{"CreationTime": "2024-02-01T16:07:34", "Id": "9cef02e9-4bfa-4c73-be7d-9dad68b9cea8", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientAppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientIPAddress": "120.1.121.35", "ClientInfoString": "Client=WebServices;ExchangeWebServicesProxy/CrossSite/EXCH/15.20.7249.024/python-requests/2.25.1[AppId=47629505-c2b6-4a80-adb1-9b3a3d233b7b];", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"InternetMessageId": "", "SizeInBytes": 44329}, {"InternetMessageId": "", "SizeInBytes": 44304}, {"InternetMessageId": "", "SizeInBytes": 44572}, {"InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4} {"CreationTime": "2024-01-31T20:08:04", "Id": "256e5623-78c8-4ad7-0fbd-08dc2298559a", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 2, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "ClientIP": "120.1.121.35", "UserId": "user15@splunkresearch.onmicrosoft.com", "ClientIPAddress": "120.1.121.35", "ClientInfoString": "Client=MSExchangeRPC", "ClientProcessName": "OUTLOOK.EXE", "ClientRequestId": "{68D7F66F-B4BC-413D-813B-BB34E1E0D9C2}", "ClientVersion": "16.0.17126.20014", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Sync"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "SessionId": "75227b2f-7cf0-4945-94c4-9e3b28b93988", "Item": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEVAAAB", "ParentFolder": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEVAAAB", "Name": "Conversation History", "Path": "Not Available"}}} {"CreationTime": "2024-01-31T20:07:49", "Id": "62fb2869-ffe2-42b9-e24a-08dc22984c88", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 2, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "ClientIP": "120.1.121.35", "UserId": "user15@splunkresearch.onmicrosoft.com", "ClientIPAddress": "120.1.121.35", "ClientInfoString": "Client=MSExchangeRPC", "ClientProcessName": "OUTLOOK.EXE", "ClientRequestId": "{9D0B743A-E199-4D43-A9A4-CA73B4264FC1}", "ClientVersion": "16.0.17126.20014", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Sync"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "SessionId": "75227b2f-7cf0-4945-94c4-9e3b28b93988", "Item": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "ParentFolder": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Name": "Inbox", "Path": "Not Available"}}} {"CreationTime": "2024-01-31T18:44:21", "Id": "0053b877-63f0-4938-a1a1-2d91c7982db4", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "00000003-0000-0000-c000-000000000000", "ClientAppId": "867f0d29-0eab-4017-b691-c4713cc7d7b0", "ClientIPAddress": "20.190.161.25", "ClientInfoString": "Client=REST;Client=RESTSystem;;", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 44329}, {"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 44304}, {"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 44572}, {"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4} {"CreationTime": "2024-01-31T16:59:31", "Id": "685a03d7-384e-417e-9d98-31fbbf3e88a1", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientAppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientIPAddress": "120.1.121.35", "ClientInfoString": "Client=WebServices;ExchangeWebServicesProxy/CrossSite/EXCH/15.20.7249.020/Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22621.2506[AppId=47629505-c2b6-4a80-adb1-9b3a3d233b7b];", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"InternetMessageId": "", "SizeInBytes": 44329}, {"InternetMessageId": "", "SizeInBytes": 44304}, {"InternetMessageId": "", "SizeInBytes": 44572}, {"InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4} {"CreationTime": "2024-01-31T16:35:09", "Id": "4bbd79b7-09b6-42a3-9a95-755b79f0eae2", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "00000003-0000-0000-c000-000000000000", "ClientAppId": "867f0d29-0eab-4017-b691-c4713cc7d7b0", "ClientIPAddress": "20.190.161.152", "ClientInfoString": "Client=REST;Client=RESTSystem;;", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 44329}, {"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 44304}, {"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 44572}, {"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4} {"CreationTime": "2024-01-31T02:44:53", "Id": "e9a9df05-d8e8-4123-abc7-4e89fb3ecbd2", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "a3883eba-fbe9-48bd-9ed3-dca3e0e84250", "ClientAppId": "a3883eba-fbe9-48bd-9ed3-dca3e0e84250", "ClientIPAddress": "1233:24a8:610:156::19", "ClientInfoString": "Client=REST;Client=RESTSystem;;", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"ClientRequestId": "862b7d32-f61b-4e01-8064-810aaf084e3f", "InternetMessageId": "", "SizeInBytes": 44572}, {"ClientRequestId": "862b7d32-f61b-4e01-8064-810aaf084e3f", "InternetMessageId": "", "SizeInBytes": 44304}, {"ClientRequestId": "862b7d32-f61b-4e01-8064-810aaf084e3f", "InternetMessageId": "", "SizeInBytes": 44329}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 3} {"CreationTime": "2024-01-31T01:02:17", "Id": "f3eaafdc-2205-4371-9dce-71a44578f678", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientAppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientIPAddress": "120.1.121.44", "ClientInfoString": "Client=WebServices;ExchangeWebServicesProxy/CrossSite/EXCH/15.20.7249.020/Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22621.2506[AppId=47629505-c2b6-4a80-adb1-9b3a3d233b7b];", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"InternetMessageId": "", "SizeInBytes": 44329}, {"InternetMessageId": "", "SizeInBytes": 44304}, {"InternetMessageId": "", "SizeInBytes": 44572}, {"InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4} {"CreationTime": "2024-01-30T22:57:40", "Id": "43b2e431-6c7e-47e4-8b01-7c29db3778e7", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "13937bba-652e-4c46-b222-3003f4d1ff97", "ClientAppId": "13937bba-652e-4c46-b222-3003f4d1ff97", "ClientIPAddress": "1233:24a8:610:1d9::12", "ClientInfoString": "Client=REST;Client=RESTSystem;;", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"ClientRequestId": "73a533d9-af14-4264-b8d1-ce99554b8924", "InternetMessageId": "", "SizeInBytes": 44329}, {"ClientRequestId": "c783c818-a76b-4820-ba19-2c81e4e6ff8b", "InternetMessageId": "", "SizeInBytes": 44304}, {"ClientRequestId": "927719ab-68fd-4c00-b17f-f3eff08b923b", "InternetMessageId": "", "SizeInBytes": 44572}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 3} {"CreationTime": "2024-01-30T22:57:38", "Id": "261fede0-cfcb-4a79-be1b-750f4d5ea68c", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "00000002-0000-0ff1-ce00-000000000000", "ClientIPAddress": "120.1.121.37", "ClientInfoString": "Client=OWA;Action=ViaProxy", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "SessionId": "a7e05701-5f7b-4e82-8b9f-c6b61d200494", "Folders": [{"FolderItems": [{"InternetMessageId": "", "SizeInBytes": 44329}, {"InternetMessageId": "", "SizeInBytes": 44304}, {"InternetMessageId": "", "SizeInBytes": 44572}, {"InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4}