Skip to content

Instantly share code, notes, and snippets.

@hisashiyamaguchi

hisashiyamaguchi/A response sample of report proxy network traffic transaction details

Created April 11, 2022 20:28
Show Gist options
  • Save hisashiyamaguchi/9e1facbe913f0ebaa3b99f5f03e5de6b to your computer and use it in GitHub Desktop.
Save hisashiyamaguchi/9e1facbe913f0ebaa3b99f5f03e5de6b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
A response sample of report proxy network traffic transaction details
{
"dataRows": [
{
"id": "1",
"l7Protocol": "HTTPS",
"request": {
"startTime": 1649638271180,
"connectionId": "0x6C488E5F161A65DA92706",
"domain": "entitlement.diagnostics.office.com.",
"uri": "/v1/supporteligibility",
"method": "GET",
"clientPort": 47994,
"destinationIP": "104.43.167.100",
"destinationPort": 443,
"uuid": "6c0d87ab-42b5-437c-a248-28cec61bf6aa",
"queryStrings": [],
"headers": [
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Content-Type",
"value": "application/json"
},
{
"name": "User-Agent",
"value": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14827; Pro)"
},
{
"name": "Host",
"value": "entitlement.diagnostics.office.com"
}
],
"clientIp": "60.120.8.232"
},
"response": {
"endTime": 1649638271319,
"headers": [
{
"name": "Cache-Control",
"value": "no-cache"
},
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Expires",
"value": "-1"
},
{
"name": "Server",
"value": "Microsoft-IIS/10.0"
},
{
"name": "X-Powered-By",
"value": "ASP.NET"
},
{
"name": "Date",
"value": "Mon, 11 Apr 2022 00:51:10 GMT"
},
{
"name": "Connection",
"value": "close"
},
{
"name": "Content-Length",
"value": "0"
}
],
"hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"responseCode": "401"
},
"event": {
"detectionTime": "2022-04-11T00:51:11Z",
"detectionType": "N/A",
"siteId": "9216",
"siteName": "Off Network ETP Clients",
"policyId": "10739",
"policyName": "Unidentified Location Policy",
"listId": "-1",
"listName": "unknown",
"categoryId": "104",
"categoryName": "Computer & Internet info",
"confidenceId": "-1",
"confidenceName": "Unknown",
"actionId": "5",
"actionName": "Allow",
"blockDescription": "N/A",
"correlatedSinkholeEvents": [],
"reason": "N/A",
"threatId": 3015,
"severityId": 4,
"threatName": "Office365_Optimization",
"severityLevel": "Low",
"onrampType": "etp_offnet_client",
"internalClientIP": "192.168.3.7",
"matchedGroups": [],
"clientRequestId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f-16496382685541644-301",
"encryptedInternalClientIP": "PNwBDfEfs+YQEIgpgodhersAa2zBY8H6Lv02",
"encryptedInternalClientName": "",
"decryptedInternalClientIP": "192.168.3.7",
"applicationId": "273",
"applicationName": "Microsoft 365",
"operationId": "99",
"operationName": "None",
"riskId": "4",
"riskName": "Very High",
"catalogId": "2022041001",
"sublocationId": "-1",
"sublocationName": "N/A",
"eventType": "aup",
"clientAgents": [
"EtpClient:3.7.0.1019"
],
"listIdentifiers": [
{
"listId": -1,
"categoryId": 104,
"confidenceId": -1,
"threatId": 3015,
"listName": "unknown",
"categoryName": "Computer & Internet info",
"confidenceName": "Unknown",
"threatName": "Office365_Optimization"
},
{
"listId": -1,
"categoryId": 120,
"confidenceId": -1,
"threatId": 0,
"listName": "unknown",
"categoryName": "Productivity and CRM Tools",
"confidenceName": "Unknown",
"threatName": "Unclassified"
}
],
"deepscanReportPath": "",
"httpVersion": "1.1",
"deviceId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f",
"deviceName": "PC-04434",
"deviceOwnerId": "cc-30-80-35-cb-bf",
"files": [
{
"fileName": "N/A",
"fileHash": "",
"fileSize": -1,
"fileType": "N/A",
"dictionaries": [
{
"id": "N/A",
"name": "N/A"
}
],
"patterns": [
{
"id": "N/A",
"name": "N/A"
}
],
"isUpload": true,
"scanStatus": "N/A"
}
],
"configId": 42360,
"deepScanned": false
},
"userIdentity": {
"encryptedUserID": "",
"encryptedUserName": "",
"groups": []
},
"isEvent": false
},
{
"id": "2",
"l7Protocol": "HTTPS",
"request": {
"startTime": 1649638269915,
"connectionId": "0x9F0E6D0E161A53993EAF3",
"domain": "ols.officeapps.live.com.",
"uri": "/licensing/user/renewlicense",
"method": "POST",
"clientPort": 39807,
"destinationIP": "52.109.20.0",
"destinationPort": 443,
"uuid": "d433a2c4-ce0b-4852-baad-7a8fb53aa2ed",
"queryStrings": [],
"headers": [
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Date",
"value": "Mon, 11 Apr 2022 00:51:05 GMT"
},
{
"name": "Content-Type",
"value": "application/json"
},
{
"name": "Accept",
"value": "application/json; SigningOption=2"
},
{
"name": "User-Agent",
"value": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14827; Pro)"
},
{
"name": "Content-Length",
"value": "305"
},
{
"name": "Host",
"value": "ols.officeapps.live.com"
}
],
"clientIp": "60.120.8.232"
},
"response": {
"endTime": 1649638270693,
"headers": [
{
"name": "Content-Type",
"value": "application/json; charset=utf-8"
},
{
"name": "Server",
"value": "Microsoft-IIS/10.0"
},
{
"name": "X-Powered-By",
"value": "ASP.NET"
},
{
"name": "Date",
"value": "Mon, 11 Apr 2022 00:51:09 GMT"
},
{
"name": "Content-Length",
"value": "12282"
}
],
"hash": "30d251f6873dfc97d1b159451358eb004daaed6833ee93d4a9e95822c652325c",
"responseCode": "200"
},
"event": {
"detectionTime": "2022-04-11T00:51:09Z",
"detectionType": "N/A",
"siteId": "9216",
"siteName": "Off Network ETP Clients",
"policyId": "10739",
"policyName": "Unidentified Location Policy",
"listId": "-1",
"listName": "unknown",
"categoryId": "104",
"categoryName": "Computer & Internet info",
"confidenceId": "-1",
"confidenceName": "Unknown",
"actionId": "5",
"actionName": "Allow",
"blockDescription": "N/A",
"correlatedSinkholeEvents": [],
"reason": "N/A",
"threatId": 3015,
"severityId": 4,
"threatName": "Office365_Optimization",
"severityLevel": "Low",
"onrampType": "etp_offnet_client",
"internalClientIP": "192.168.3.7",
"matchedGroups": [],
"clientRequestId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f-16496382656491291-298",
"encryptedInternalClientIP": "PNwBDfEfs+YQEIgpgodhersAa2zBY8H6Lv02",
"encryptedInternalClientName": "",
"decryptedInternalClientIP": "192.168.3.7",
"applicationId": "2203",
"applicationName": "Microsoft (common)",
"operationId": "99",
"operationName": "None",
"riskId": "2",
"riskName": "Medium",
"catalogId": "2022041001",
"sublocationId": "-1",
"sublocationName": "N/A",
"eventType": "aup",
"clientAgents": [
"EtpClient:3.7.0.1019"
],
"listIdentifiers": [
{
"listId": -1,
"categoryId": 104,
"confidenceId": -1,
"threatId": 3015,
"listName": "unknown",
"categoryName": "Computer & Internet info",
"confidenceName": "Unknown",
"threatName": "Office365_Optimization"
},
{
"listId": -1,
"categoryId": 124,
"confidenceId": -1,
"threatId": 0,
"listName": "unknown",
"categoryName": "Internet Utilities",
"confidenceName": "Unknown",
"threatName": "Unclassified"
}
],
"deepscanReportPath": "",
"httpVersion": "1.1",
"deviceId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f",
"deviceName": "PC-04434",
"deviceOwnerId": "cc-30-80-35-cb-bf",
"files": [
{
"fileName": "N/A",
"fileHash": "f415dc8a87dfd8e787a673a98f3023ea40b1b984d1ce9510fa08250ea9c6ea91",
"fileSize": 305,
"fileType": "text/plain",
"dictionaries": [
{
"id": "N/A",
"name": "N/A"
}
],
"patterns": [
{
"id": "N/A",
"name": "N/A"
}
],
"isUpload": true,
"scanStatus": "N/A"
},
{
"fileName": "N/A",
"fileHash": "30d251f6873dfc97d1b159451358eb004daaed6833ee93d4a9e95822c652325c",
"fileSize": 12282,
"fileType": "text/plain",
"dictionaries": [
{
"id": "N/A",
"name": "N/A"
}
],
"patterns": [
{
"id": "N/A",
"name": "N/A"
}
],
"isUpload": false,
"scanStatus": "N/A"
}
],
"configId": 42360,
"deepScanned": false
},
"userIdentity": {
"encryptedUserID": "",
"encryptedUserName": "",
"groups": []
},
"isEvent": false
},
{
"id": "3",
"l7Protocol": "HTTPS",
"request": {
"startTime": 1649638267657,
"connectionId": "0x9F0E6D07161A14EE19370",
"domain": "outlook.office365.com.",
"uri": "/autodiscover/autodiscover.json/v1.0/[email protected]",
"method": "GET",
"clientPort": 38115,
"destinationIP": "2603:1046:c09:1092::2",
"destinationPort": 443,
"uuid": "6b70e75a-7721-434a-b3ce-ea6422a642b8",
"queryStrings": [],
"headers": [
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Accept",
"value": "application/json"
},
{
"name": "User-Agent",
"value": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14827; Pro)"
},
{
"name": "Host",
"value": "outlook.office365.com"
}
],
"clientIp": "60.120.8.232"
},
"response": {
"endTime": 1649638267690,
"headers": [
{
"name": "Cache-Control",
"value": "private"
},
{
"name": "Content-Length",
"value": "97"
},
{
"name": "Content-Type",
"value": "application/json; charset=utf-8"
},
{
"name": "Server",
"value": "Microsoft-IIS/10.0"
},
{
"name": "X-Powered-By",
"value": "ASP.NET"
},
{
"name": "Date",
"value": "Mon, 11 Apr 2022 00:51:06 GMT"
}
],
"hash": "ad543c070a0c3b3eb31ced625a34c76010644df7c36bcf06d7bed677c0a86216",
"responseCode": "200"
},
"event": {
"detectionTime": "2022-04-11T00:51:07Z",
"detectionType": "N/A",
"siteId": "9216",
"siteName": "Off Network ETP Clients",
"policyId": "10739",
"policyName": "Unidentified Location Policy",
"listId": "-1",
"listName": "unknown",
"categoryId": "104",
"categoryName": "Computer & Internet info",
"confidenceId": "-1",
"confidenceName": "Unknown",
"actionId": "5",
"actionName": "Allow",
"blockDescription": "N/A",
"correlatedSinkholeEvents": [],
"reason": "N/A",
"threatId": 3015,
"severityId": 4,
"threatName": "Office365_Optimization",
"severityLevel": "Low",
"onrampType": "etp_offnet_client",
"internalClientIP": "192.168.3.7",
"matchedGroups": [],
"clientRequestId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f-16496382487819566-279",
"encryptedInternalClientIP": "PNwBDfEfs+YQEIgpgodhersAa2zBY8H6Lv02",
"encryptedInternalClientName": "",
"decryptedInternalClientIP": "192.168.3.7",
"applicationId": "274",
"applicationName": "Microsoft 365 Outlook",
"operationId": "99",
"operationName": "None",
"riskId": "4",
"riskName": "Very High",
"catalogId": "2022041001",
"sublocationId": "-1",
"sublocationName": "N/A",
"eventType": "aup",
"clientAgents": [
"EtpClient:3.7.0.1019"
],
"listIdentifiers": [
{
"listId": -1,
"categoryId": 104,
"confidenceId": -1,
"threatId": 3015,
"listName": "unknown",
"categoryName": "Computer & Internet info",
"confidenceName": "Unknown",
"threatName": "Office365_Optimization"
},
{
"listId": -1,
"categoryId": 110,
"confidenceId": -1,
"threatId": 0,
"listName": "unknown",
"categoryName": "Web-Based Email",
"confidenceName": "Unknown",
"threatName": "Unclassified"
}
],
"deepscanReportPath": "",
"httpVersion": "1.1",
"deviceId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f",
"deviceName": "PC-04434",
"deviceOwnerId": "cc-30-80-35-cb-bf",
"files": [
{
"fileName": "N/A",
"fileHash": "ad543c070a0c3b3eb31ced625a34c76010644df7c36bcf06d7bed677c0a86216",
"fileSize": 97,
"fileType": "text/plain",
"dictionaries": [
{
"id": "N/A",
"name": "N/A"
}
],
"patterns": [
{
"id": "N/A",
"name": "N/A"
}
],
"isUpload": false,
"scanStatus": "N/A"
}
],
"configId": 42360,
"deepScanned": false
},
"userIdentity": {
"encryptedUserID": "",
"encryptedUserName": "",
"groups": []
},
"isEvent": false
},
{
"id": "4",
"l7Protocol": "HTTPS",
"request": {
"startTime": 1649638267655,
"connectionId": "0x9F0E6D05161A14721737F",
"domain": "outlook.office365.com.",
"uri": "/autodiscover/autodiscover.json/v1.0/[email protected]",
"method": "GET",
"clientPort": 46269,
"destinationIP": "2603:1046:404:14::2",
"destinationPort": 443,
"uuid": "c89a0ab1-73dc-4edc-9380-72fff1e69207",
"queryStrings": [],
"headers": [
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Accept",
"value": "application/json"
},
{
"name": "User-Agent",
"value": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14827; Pro)"
},
{
"name": "Host",
"value": "outlook.office365.com"
}
],
"clientIp": "60.120.8.232"
},
"response": {
"endTime": 1649638267682,
"headers": [
{
"name": "Cache-Control",
"value": "private"
},
{
"name": "Content-Length",
"value": "97"
},
{
"name": "Content-Type",
"value": "application/json; charset=utf-8"
},
{
"name": "Server",
"value": "Microsoft-IIS/10.0"
},
{
"name": "X-Powered-By",
"value": "ASP.NET"
},
{
"name": "Date",
"value": "Mon, 11 Apr 2022 00:51:07 GMT"
}
],
"hash": "ad543c070a0c3b3eb31ced625a34c76010644df7c36bcf06d7bed677c0a86216",
"responseCode": "200"
},
"event": {
"detectionTime": "2022-04-11T00:51:07Z",
"detectionType": "N/A",
"siteId": "9216",
"siteName": "Off Network ETP Clients",
"policyId": "10739",
"policyName": "Unidentified Location Policy",
"listId": "-1",
"listName": "unknown",
"categoryId": "104",
"categoryName": "Computer & Internet info",
"confidenceId": "-1",
"confidenceName": "Unknown",
"actionId": "5",
"actionName": "Allow",
"blockDescription": "N/A",
"correlatedSinkholeEvents": [],
"reason": "N/A",
"threatId": 3015,
"severityId": 4,
"threatName": "Office365_Optimization",
"severityLevel": "Low",
"onrampType": "etp_offnet_client",
"internalClientIP": "192.168.3.7",
"matchedGroups": [],
"clientRequestId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f-16496382489829565-281",
"encryptedInternalClientIP": "PNwBDfEfs+YQEIgpgodhersAa2zBY8H6Lv02",
"encryptedInternalClientName": "",
"decryptedInternalClientIP": "192.168.3.7",
"applicationId": "274",
"applicationName": "Microsoft 365 Outlook",
"operationId": "99",
"operationName": "None",
"riskId": "4",
"riskName": "Very High",
"catalogId": "2022041001",
"sublocationId": "-1",
"sublocationName": "N/A",
"eventType": "aup",
"clientAgents": [
"EtpClient:3.7.0.1019"
],
"listIdentifiers": [
{
"listId": -1,
"categoryId": 104,
"confidenceId": -1,
"threatId": 3015,
"listName": "unknown",
"categoryName": "Computer & Internet info",
"confidenceName": "Unknown",
"threatName": "Office365_Optimization"
},
{
"listId": -1,
"categoryId": 110,
"confidenceId": -1,
"threatId": 0,
"listName": "unknown",
"categoryName": "Web-Based Email",
"confidenceName": "Unknown",
"threatName": "Unclassified"
}
],
"deepscanReportPath": "",
"httpVersion": "1.1",
"deviceId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f",
"deviceName": "PC-04434",
"deviceOwnerId": "cc-30-80-35-cb-bf",
"files": [
{
"fileName": "N/A",
"fileHash": "ad543c070a0c3b3eb31ced625a34c76010644df7c36bcf06d7bed677c0a86216",
"fileSize": 97,
"fileType": "text/plain",
"dictionaries": [
{
"id": "N/A",
"name": "N/A"
}
],
"patterns": [
{
"id": "N/A",
"name": "N/A"
}
],
"isUpload": false,
"scanStatus": "N/A"
}
],
"configId": 42360,
"deepScanned": false
},
"userIdentity": {
"encryptedUserID": "",
"encryptedUserName": "",
"groups": []
},
"isEvent": false
},
{
"id": "5",
"l7Protocol": "HTTPS",
"request": {
"startTime": 1649638266625,
"connectionId": "0x9F0E6D05161A54E21739B",
"domain": "outlook.office.com.",
"uri": "/api/v2.0/Me/InferenceClassification",
"method": "GET",
"clientPort": 40873,
"destinationIP": "2603:1046:403:a::2",
"destinationPort": 443,
"uuid": "9c97bf70-466a-477d-b454-e4ef13c8e282",
"queryStrings": [],
"headers": [
{
"name": "Cache-Control",
"value": "no-cache"
},
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Content-Type",
"value": "application/json;IEEE754Compatible=true;charset=utf-8"
},
{
"name": "Accept-Charset",
"value": "utf-8"
},
{
"name": "Accept-Encoding",
"value": "gzip"
},
{
"name": "User-Agent",
"value": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14827; Pro)"
},
{
"name": "Host",
"value": "outlook.office.com"
}
],
"clientIp": "60.120.8.232"
},
"response": {
"endTime": 1649638266637,
"headers": [
{
"name": "Server",
"value": "Microsoft-IIS/10.0"
},
{
"name": "X-Powered-By",
"value": "ASP.NET"
},
{
"name": "Date",
"value": "Mon, 11 Apr 2022 00:51:06 GMT"
},
{
"name": "Content-Length",
"value": "0"
}
],
"hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"responseCode": "401"
},
"event": {
"detectionTime": "2022-04-11T00:51:06Z",
"detectionType": "N/A",
"siteId": "9216",
"siteName": "Off Network ETP Clients",
"policyId": "10739",
"policyName": "Unidentified Location Policy",
"listId": "-1",
"listName": "unknown",
"categoryId": "110",
"categoryName": "Web-Based Email",
"confidenceId": "-1",
"confidenceName": "Unknown",
"actionId": "5",
"actionName": "Allow",
"blockDescription": "N/A",
"correlatedSinkholeEvents": [],
"reason": "N/A",
"threatId": 3015,
"severityId": 4,
"threatName": "Office365_Optimization",
"severityLevel": "Low",
"onrampType": "etp_offnet_client",
"internalClientIP": "192.168.3.7",
"matchedGroups": [],
"clientRequestId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f-16496382653591259-297",
"encryptedInternalClientIP": "PNwBDfEfs+YQEIgpgodhersAa2zBY8H6Lv02",
"encryptedInternalClientName": "",
"decryptedInternalClientIP": "192.168.3.7",
"applicationId": "274",
"applicationName": "Microsoft 365 Outlook",
"operationId": "99",
"operationName": "None",
"riskId": "4",
"riskName": "Very High",
"catalogId": "2022041001",
"sublocationId": "-1",
"sublocationName": "N/A",
"eventType": "aup",
"clientAgents": [
"EtpClient:3.7.0.1019"
],
"listIdentifiers": [
{
"listId": -1,
"categoryId": 110,
"confidenceId": -1,
"threatId": 3015,
"listName": "unknown",
"categoryName": "Web-Based Email",
"confidenceName": "Unknown",
"threatName": "Office365_Optimization"
}
],
"deepscanReportPath": "",
"httpVersion": "1.1",
"deviceId": "4ba60ab9-8dd6-4a54-a1cd-e6b400fad96f",
"deviceName": "PC-04434",
"deviceOwnerId": "cc-30-80-35-cb-bf",
"files": [
{
"fileName": "N/A",
"fileHash": "",
"fileSize": -1,
"fileType": "N/A",
"dictionaries": [
{
"id": "N/A",
"name": "N/A"
}
],
"patterns": [
{
"id": "N/A",
"name": "N/A"
}
],
"isUpload": true,
"scanStatus": "N/A"
}
],
"configId": 42360,
"deepScanned": false
},
"userIdentity": {
"encryptedUserID": "",
"encryptedUserName": "",
"groups": []
},
"isEvent": false
}
],
"pageInfo": {
"totalRecords": 144474,
"pageNumber": 1,
"pageSize": 5
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment