"@type","Source","Destination ID","Vulnerability Severity","Ack SLA Paused Date","Detection Date","Response SLA Paused Date","Response Date","Ack Date","Name","Computer Name","Source Data","Ack Due Date","Username","User Details","Domain","Destination IP","Device UID","Epoch Time","Event Time","Destination Port","Remaining Response SLA on Pause","Remaining Ack SLA on Pause","Device Serial No","Device Owner","Assigned Date","Resolved Date","MITRE ATT&CK ID","Source Type","Attachment Names","Priority Weight","Target Asset","Target Process","Bytes Transferred","Command Line","Decoded Command Line","Description","Closure Notes","URL","Scheduled Task","Bucket Name","File Names","Escalation Reason","Process GUID","Process ID","MITRE Technique","Source ID","File Path","Parent Process Command Line","File Hash","File Name","Latest Login","Metrics","Parent Process ID","Parent Process Name","Process Name","Process Tree","Response Due Date","Registry Key","Registry Key Value","Service","Source IP","Source Port","Source Process","Source Tool","Return Path","Email From","Reporter Email Body","Reporter","Sender Domain","Email Body","Email Recipients (To)","Recipient Email Address","Email Headers","Sender Email Address","Email Subject","Email","Tactics","Groups","Assigned To","Email Classification","Device Type","Ack SLA","Status","Severity","Response SLA","Type","Escalated","Kill Chain Phase","State","Closure Reason","UUID","Created By","Created On","Modified By","Modified On","Id","Tags","Assignee","Queues"
"Alert","FortiSIEM","","","","2023-01-19T06:48:00+00:00","","","","Malformed Network packet","","","","","","","255.255.255.255","","","","","","0","","","2023-01-19T06:48:02+00:00","","","","","0","","","","","","The UDP header in the packet contains a wrong data length. 1404 bytes are advertised, but 1380 bytes are found in the payload.","","","","","","","","","","","","","","","","","","","","","","","","","10.80.68.60","","","","","","","","","","","","","","","","","","CS Admin","","","Awaiting Action","Open","Low","Awaiting Action","Malware","No","","","","555b57d5-4f0f-4b2a-8bf2-45621b5c27c7","CS Admin","2023-01-19T06:48:00+00:00","CS Admin","2023-02-04T06:32:06+00:00","3","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2022-09-19T06:14:54+00:00","","","2022-09-22T12:00:36+00:00","Man in the middle attack on 101.11.85.23","","{""_id"": ""Eb4luGsBt8nuALoC726Q"", ""_type"": ""doc"", ""_index"": ""logstash-beats-screensaver"", ""_score"": 2.364643, ""_source"": {""beat"": {""name"": ""win7-host1-PC"", ""version"": ""6.5.3"", ""hostname"": ""win7-host1-PC""}, ""tags"": [""beat"", ""beats_input_codec_plain_applied""], ""task"": ""Process Create (rule: ProcessCreate)"", ""user"": {""name"": ""SYSTEM"", ""type"": ""User"", ""domain"": ""NT AUTHORITY"", ""identifier"": ""S-1-5-18""}, ""level"": ""Information"", ""opcode"": ""Info"", ""message"": ""Process Create:\nRuleName: \nUtcTime: 2019-07-03 14:03:40.047\nProcessGuid: {DA929735-B5BC-5D1C-0000-0010AB301118}\nProcessId: 2704\nImage: C:\\Users\\superman\\Desktop\\invoice-156783.scr\nFileVersion: 2.1.1.0\nDescription: mimikatz for Windows\nProduct: mimikatz\nCompany: gentilkiwi (Benjamin DELPY)\nOriginalFileName: mimikatz.exe\nCommandLine: \""C:\\Users\\superman\\Desktop\\invoice-156783.scr\"" /S\nCurrentDirectory: C:\\Users\\superman\\Desktop\\\nUser: batman\\superman\nLogonGuid: {DA929735-A7BD-5D0B-0000-002046760300}\nLogonId: 0x37646\nTerminalSessionId: 1\nIntegrityLevel: High\nHashes: MD5=332A5371389A8953A96BF09B69EDCB6E,SHA256=E46BA4BDD4168A399EE5BC2161A8C918095FA30EB20AC88CAC6AB1D6DBEA2B4A\nParentProcessGuid: {DA929735-A7D1-5D0B-0000-00108BFE0500}\nParentProcessId: 2256\nParentImage: C:\\Windows\\explorer.exe\nParentCommandLine: C:\\Windows\\Explorer.EXE"", ""version"": 5, ""@version"": ""1"", ""event_id"": 1, ""log_name"": ""Microsoft-Windows-Sysmon/Operational"", ""username"": ""batman\\superman"", ""beat_host"": {""id"": ""da929735-a8f9-4b38-8348-7664a570a0a2"", ""os"": {""build"": ""7601.24356"", ""family"": ""windows"", ""version"": ""6.1"", ""platform"": ""windows""}, ""name"": ""win7-host1-PC"", ""architecture"": ""x86_64""}, ""thread_id"": 1824, ""@timestamp"": ""2019-07-03T14:03:40.131Z"", ""event_data"": {""Hashes"": ""MD5=332A5371389A8953A96BF09B69EDCB6E,SHA256=E46BA4BDD4168A399EE5BC2161A8C918095FA30EB20AC88CAC6AB1D6DBEA2B4A"", ""Company"": ""gentilkiwi (Benjamin DELPY)"", ""LogonId"": ""0x37646"", ""Product"": ""mimikatz"", ""UtcTime"": ""2019-07-03 14:03:40.047"", ""LogonGuid"": ""{DA929735-A7BD-5D0B-0000-002046760300}"", ""ProcessId"": ""2704"", ""CommandLine"": ""\""C:\\Users\\superman\\Desktop\\invoice-156783.scr\"" /S"", ""Description"": ""mimikatz for Windows"", ""FileVersion"": ""2.1.1.0"", ""ProcessGuid"": ""{DA929735-B5BC-5D1C-0000-0010AB301118}"", ""IntegrityLevel"": ""High"", ""ParentProcessId"": ""2256"", ""CurrentDirectory"": ""C:\\Users\\superman\\Desktop\\"", ""OriginalFileName"": ""mimikatz.exe"", ""ParentCommandLine"": ""C:\\Windows\\Explorer.EXE"", ""ParentProcessGuid"": ""{DA929735-A7D1-5D0B-0000-00108BFE0500}"", ""TerminalSessionId"": ""1""}, ""event_type"": ""sysmon"", ""image_path"": ""C:\\Users\\superman\\Desktop\\invoice-156783.scr"", ""process_id"": 1408, ""source_name"": ""Microsoft-Windows-Sysmon"", ""computer_name"": ""win7-host1-PC.batman.local"", ""logstash_time"": 0.0017659664154052734, ""provider_guid"": ""{5770385F-C22A-43E0-BF4C-06F5698FFBD9}"", ""record_number"": ""1975234"", ""parent_image_path"": ""C:\\Windows\\explorer.exe""}}","2022-09-19T07:24:54+00:00","","","","101.11.85.23","","1562162620","2019-07-03 14:03:40.047","1212","","0","","","2023-02-04T06:30:30+00:00","","","","","0","","","","","","During MiTM attacks, cybercriminals insert themselves in the middle of data transactions or online communication. Through the distribution of malware, the attacker gains easy access to the user's web browser and the data it sends and receives during transactions. Person with IP 198.32.64.12 has attacked on one of the system at Level 5 with IP 101.11.85.23","","","","","","","","","","","","","","","","","","","","","2022-09-26T12:20:51+00:00","","","","198.32.64.12","4124","","","","","","","","","","","","","","","","","CS Admin","","","Missed","Open","Low","Awaiting Action","Malware","No","","","","8ffd2217-134a-4eaf-a75e-bef636d1cd8f","CS Admin","2022-09-28T09:55:39+00:00","CS Admin","2023-02-04T06:32:13+00:00","8","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2023-01-19T07:21:24+00:00","","","","Malware detection [Dragonfly2]","","","","","","","10.132.255.118","","","","443","","0","","","2023-01-19T07:21:26+00:00","","","","","0","","","","","","Suspicious transferring of malware named 'TemplateAttack_DragonFly_2_0' (MD5: 722154a36f32ba10e98020a8ad758a7a) was detected involving resource '\\10.132.255.118 \ADMIN\CVcontrolEngineer.docx' after a 'read' operation","","","","","","","","","","","","","722154a36f32ba10e98020a8ad758a7a","","","","","","","","","","","","10.121.221.12","1148","","","","","","","","","","","","","","","","","Fred Smith","","","Awaiting Action","Open","Low","Awaiting Action","Malware","No","","","","f350287b-b7c9-4aca-a65e-19f582bf057e","CS Admin","2023-01-19T07:21:24+00:00","CS Admin","2023-02-04T06:33:34+00:00","12","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2023-01-19T07:10:26+00:00","","","","A suspicious packet was sent","","","","","","","10.132.255.118","","","","443","","0","","","2023-01-19T07:14:42+00:00","","","","","0","","","","","","A suspicious packet was sent. SMB Server Traffic contains NTLM-Authenticated SMBv1 Session. Activity was detected related to NTLM-Authenticated SMBv1 Session, that indicates attemps to abuse the exploits in SMBv1.","","","","","","","","","","","","","","","","","","","","","","","","","10.121.221.12","1148","","","","","","","","","","","","","","","","","Kathy Wagner","","","Awaiting Action","Open","Low","Awaiting Action","Other / Unknown","No","","","","a86c6a3e-8308-4c29-aed0-9c4046350353","CS Admin","2023-01-19T07:14:40+00:00","CS Admin","2023-02-04T06:33:41+00:00","9","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2023-01-05T06:12:17+00:00","","","","TCP Port Scan","","","","","","","10.12.31.56","","","","","","0","","","2023-02-04T06:30:35+00:00","","T0885","","","0","","","","",""," Asset 10.21.34.12 sent probe packets to 10.12.31.56 IP address on different ports.","","","","","","","","","","","","","","","","","","","","","","","","","10.21.34.12","","","","","","","","","","","","","","","","Command and Control","","CS Admin","","","Awaiting Action","Open","Low","Awaiting Action","Command and Control","No","","","","b7541a1a-c624-472b-9cae-fffa38fd7d6e","CS Admin","2023-01-05T06:12:17+00:00","CS Admin","2023-02-04T06:30:36+00:00","10","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2023-01-05T06:12:17+00:00","","","","TCP Port Scan","","{
  ""URL"": ""None"",
  ""Name"": ""TCP Port Scan"",
  ""Tags"": ""['OT - Specific']"",
  ""UUID"": ""ffa55f65-65e5-4901-a57c-6e2a2cb96433"",
  ""Source"": ""FortiSIEM"",
  ""Status"": ""Open"",
  ""Source IP"": ""192.155.11.12"",
  ""Description"": "" Asset 192.155.11.12 sent probe packets to 192.168.1.205 IP address on different ports."",
  ""Target Asset"": ""URI-COMP-A12, 192.168.1.205"",
  ""Destination IP"": ""192.168.1.205"",
  ""MITRE ATT&CK ID"": ""T0885"",
  ""MITRE Technique"": ""Commonly Used Port""
}","","","","","192.168.1.205","","","","","","0","","","2023-02-04T06:30:56+00:00","","T0885","","","0","","","","",""," Asset 192.155.11.12 sent probe packets to 192.168.1.205 IP address on different ports.","","","","","","","","","","","","","","","","","","","","","","","","","192.155.11.12","","","","","","","","","","","","","","","","Command and Control","","CS Admin","","","Awaiting Action","Open","Low","Awaiting Action","Command and Control","No","","","","ffa55f65-65e5-4901-a57c-6e2a2cb96433","CS Admin","2023-01-09T06:49:42+00:00","CS Admin","2023-02-04T06:30:56+00:00","13","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2023-01-19T10:26:27+00:00","","","","Configuration change from ""PROGRAM"" to ""REMOTE""","","","","","","","172.10.11.122","","","","44121","","0","","","2023-01-19T10:28:57+00:00","","T0886","","","0","","","","","","The position of the key for the device 172.10.11.122 changed from ""PROGRAM"" to ""REMOTE""","","","","","","","","","","","","","","","","","","","","","","","","","192.168.11.131","10312","","","","","","","","","","","","","","","Initial Access","","CS Admin","","","Awaiting Action","Open","Low","Awaiting Action","Brute Force Attempts","No","","","","6e4dbe90-53ab-433c-9e85-254749c0f454","CS Admin","2023-01-19T10:28:56+00:00","CS Admin","2023-02-04T06:33:51+00:00","5","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2022-09-19T06:14:54+00:00","","","2022-09-22T12:00:36+00:00","Unsupported function code 126 (PLC Programming) requested on producer 172.100.1.13","","{""_id"": ""Eb4luGsBt8nuALoC726Q"", ""_type"": ""doc"", ""_index"": ""logstash-beats-screensaver"", ""_score"": 2.364643, ""_source"": {""beat"": {""name"": ""win7-host1-PC"", ""version"": ""6.5.3"", ""hostname"": ""win7-host1-PC""}, ""tags"": [""beat"", ""beats_input_codec_plain_applied""], ""task"": ""Process Create (rule: ProcessCreate)"", ""user"": {""name"": ""SYSTEM"", ""type"": ""User"", ""domain"": ""NT AUTHORITY"", ""identifier"": ""S-1-5-18""}, ""level"": ""Information"", ""opcode"": ""Info"", ""message"": ""Process Create:\nRuleName: \nUtcTime: 2019-07-03 14:03:40.047\nProcessGuid: {DA929735-B5BC-5D1C-0000-0010AB301118}\nProcessId: 2704\nImage: C:\\Users\\superman\\Desktop\\invoice-156783.scr\nFileVersion: 2.1.1.0\nDescription: mimikatz for Windows\nProduct: mimikatz\nCompany: gentilkiwi (Benjamin DELPY)\nOriginalFileName: mimikatz.exe\nCommandLine: \""C:\\Users\\superman\\Desktop\\invoice-156783.scr\"" /S\nCurrentDirectory: C:\\Users\\superman\\Desktop\\\nUser: batman\\superman\nLogonGuid: {DA929735-A7BD-5D0B-0000-002046760300}\nLogonId: 0x37646\nTerminalSessionId: 1\nIntegrityLevel: High\nHashes: MD5=332A5371389A8953A96BF09B69EDCB6E,SHA256=E46BA4BDD4168A399EE5BC2161A8C918095FA30EB20AC88CAC6AB1D6DBEA2B4A\nParentProcessGuid: {DA929735-A7D1-5D0B-0000-00108BFE0500}\nParentProcessId: 2256\nParentImage: C:\\Windows\\explorer.exe\nParentCommandLine: C:\\Windows\\Explorer.EXE"", ""version"": 5, ""@version"": ""1"", ""event_id"": 1, ""log_name"": ""Microsoft-Windows-Sysmon/Operational"", ""username"": ""batman\\superman"", ""beat_host"": {""id"": ""da929735-a8f9-4b38-8348-7664a570a0a2"", ""os"": {""build"": ""7601.24356"", ""family"": ""windows"", ""version"": ""6.1"", ""platform"": ""windows""}, ""name"": ""win7-host1-PC"", ""architecture"": ""x86_64""}, ""thread_id"": 1824, ""@timestamp"": ""2019-07-03T14:03:40.131Z"", ""event_data"": {""Hashes"": ""MD5=332A5371389A8953A96BF09B69EDCB6E,SHA256=E46BA4BDD4168A399EE5BC2161A8C918095FA30EB20AC88CAC6AB1D6DBEA2B4A"", ""Company"": ""gentilkiwi (Benjamin DELPY)"", ""LogonId"": ""0x37646"", ""Product"": ""mimikatz"", ""UtcTime"": ""2019-07-03 14:03:40.047"", ""LogonGuid"": ""{DA929735-A7BD-5D0B-0000-002046760300}"", ""ProcessId"": ""2704"", ""CommandLine"": ""\""C:\\Users\\superman\\Desktop\\invoice-156783.scr\"" /S"", ""Description"": ""mimikatz for Windows"", ""FileVersion"": ""2.1.1.0"", ""ProcessGuid"": ""{DA929735-B5BC-5D1C-0000-0010AB301118}"", ""IntegrityLevel"": ""High"", ""ParentProcessId"": ""2256"", ""CurrentDirectory"": ""C:\\Users\\superman\\Desktop\\"", ""OriginalFileName"": ""mimikatz.exe"", ""ParentCommandLine"": ""C:\\Windows\\Explorer.EXE"", ""ParentProcessGuid"": ""{DA929735-A7D1-5D0B-0000-00108BFE0500}"", ""TerminalSessionId"": ""1""}, ""event_type"": ""sysmon"", ""image_path"": ""C:\\Users\\superman\\Desktop\\invoice-156783.scr"", ""process_id"": 1408, ""source_name"": ""Microsoft-Windows-Sysmon"", ""computer_name"": ""win7-host1-PC.batman.local"", ""logstash_time"": 0.0017659664154052734, ""provider_guid"": ""{5770385F-C22A-43E0-BF4C-06F5698FFBD9}"", ""record_number"": ""1975234"", ""parent_image_path"": ""C:\\Windows\\explorer.exe""}}","2022-09-19T07:24:54+00:00","","","","172.100.1.13","","1562162620","2019-07-03 14:03:40.047","524","","0","","","2023-02-04T06:30:51+00:00","","T0845","","","0","","","","","","An unsupported function was used on the OT device. This could be due to faulty software failing to perform an operation or a malicious attacker attempting to understand the device's capabilities.","","","","","","","","","","","","","","","","","","","","","2022-09-26T12:20:51+00:00","","","","192.168.55.162","41321","","","","","","","","","","","","","","","Collection","","CS Admin","","","Missed","Open","Low","Awaiting Action","Other / Unknown","No","","","","e4c2a68e-b99f-40b6-aa6c-7991ba99ca74","CS Admin","2023-01-09T06:53:34+00:00","CS Admin","2023-02-04T06:30:51+00:00","11","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2022-12-30T06:31:50+00:00","","","","Modbus TCP - Unauthorized Read Request to PLC","","","","","","","","","","","","","0","","","2023-02-04T06:30:41+00:00","","","","","0","","","","","","This event is generated when an unauthorized system attempts to write information to a PLC or other field device.
Modbus TCP is a protocol commonly used in SCADA and DCS networks for process control. The protocol does not provide authentication of the source of a command. Most SCADA/DCS networks have a limited number of control servers that should write information to a PLC. An adversary may attempt to corrupt a PLC or set in a state to negatively affect the process being controlled.
An attacker with IP connectivity to the PLC issues MODBUS write requests. This could change the configuration of the PLC, make the PLC interoperable, or send requests to actuators to change the state of the process being controlled.","","","","","","","","","","","","","","","","","","","","","","","","","192.12.141.11","","","","","","","","","","","","","","","","","","CS Admin","","PLC","Awaiting Action","Open","Low","Awaiting Action","Improper Disposal","No","","","","70a5157e-7096-42a1-ac02-8511fb88f14b","CS Admin","2023-01-03T09:23:37+00:00","Playbook","2023-02-04T06:30:41+00:00","6","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2022-09-19T06:14:54+00:00","","","2022-09-22T12:00:36+00:00","Unsupported function code 126 (PLC Programming) requested on producer 172.100.1.11","","{""_id"": ""Eb4luGsBt8nuALoC726Q"", ""_type"": ""doc"", ""_index"": ""logstash-beats-screensaver"", ""_score"": 2.364643, ""_source"": {""beat"": {""name"": ""win7-host1-PC"", ""version"": ""6.5.3"", ""hostname"": ""win7-host1-PC""}, ""tags"": [""beat"", ""beats_input_codec_plain_applied""], ""task"": ""Process Create (rule: ProcessCreate)"", ""user"": {""name"": ""SYSTEM"", ""type"": ""User"", ""domain"": ""NT AUTHORITY"", ""identifier"": ""S-1-5-18""}, ""level"": ""Information"", ""opcode"": ""Info"", ""message"": ""Process Create:\nRuleName: \nUtcTime: 2019-07-03 14:03:40.047\nProcessGuid: {DA929735-B5BC-5D1C-0000-0010AB301118}\nProcessId: 2704\nImage: C:\\Users\\superman\\Desktop\\invoice-156783.scr\nFileVersion: 2.1.1.0\nDescription: mimikatz for Windows\nProduct: mimikatz\nCompany: gentilkiwi (Benjamin DELPY)\nOriginalFileName: mimikatz.exe\nCommandLine: \""C:\\Users\\superman\\Desktop\\invoice-156783.scr\"" /S\nCurrentDirectory: C:\\Users\\superman\\Desktop\\\nUser: batman\\superman\nLogonGuid: {DA929735-A7BD-5D0B-0000-002046760300}\nLogonId: 0x37646\nTerminalSessionId: 1\nIntegrityLevel: High\nHashes: MD5=332A5371389A8953A96BF09B69EDCB6E,SHA256=E46BA4BDD4168A399EE5BC2161A8C918095FA30EB20AC88CAC6AB1D6DBEA2B4A\nParentProcessGuid: {DA929735-A7D1-5D0B-0000-00108BFE0500}\nParentProcessId: 2256\nParentImage: C:\\Windows\\explorer.exe\nParentCommandLine: C:\\Windows\\Explorer.EXE"", ""version"": 5, ""@version"": ""1"", ""event_id"": 1, ""log_name"": ""Microsoft-Windows-Sysmon/Operational"", ""username"": ""batman\\superman"", ""beat_host"": {""id"": ""da929735-a8f9-4b38-8348-7664a570a0a2"", ""os"": {""build"": ""7601.24356"", ""family"": ""windows"", ""version"": ""6.1"", ""platform"": ""windows""}, ""name"": ""win7-host1-PC"", ""architecture"": ""x86_64""}, ""thread_id"": 1824, ""@timestamp"": ""2019-07-03T14:03:40.131Z"", ""event_data"": {""Hashes"": ""MD5=332A5371389A8953A96BF09B69EDCB6E,SHA256=E46BA4BDD4168A399EE5BC2161A8C918095FA30EB20AC88CAC6AB1D6DBEA2B4A"", ""Company"": ""gentilkiwi (Benjamin DELPY)"", ""LogonId"": ""0x37646"", ""Product"": ""mimikatz"", ""UtcTime"": ""2019-07-03 14:03:40.047"", ""LogonGuid"": ""{DA929735-A7BD-5D0B-0000-002046760300}"", ""ProcessId"": ""2704"", ""CommandLine"": ""\""C:\\Users\\superman\\Desktop\\invoice-156783.scr\"" /S"", ""Description"": ""mimikatz for Windows"", ""FileVersion"": ""2.1.1.0"", ""ProcessGuid"": ""{DA929735-B5BC-5D1C-0000-0010AB301118}"", ""IntegrityLevel"": ""High"", ""ParentProcessId"": ""2256"", ""CurrentDirectory"": ""C:\\Users\\superman\\Desktop\\"", ""OriginalFileName"": ""mimikatz.exe"", ""ParentCommandLine"": ""C:\\Windows\\Explorer.EXE"", ""ParentProcessGuid"": ""{DA929735-A7D1-5D0B-0000-00108BFE0500}"", ""TerminalSessionId"": ""1""}, ""event_type"": ""sysmon"", ""image_path"": ""C:\\Users\\superman\\Desktop\\invoice-156783.scr"", ""process_id"": 1408, ""source_name"": ""Microsoft-Windows-Sysmon"", ""computer_name"": ""win7-host1-PC.batman.local"", ""logstash_time"": 0.0017659664154052734, ""provider_guid"": ""{5770385F-C22A-43E0-BF4C-06F5698FFBD9}"", ""record_number"": ""1975234"", ""parent_image_path"": ""C:\\Windows\\explorer.exe""}}","2022-09-19T07:24:54+00:00","","","","172.100.1.11","","1562162620","2019-07-03 14:03:40.047","445","","0","","","2023-02-04T06:30:46+00:00","","T0845","","","0","","","","","","An unsupported function was used on the OT device. This could be due to faulty software failing to perform an operation or a malicious attacker attempting to understand the device's capabilities.","","","","","","","","","","","","","","","","","","","","","2022-09-26T12:20:51+00:00","","","","192.168.25.62","52312","","","","","","","","","","","","","","","Collection","","CS Admin","","","Missed","Open","Low","Awaiting Action","Other / Unknown","No","","","","595912ed-589f-4de5-b306-4deef4da168f","CS Admin","2022-09-28T11:17:20+00:00","CS Admin","2023-02-04T06:30:47+00:00","4","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2023-01-19T10:26:27+00:00","","","","Configuration change from ""REMOTE"" to ""PROGRAM""","","","","","","","172.10.11.122","","","","44121","","0","","","2023-01-19T10:26:28+00:00","","T0886","","","0","","","","","","The position of the key for the device 172.10.11.122 changed from ""REMOTE"" to ""PROGRAM""","","","","","","","","","","","","","","","","","","","","","","","","","192.168.11.131","10312","","","","","","","","","","","","","","","Initial Access","","CS Admin","","","Awaiting Action","Open","Low","Awaiting Action","Brute Force Attempts","No","","","","1d131b8e-1df6-4b85-a745-1fc5da03c26f","CS Admin","2023-01-19T10:26:27+00:00","CS Admin","2023-02-04T06:33:57+00:00","1","['OT IT', 'sampleAlert']","","Default"
"Alert","FortiSIEM","","","","2023-01-19T06:59:41+00:00","","","","Suspicious activity between 10.121.221.12 and 10.132.255.118 has been detected.","","","","","","","10.132.255.118","","","","","","0","","","2023-01-19T06:59:43+00:00","","","","","0","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","10.121.221.12","","","","","","","","","","","","","","","","","","Charlie Baker","","","Awaiting Action","Open","Low","Awaiting Action","Other / Unknown","No","","","","7daffb9e-e32d-4254-a774-2cb87a26c649","CS Admin","2023-01-19T06:59:41+00:00","CS Admin","2023-02-04T06:34:01+00:00","7","['OT IT', 'sampleAlert']","","Default"