{"CreationTime": "2024-01-31T20:08:04", "Id": "256e5623-78c8-4ad7-0fbd-08dc2298559a", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 2, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "ClientIP": "120.1.121.35", "UserId": "user15@splunkresearch.onmicrosoft.com", "ClientIPAddress": "120.1.121.35", "ClientInfoString": "Client=MSExchangeRPC", "ClientProcessName": "OUTLOOK.EXE", "ClientRequestId": "{68D7F66F-B4BC-413D-813B-BB34E1E0D9C2}", "ClientVersion": "16.0.17126.20014", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Sync"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "SessionId": "75227b2f-7cf0-4945-94c4-9e3b28b93988", "Item": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEVAAAB", "ParentFolder": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEVAAAB", "Name": "Conversation History", "Path": "Not Available"}}} {"CreationTime": "2024-01-31T20:07:49", "Id": "62fb2869-ffe2-42b9-e24a-08dc22984c88", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 2, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "ClientIP": "120.1.121.35", "UserId": "user15@splunkresearch.onmicrosoft.com", "ClientIPAddress": "120.1.121.35", "ClientInfoString": "Client=MSExchangeRPC", "ClientProcessName": "OUTLOOK.EXE", "ClientRequestId": "{9D0B743A-E199-4D43-A9A4-CA73B4264FC1}", "ClientVersion": "16.0.17126.20014", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Sync"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "SessionId": "75227b2f-7cf0-4945-94c4-9e3b28b93988", "Item": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "ParentFolder": {"Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Name": "Inbox", "Path": "Not Available"}}} {"CreationTime": "2024-01-31T18:44:21", "Id": "0053b877-63f0-4938-a1a1-2d91c7982db4", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "00000003-0000-0000-c000-000000000000", "ClientAppId": "867f0d29-0eab-4017-b691-c4713cc7d7b0", "ClientIPAddress": "20.190.161.25", "ClientInfoString": "Client=REST;Client=RESTSystem;;", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 44329}, {"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 44304}, {"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 44572}, {"ClientRequestId": "ad8ef114-7794-4887-a46f-4113e53aaaf9", "InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4} {"CreationTime": "2024-01-31T16:59:31", "Id": "685a03d7-384e-417e-9d98-31fbbf3e88a1", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientAppId": "47629505-c2b6-4a80-adb1-9b3a3d233b7b", "ClientIPAddress": "120.1.121.35", "ClientInfoString": "Client=WebServices;ExchangeWebServicesProxy/CrossSite/EXCH/15.20.7249.020/Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22621.2506[AppId=47629505-c2b6-4a80-adb1-9b3a3d233b7b];", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"InternetMessageId": "", "SizeInBytes": 44329}, {"InternetMessageId": "", "SizeInBytes": 44304}, {"InternetMessageId": "", "SizeInBytes": 44572}, {"InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4} {"CreationTime": "2024-01-31T16:35:09", "Id": "4bbd79b7-09b6-42a3-9a95-755b79f0eae2", "Operation": "MailItemsAccessed", "OrganizationId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 50, "ResultStatus": "Succeeded", "UserKey": "100320030DF47B14", "UserType": 0, "Version": 1, "Workload": "Exchange", "UserId": "user15@splunkresearch.onmicrosoft.com", "AppId": "00000003-0000-0000-c000-000000000000", "ClientAppId": "867f0d29-0eab-4017-b691-c4713cc7d7b0", "ClientIPAddress": "20.190.161.152", "ClientInfoString": "Client=REST;Client=RESTSystem;;", "ExternalAccess": false, "InternalLogonType": 0, "LogonType": 0, "LogonUserSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxGuid": "7cfcc8fc-0d4a-4e1c-9592-dbb3de1e3859", "MailboxOwnerSid": "S-1-5-21-1148582062-3132321681-773847816-49307764", "MailboxOwnerUPN": "user15@splunkresearch.onmicrosoft.com", "OperationProperties": [{"Name": "MailAccessType", "Value": "Bind"}, {"Name": "IsThrottled", "Value": "False"}], "OrganizationName": "splunkresearch.onmicrosoft.com", "OriginatingServer": "CH0PR18MB5530 (15.20.4200.000)\r\n", "Folders": [{"FolderItems": [{"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 44329}, {"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 44304}, {"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 44572}, {"ClientRequestId": "d041810d-2961-406d-ad75-1333e4291320", "InternetMessageId": "", "SizeInBytes": 245068}], "Id": "LgAAAAC0AxwgOj/BRq9Bs1bhMPw/AQDh+UNSDzeHSLWfq+fr83BDAAAAAAEMAAAB", "Path": "\\Inbox"}], "OperationCount": 4}