Severity Date Rule Name EventID Type
High Aug. 29, 2020, 10:50 p.m. SOC102 - Proxy - Suspicious URL Detected 5 Proxy
EventID:
5
Event Time:
Aug. 29, 2020, 10:50 p.m.
Rule:
SOC102 - Proxy - Suspicious URL Detected
Source Address:
172.148.17.14
Source Hostname:
MikeComputer
Destination Address:
198.100.45.154
Destination Hostname:
None
Device Action:
Allowed
Username:
Mike01
Request URL:
http://qstride.com/img/0/
User Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Medium Aug. 29, 2020, 10:56 p.m. SOC102 - Proxy - Suspicious URL Detected 6 Proxy
EventID:
6
Event Time:
Aug. 29, 2020, 10:56 p.m.
Rule:
SOC102 - Proxy - Suspicious URL Detected
Source Address:
172.148.17.5
Source Hostname:
SusieHost
Destination Address:
193.161.193.99
Destination Hostname:
None
Device Action:
Blocked
Username:
Susie2020
Request URL:
http://193.161.193.99
User Agent:
Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Low Aug. 29, 2020, 11:15 p.m. SOC101 - Phishing Mail Detected 9 Exchange
EventID:
9
Event Time:
Aug. 29, 2020, 11:15 p.m.
Rule:
SOC101 - Phishing Mail Detected
SMTP:
217.169.196.240
Device Action:
Blocked
Source Address:
Destination Address:
Subject:
UPDATE YOUR MICROSOFT ACCOUNT
View E-mail:
Low Aug. 30, 2020, 11:22 a.m. SOC103 - Malicious APK Detected 10 Mobile
EventID:
10
Event Time:
Aug. 30, 2020, 11:22 a.m.
Rule:
SOC103 - Malicious APK Detected
Source Address:
10.15.15.11
Source Hostname:
JessiePhone
Username:
Jessie
Package Name:
com.processor.booster
Device Action:
Blocked
High Aug. 30, 2020, 1:27 p.m. SOC103 - Malicious APK Detected 11 Mobile
EventID:
11
Event Time:
Aug. 30, 2020, 1:27 p.m.
Rule:
SOC103 - Malicious APK Detected
Source Address:
10.15.15.12
Source Hostname:
MarksPhone
Username:
Mark
Package Name:
jyjzjizagt.peutjwjaepeopskddnlbelqichp.pmlqcejycwykxdrdflcbttxl
Device Action:
Allowed
Severity Date Rule Name EventID Type
Low Aug. 29, 2020, 11:05 p.m. SOC101 - Phishing Mail Detected 8 Exchange
EventID:
8
EndTime:
Aug. 29, 2020, 11:05 p.m.
Rule:
SOC101 - Phishing Mail Detected
SMTP:
63.35.133.186
Device Action:
Allowed
Source Address:
Destination Address:
Subject:
UPS Express
View E-mail:
Severity Date Rule Name EventID Type
4th and final tab content goes here.