Skip to content

Commit

Permalink
fix(TrendMicro): fix tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@squioc
squioc committed Jan 21, 2025
1 parent 3ee60a9 commit 19a5ab9
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
6 changes: 3 additions & 3 deletions Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_4.json
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"input": {
"message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"CUGR-politique_principale\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}"
"message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"MyPolicy\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}"
},
"expected": {
"message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"CUGR-politique_principale\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}",
"message": "{\"uuid\":\"05c522d1-e2d8-42da-a06d-1b2a0535b4cf\",\"filterRiskLevel\":\"medium\",\"request\":\"https://urlshorter.net/wjhHjf\",\"attachmentFileName\":[\"Mail Body\"],\"objectType\":\"url\",\"suid\":\"XXXX@test.com\",\"suser\":[\"XXXXXX@test.com\"],\"mailMsgSubject\":\"XXXXXXXXXXX.\",\"msgId\":\"XXXXX@test.com\",\"tags\":[\"THREAT.PHISHING\",\"MITRE.T1071\",\"MITRE.T1071.003\",\"MITRE.T1566.002\",\"XSAE.F1906\",\"XSAE.F3036\",\"XSAE.F4960\"],\"eventName\":\"WEB_THREAT_DETECTION\",\"eventSubName\":\"Web Security Violation\",\"eventId\":\"100101\",\"actResult\":[\"Successful\"],\"scanType\":\"exchange_mailbox_realtime_detection_logs\",\"productCode\":\"sca\",\"pname\":\"Cloud Email and Collaboration Protection\",\"act\":[\"Quarantine\"],\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"orgId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"groupId\":\"XXXXXX-xxxxx-XXXXXX-Xx\",\"urlCat\":[\"Phishing\"],\"policyName\":\"MyPolicy\",\"detectionType\":\"Web Reputation\",\"eventTime\":\"1733960830000\",\"logReceivedTime\":\"1733960918475\",\"scanTs\":\"2024-12-11T23:48:01.0000000Z\",\"mailMsgId\":\"048ffc9460a48e85a609802bf6dfb5bfe6cb37b1@test.com\",\"mailReceivedTime\":\"2024-12-11T23:47:10.0000000Z\",\"eventSourceType\":3,\"mailbox\":\"XXXX@test.com\",\"threatType\":\"104\",\"mailUniqueId\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0A7dXJVkGT2UayhNKtrEISCgACGlUj_gAA\",\"rt_utc\":\"2024-12-11T23:47:10.0000000Z\",\"rt\":\"2024-12-11T23:47:10.0000000Z\",\"filterName\":\"Web Reputation\",\"logKey\":\"c6ce5d74664fffb9011f9e8e2c99a7f1f1d03348b2f7c1f80edaae2eef23b665\",\"cloudAppName\":\"exchange\",\"mailFolder\":\"XXXX@test.com\",\"riskLevel\":\"RISK_DANGEROUS\"}",
"event": {
"action": "Quarantine",
"category": [
Expand Down Expand Up @@ -38,7 +38,7 @@
"id": "XXXXXX-xxxxx-XXXXXX-Xx"
},
"rule": {
"ruleset": "CUGR-politique_principale"
"ruleset": "MyPolicy"
},
"trendmicro": {
"visionone": {
Expand Down
6 changes: 3 additions & 3 deletions Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_6.json
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"input": {
"message": "{\"uuid\":\"5fbbe268-adf5-404b-af37-afe194d80cd0\",\"filterRiskLevel\":\"medium\",\"attachmentFileName\":[\"image001.png\",\"image003.jpg\",\"CE7B0279.jpg\",\"BD0C5626.jpg\",\"image002.jpg\"],\"suser\":[\"XXXXX@test.com\"],\"duser\":[\"XXXXt@test.com\",\"XXX@test.com\"],\"mailMsgSubject\":\"RE: Meubles DVD , ce serait le fournisseur DPC??\",\"msgId\":\"MRZP264MB2315CAD850058D02706E80D9853E2@MRZP264MB2315.FRAP264.PROD.OUTLOOK.COM\",\"tags\":[\"XSJG.MA-01-010.01\",\"mitre.t1566.002\",\"MITRE.T1566.002\",\"XSAE.F1938\"],\"ruleName\":\"MA-01-010\",\"eventName\":\"MESSAGE_SUSPICIOUS_DETECTION\",\"subRuleName\":\"forge_brand\",\"eventId\":\"100139\",\"scanType\":\"realtime_mailmeta-exchange\",\"productCode\":\"xms\",\"pname\":\"Email Sensor\",\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0APQjoWguLYUioEoMFJLcp2QABmzS7DwAA\",\"orgId\":\"123-123-123-123-123-123\",\"groupId\":\"123-123-123-123-123-123\",\"highlightedRequest\":[\"https://test.com/wp-includes/images/DPC.jpg\"],\"eventTime\":\"1733903461000\",\"logReceivedTime\":\"1733903483549\",\"attachmentFileSizes\":[\"-1\",\"-1\",\"-1\",\"-1\",\"-1\"],\"groupIdCorrValues\":[\"test.com/wp-includes/images/dpc.jpg\"],\"mailMsgDirection\":1,\"dataType\":1,\"eventSourceType\":2,\"mailbox\":\"XXXX@test.com\",\"rt_utc\":\"2024-12-11T07:51:23.4600000Z\",\"attachmentFileTlshes\":[\"\",\"\",\"\",\"\",\"\"],\"rt\":\"1733903461000\",\"description\":\"Found Forge Brand Pattern in URL\",\"ruleVer\":\"\",\"requests\":[\"http://www.test.com/\",\"http://cdn3.iconfinder.com/data/icons/free-social-icons/67/youtube_square_gray-24.png\",\"https://test.com/\",\"http://www.bm-test.com/\",\"http://www.test.com/\"],\"samUser\":\"Virginie.BBBB\",\"attachmentFileHashs\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachment\":[{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image001.png\",\"attachmentFileHash\":\"8acffca6144b332362ea706a9e30bb56538b359c\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image003.jpg\",\"attachmentFileHash\":\"c04c157f903f1beb0beb83138909b42633541218\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"CE7B0279.jpg\",\"attachmentFileHash\":\"e16cc3996443713902366cefc201fe47d6700b34\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"BD0C5626.jpg\",\"attachmentFileHash\":\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image002.jpg\",\"attachmentFileHash\":\"134c22a75f082d8db78acb2b0a72dcf910e44f52\",\"attachmentFileSize\":\"-1\"}],\"groupIdCorrKey\":\"URL\",\"attachmentFileHashes\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachmentFileTlshs\":[\"\",\"\",\"\",\"\",\"\"]}"
"message": "{\"uuid\":\"5fbbe268-adf5-404b-af37-afe194d80cd0\",\"filterRiskLevel\":\"medium\",\"attachmentFileName\":[\"image001.png\",\"image003.jpg\",\"CE7B0279.jpg\",\"BD0C5626.jpg\",\"image002.jpg\"],\"suser\":[\"XXXXX@test.com\"],\"duser\":[\"XXXXt@test.com\",\"XXX@test.com\"],\"mailMsgSubject\":\"MySubject\",\"msgId\":\"MRZP264MB2315CAD850058D02706E80D9853E2@MRZP264MB2315.FRAP264.PROD.OUTLOOK.COM\",\"tags\":[\"XSJG.MA-01-010.01\",\"mitre.t1566.002\",\"MITRE.T1566.002\",\"XSAE.F1938\"],\"ruleName\":\"MA-01-010\",\"eventName\":\"MESSAGE_SUSPICIOUS_DETECTION\",\"subRuleName\":\"forge_brand\",\"eventId\":\"100139\",\"scanType\":\"realtime_mailmeta-exchange\",\"productCode\":\"xms\",\"pname\":\"Email Sensor\",\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0APQjoWguLYUioEoMFJLcp2QABmzS7DwAA\",\"orgId\":\"123-123-123-123-123-123\",\"groupId\":\"123-123-123-123-123-123\",\"highlightedRequest\":[\"https://test.com/wp-includes/images/DPC.jpg\"],\"eventTime\":\"1733903461000\",\"logReceivedTime\":\"1733903483549\",\"attachmentFileSizes\":[\"-1\",\"-1\",\"-1\",\"-1\",\"-1\"],\"groupIdCorrValues\":[\"test.com/wp-includes/images/dpc.jpg\"],\"mailMsgDirection\":1,\"dataType\":1,\"eventSourceType\":2,\"mailbox\":\"XXXX@test.com\",\"rt_utc\":\"2024-12-11T07:51:23.4600000Z\",\"attachmentFileTlshes\":[\"\",\"\",\"\",\"\",\"\"],\"rt\":\"1733903461000\",\"description\":\"Found Forge Brand Pattern in URL\",\"ruleVer\":\"\",\"requests\":[\"http://www.test.com/\",\"http://cdn3.iconfinder.com/data/icons/free-social-icons/67/youtube_square_gray-24.png\",\"https://test.com/\",\"http://www.bm-test.com/\",\"http://www.test.com/\"],\"samUser\":\"Virginie.BBBB\",\"attachmentFileHashs\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachment\":[{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image001.png\",\"attachmentFileHash\":\"8acffca6144b332362ea706a9e30bb56538b359c\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image003.jpg\",\"attachmentFileHash\":\"c04c157f903f1beb0beb83138909b42633541218\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"CE7B0279.jpg\",\"attachmentFileHash\":\"e16cc3996443713902366cefc201fe47d6700b34\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"BD0C5626.jpg\",\"attachmentFileHash\":\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image002.jpg\",\"attachmentFileHash\":\"134c22a75f082d8db78acb2b0a72dcf910e44f52\",\"attachmentFileSize\":\"-1\"}],\"groupIdCorrKey\":\"URL\",\"attachmentFileHashes\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachmentFileTlshs\":[\"\",\"\",\"\",\"\",\"\"]}"
},
"expected": {
"message": "{\"uuid\":\"5fbbe268-adf5-404b-af37-afe194d80cd0\",\"filterRiskLevel\":\"medium\",\"attachmentFileName\":[\"image001.png\",\"image003.jpg\",\"CE7B0279.jpg\",\"BD0C5626.jpg\",\"image002.jpg\"],\"suser\":[\"XXXXX@test.com\"],\"duser\":[\"XXXXt@test.com\",\"XXX@test.com\"],\"mailMsgSubject\":\"RE: Meubles DVD , ce serait le fournisseur DPC??\",\"msgId\":\"MRZP264MB2315CAD850058D02706E80D9853E2@MRZP264MB2315.FRAP264.PROD.OUTLOOK.COM\",\"tags\":[\"XSJG.MA-01-010.01\",\"mitre.t1566.002\",\"MITRE.T1566.002\",\"XSAE.F1938\"],\"ruleName\":\"MA-01-010\",\"eventName\":\"MESSAGE_SUSPICIOUS_DETECTION\",\"subRuleName\":\"forge_brand\",\"eventId\":\"100139\",\"scanType\":\"realtime_mailmeta-exchange\",\"productCode\":\"xms\",\"pname\":\"Email Sensor\",\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0APQjoWguLYUioEoMFJLcp2QABmzS7DwAA\",\"orgId\":\"123-123-123-123-123-123\",\"groupId\":\"123-123-123-123-123-123\",\"highlightedRequest\":[\"https://test.com/wp-includes/images/DPC.jpg\"],\"eventTime\":\"1733903461000\",\"logReceivedTime\":\"1733903483549\",\"attachmentFileSizes\":[\"-1\",\"-1\",\"-1\",\"-1\",\"-1\"],\"groupIdCorrValues\":[\"test.com/wp-includes/images/dpc.jpg\"],\"mailMsgDirection\":1,\"dataType\":1,\"eventSourceType\":2,\"mailbox\":\"XXXX@test.com\",\"rt_utc\":\"2024-12-11T07:51:23.4600000Z\",\"attachmentFileTlshes\":[\"\",\"\",\"\",\"\",\"\"],\"rt\":\"1733903461000\",\"description\":\"Found Forge Brand Pattern in URL\",\"ruleVer\":\"\",\"requests\":[\"http://www.test.com/\",\"http://cdn3.iconfinder.com/data/icons/free-social-icons/67/youtube_square_gray-24.png\",\"https://test.com/\",\"http://www.bm-test.com/\",\"http://www.test.com/\"],\"samUser\":\"Virginie.BBBB\",\"attachmentFileHashs\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachment\":[{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image001.png\",\"attachmentFileHash\":\"8acffca6144b332362ea706a9e30bb56538b359c\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image003.jpg\",\"attachmentFileHash\":\"c04c157f903f1beb0beb83138909b42633541218\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"CE7B0279.jpg\",\"attachmentFileHash\":\"e16cc3996443713902366cefc201fe47d6700b34\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"BD0C5626.jpg\",\"attachmentFileHash\":\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image002.jpg\",\"attachmentFileHash\":\"134c22a75f082d8db78acb2b0a72dcf910e44f52\",\"attachmentFileSize\":\"-1\"}],\"groupIdCorrKey\":\"URL\",\"attachmentFileHashes\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachmentFileTlshs\":[\"\",\"\",\"\",\"\",\"\"]}",
"message": "{\"uuid\":\"5fbbe268-adf5-404b-af37-afe194d80cd0\",\"filterRiskLevel\":\"medium\",\"attachmentFileName\":[\"image001.png\",\"image003.jpg\",\"CE7B0279.jpg\",\"BD0C5626.jpg\",\"image002.jpg\"],\"suser\":[\"XXXXX@test.com\"],\"duser\":[\"XXXXt@test.com\",\"XXX@test.com\"],\"mailMsgSubject\":\"MySubject\",\"msgId\":\"MRZP264MB2315CAD850058D02706E80D9853E2@MRZP264MB2315.FRAP264.PROD.OUTLOOK.COM\",\"tags\":[\"XSJG.MA-01-010.01\",\"mitre.t1566.002\",\"MITRE.T1566.002\",\"XSAE.F1938\"],\"ruleName\":\"MA-01-010\",\"eventName\":\"MESSAGE_SUSPICIOUS_DETECTION\",\"subRuleName\":\"forge_brand\",\"eventId\":\"100139\",\"scanType\":\"realtime_mailmeta-exchange\",\"productCode\":\"xms\",\"pname\":\"Email Sensor\",\"msgUuid\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0APQjoWguLYUioEoMFJLcp2QABmzS7DwAA\",\"orgId\":\"123-123-123-123-123-123\",\"groupId\":\"123-123-123-123-123-123\",\"highlightedRequest\":[\"https://test.com/wp-includes/images/DPC.jpg\"],\"eventTime\":\"1733903461000\",\"logReceivedTime\":\"1733903483549\",\"attachmentFileSizes\":[\"-1\",\"-1\",\"-1\",\"-1\",\"-1\"],\"groupIdCorrValues\":[\"test.com/wp-includes/images/dpc.jpg\"],\"mailMsgDirection\":1,\"dataType\":1,\"eventSourceType\":2,\"mailbox\":\"XXXX@test.com\",\"rt_utc\":\"2024-12-11T07:51:23.4600000Z\",\"attachmentFileTlshes\":[\"\",\"\",\"\",\"\",\"\"],\"rt\":\"1733903461000\",\"description\":\"Found Forge Brand Pattern in URL\",\"ruleVer\":\"\",\"requests\":[\"http://www.test.com/\",\"http://cdn3.iconfinder.com/data/icons/free-social-icons/67/youtube_square_gray-24.png\",\"https://test.com/\",\"http://www.bm-test.com/\",\"http://www.test.com/\"],\"samUser\":\"Virginie.BBBB\",\"attachmentFileHashs\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachment\":[{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image001.png\",\"attachmentFileHash\":\"8acffca6144b332362ea706a9e30bb56538b359c\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image003.jpg\",\"attachmentFileHash\":\"c04c157f903f1beb0beb83138909b42633541218\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"CE7B0279.jpg\",\"attachmentFileHash\":\"e16cc3996443713902366cefc201fe47d6700b34\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"BD0C5626.jpg\",\"attachmentFileHash\":\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"attachmentFileSize\":\"-1\"},{\"attachmentFileTlsh\":\"\",\"attachmentFileName\":\"image002.jpg\",\"attachmentFileHash\":\"134c22a75f082d8db78acb2b0a72dcf910e44f52\",\"attachmentFileSize\":\"-1\"}],\"groupIdCorrKey\":\"URL\",\"attachmentFileHashes\":[\"8acffca6144b332362ea706a9e30bb56538b359c\",\"c04c157f903f1beb0beb83138909b42633541218\",\"e16cc3996443713902366cefc201fe47d6700b34\",\"52495a6ce0b3de34a5a4d8dff10c9465aa1b7b84\",\"134c22a75f082d8db78acb2b0a72dcf910e44f52\"],\"attachmentFileTlshs\":[\"\",\"\",\"\",\"\",\"\"]}",
"event": {
"category": [
"email"
Expand Down Expand Up @@ -55,7 +55,7 @@
},
"local_id": "AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0APQjoWguLYUioEoMFJLcp2QABmzS7DwAA",
"message_id": "MRZP264MB2315CAD850058D02706E80D9853E2@MRZP264MB2315.FRAP264.PROD.OUTLOOK.COM",
"subject": "RE: Meubles DVD , ce serait le fournisseur DPC??",
"subject": "MySubject",
"to": {
"address": [
"XXX@test.com",
Expand Down

0 comments on commit 19a5ab9

Please sign in to comment.