{"time": "8/2/2023 1:08:44 PM", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/microsoft.aadiam", "operationName": "User Risk Detection", "operationVersion": "1.0", "category": "UserRiskEvents", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "72.43.122.40", "correlationId": "efa2cb19d58a7a6a1424c692ca5202552ab1d0025d0e933e442193fc945a6bc6", "identity": "ava.brown", "Level": 4, "location": "us", "properties": {"id": "efa2cb19d58a7a6a1424c692ca5202552ab1d0025d0e933e442193fc945a6bc6", "requestId": "14066cab-a7bf-4e12-ba3d-17a026373700", "correlationId": "20afe6ab-d103-42c9-a810-97c25b61b279", "riskType": "maliciousIPAddress", "riskEventType": "maliciousIPAddress", "riskState": "atRisk", "riskLevel": "high", "riskDetail": "none", "source": "IdentityProtection", "detectionTimingType": "offline", "activity": "signin", "ipAddress": "72.43.122.40", "location": {"city": "New York", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"altitude": 0.0, "latitude": 0, "longitude": -0}}, "activityDateTime": "2023-08-01T19:55:29.638Z", "detectedDateTime": "2023-08-02T9:12:15.353Z", "lastUpdatedDateTime": "2023-08-02T13:08:44.445Z", "userId": "bd4a5efd-ffd5-4e27-9d7d-96e9094a74ec", "userDisplayName": "Ava.Brown", "userPrincipalName": "Ava.Brown@splunkresearch.com", "additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Macintosh; Darwin 22.4.0 Darwin Kernel Version 22.4.0: Mon Mar  6 21:00:17 PST 2023; root:xnu-8796.101.5~3/RELEASE_X86_64; en-US) PowerShell/7.3.4\"}]", "tokenIssuerType": "AzureAD", "resourceTenantId": null, "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "userType": "member", "crossTenantAccessType": "none"}}
{"time": "8/2/2023 12:53:17 PM", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/microsoft.aadiam", "operationName": "User Risk Detection", "operationVersion": "1.0", "category": "UserRiskEvents", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "72.43.122.40", "correlationId": "916b69283c385ead75300755cfab8188727cd5ae67ab82b8e2a7a31b1a297936", "identity": "lucas.martin", "Level": 4, "location": "us", "properties": {"id": "916b69283c385ead75300755cfab8188727cd5ae67ab82b8e2a7a31b1a297936", "requestId": "117f34c2-3d69-4090-a119-c69d75c95500", "correlationId": "8824c507-0585-40c8-9eeb-f66a2755bbdd", "riskType": "maliciousIPAddress", "riskEventType": "maliciousIPAddress", "riskState": "atRisk", "riskLevel": "high", "riskDetail": "none", "source": "IdentityProtection", "detectionTimingType": "offline", "activity": "signin", "ipAddress": "72.43.122.40", "location": {"city": "New York", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"altitude": 0.0, "latitude": 0, "longitude": -0}}, "activityDateTime": "2023-08-01T19:55:31.776Z", "detectedDateTime": "2023-08-02T9:10:27.098Z", "lastUpdatedDateTime": "2023-08-02T12:53:17.099Z", "userId": "044329f2-0d1e-4867-9a18-2273fab9bdac", "userDisplayName": "Lucas.Martin", "userPrincipalName": "Lucas.Martin@splunkresearch.com", "additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Macintosh; Darwin 22.4.0 Darwin Kernel Version 22.4.0: Mon Mar  6 21:00:17 PST 2023; root:xnu-8796.101.5~3/RELEASE_X86_64; en-US) PowerShell/7.3.4\"}]", "tokenIssuerType": "AzureAD", "resourceTenantId": null, "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "userType": "member", "crossTenantAccessType": "none"}}
{"time": "8/2/2023 10:30:32 AM", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/microsoft.aadiam", "operationName": "User Risk Detection", "operationVersion": "1.0", "category": "UserRiskEvents", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "72.43.122.40", "correlationId": "b9b0b0d847a9228aa76c429c5672150c269baa980b06f54459617a9e55bebbfd", "identity": "liam.johnson", "Level": 4, "location": "us", "properties": {"id": "b9b0b0d847a9228aa76c429c5672150c269baa980b06f54459617a9e55bebbfd", "requestId": "06ed930c-c894-45e9-a772-f51189344e00", "correlationId": "92c96c62-31c4-485f-aae8-e41c71a82277", "riskType": "maliciousIPAddress", "riskEventType": "maliciousIPAddress", "riskState": "atRisk", "riskLevel": "high", "riskDetail": "none", "source": "IdentityProtection", "detectionTimingType": "offline", "activity": "signin", "ipAddress": "72.43.122.40", "location": {"city": "New York", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"altitude": 0.0, "latitude": 0, "longitude": -0}}, "activityDateTime": "2023-08-01T19:55:29.169Z", "detectedDateTime": "2023-08-02T9:11:06.902Z", "lastUpdatedDateTime": "2023-08-02T10:30:32.417Z", "userId": "05c3e1ed-7f22-40b8-a51b-581598cb91ae", "userDisplayName": "Liam.Johnson", "userPrincipalName": "Liam.Johnson@splunkresearch.com", "additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Macintosh; Darwin 22.4.0 Darwin Kernel Version 22.4.0: Mon Mar  6 21:00:17 PST 2023; root:xnu-8796.101.5~3/RELEASE_X86_64; en-US) PowerShell/7.3.4\"}]", "tokenIssuerType": "AzureAD", "resourceTenantId": null, "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "userType": "member", "crossTenantAccessType": "none"}}