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:31.837Z 2019-05-15T12:41:31.848Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 10772
IPAddress: 192.168.1.8
Port: 3389
8a6639c8-db0e-3077-aa0d-764c83726590 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:34.816Z 2019-05-15T12:41:34.821Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 10772
IPAddress: 192.168.1.8
Port: 3389
f65faf00-d0d8-6059-7784-20407a8a1231 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:56.359Z 2019-05-15T12:41:56.364Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 19868
IPAddress: 192.168.1.8
Port: 3389
21684ce5-55dd-8017-71b5-46369ae14e17 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:42:06.005Z 2019-05-15T12:42:06.013Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 25757
IPAddress: 192.168.1.8
Port: 3389
b56d2afd-a5e3-aab8-5509-0a9dcabdedb0 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:42:10.743Z 2019-05-15T12:42:10.744Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 25757
IPAddress: 192.168.1.8
Port: 3389
2ce1d100-de85-1ef0-0673-8bfae574c1ce ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:51.041Z 2019-05-15T12:40:51.046Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 53013
IPAddress: 192.168.1.8
Port: 3389
09550d30-e275-6bfe-fdf3-1d01b43ba6ef ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:40:51.041Z 2019-05-15T12:40:51.044Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 53013
IPAddress: 192.168.1.8
Port: 3389
15c4ff5e-a9f8-1a3c-2285-5100ecbfdd40 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:03.405Z 2019-05-15T12:41:03.410Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 58090
IPAddress: 192.168.1.8
Port: 3389
d9736b73-d8ad-6c39-1df5-49a2f3784337 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:08.098Z 2019-05-15T12:41:08.100Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 58090
IPAddress: 192.168.1.8
Port: 3389
93e98ec6-d6b6-cca9-255e-2944ce5fad4c ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:18.007Z 2019-05-15T12:41:18.012Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 5213
IPAddress: 192.168.1.8
Port: 3389
6b526907-c9d6-eabe-f2d5-9eb783b28715 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:31.837Z 2019-05-15T12:41:31.843Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 10772
IPAddress: 192.168.1.8
Port: 3389
b5312239-5c45-d036-66fc-1c1fbb3d7260 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:49.216Z 2019-05-15T12:41:50.287Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 17267
IPAddress: 192.168.1.8
Port: 3389
1cfb337f-9725-7c44-34dc-4f18172c3f6c ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:51.690Z 2019-05-15T12:41:51.693Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 19868
IPAddress: 192.168.1.8
Port: 3389
c2ef5423-76b1-a0a0-0a0b-b4443507d4a5 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:46.766Z 2019-05-15T12:41:54.807Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 17267
IPAddress: 192.168.1.8
Port: 3389
463049df-c917-821a-9d43-d1d813394eac ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:41:51.690Z 2019-05-15T12:41:54.808Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 19868
IPAddress: 192.168.1.8
Port: 3389
94d8203b-6db5-702c-3e7f-d2601f888ea3 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:42:06.005Z 2019-05-15T12:42:06.010Z false Allow Policy Violation 3 Remote access application IPAddress: 85.93.20.34
Port: 25757
IPAddress: 192.168.1.8
Port: 3389
8868f432-89b1-2740-3007-7dadc57700e4 ET POLICY MS Remote Desktop Administrator Login Request 2019-05-15T12:42:06.005Z 2019-05-15T12:42:06.011Z false Allow