{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":195, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":195, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":195, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":195, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":187, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":187, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":187, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":187, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":181, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":181, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":181, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":181, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":178, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":178, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":178, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":178, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":176, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":176, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":176, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":176, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":173, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":173, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":173, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":173, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":167, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":167, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":167, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":167, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":164, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":164, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":164, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":164, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":162, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":162, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":162, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":162, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":123, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":123, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":123, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":123, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":52, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":52, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":52, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":52, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":22, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":22, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":22, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":22, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":873, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":873, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":873, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":873, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":871, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":871, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":871, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":871, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":855, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":855, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":855, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":855, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":823, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":823, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":823, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":823, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":722, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":722, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":722, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":722, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":685, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":685, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":685, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":685, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":620, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":620, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":620, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":620, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":593, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":593, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":593, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":593, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":563, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":563, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":563, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":563, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":532, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":532, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":532, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":532, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":502, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":502, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":502, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":502, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":498, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":498, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":498, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":498, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":469, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":469, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":469, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":469, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":449, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":449, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":449, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":449, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":437, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":437, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":437, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":437, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":404, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":404, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":404, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":404, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":375, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":375, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":375, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":375, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":348, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":348, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":348, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":348, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":345, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":345, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":345, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":345, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":317, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":317, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":317, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":317, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":286, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":286, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":286, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":286, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":252, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":252, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":252, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":252, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":224, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":224, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":224, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":224, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":191, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":191, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":191, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":191, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":150, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":150, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":150, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":150, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":147, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":147, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":147, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":147, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":145, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":145, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":145, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":145, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":142, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":142, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":142, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":142, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":139, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":139, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":139, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":139, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":125, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":125, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":125, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":125, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":120, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":120, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":120, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":120, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":110, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":110, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":110, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":110, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":107, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":107, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":107, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":107, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":105, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":105, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":105, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":105, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":105, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":102, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":102, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":102, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":102, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":102, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":99, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":99, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":99, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":99, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":97, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":97, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":97, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":97, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":94, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":94, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":94, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":94, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":92, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":92, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":92, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":92, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":89, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":89, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":89, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":89, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":86, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":86, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":86, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":86, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":81, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":81, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":81, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":81, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":78, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":78, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":78, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":78, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":76, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":76, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":76, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":76, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":73, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":73, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":73, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":73, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":70, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":70, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":70, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":11192, "SignatureRevision":20, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE download of executable content", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":70, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":196, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":196, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":196, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744752707, "EventMicrosecond":709756, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744752707, "ConnectionID":27798, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":2604, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.242.0_5ac0bd95663c4357097204f23072019d82f2e8ce.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":196, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067fece37", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":188, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":188, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":188, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744666308, "EventMicrosecond":39747, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744666308, "ConnectionID":25393, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.233.0_1cdaa606ad47c7367b49a241a0563320487038bb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":188, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":182, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":182, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":182, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744579914, "EventMicrosecond":247942, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744579914, "ConnectionID":22346, "InitiatorIP":"184.25.59.69", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62264, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.222.0_57fadf49717b21b307f82a66ce37001ac0975c25.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":182, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":179, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":179, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":179, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744502279, "EventMicrosecond":111078, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744502279, "ConnectionID":19571, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60100, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/1aab1bcf-0713-4792-b671-7470b90e4f54?P1=1745107077&P2=404&P3=2&P4=Jehn7ESkT2Aj3bVbLemvNE7o61eTQzNM6g8eyZVL0DxP6nM%2b3kSAlM0TWwQ5B5PISg0wPM1vHyeYaIQFAhQ33A%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":179, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":177, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":177, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":177, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744493511, "EventMicrosecond":271256, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744493511, "ConnectionID":19263, "InitiatorIP":"23.46.30.37", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59862, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.204.0_f561be89cdb4dc64fd4e222d5335c3955a9074f8.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":177, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":174, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":174, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":174, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744407112, "EventMicrosecond":899306, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744407112, "ConnectionID":16312, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.183.0_30a5e7d5bf7087110bb7e8ba11ae1240630a48f9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":174, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f8c9aa", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":168, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":168, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":168, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744320071, "EventMicrosecond":391245, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744320071, "ConnectionID":13216, "InitiatorIP":"23.205.89.9", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54995, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_fb6d4e5152d96c81a46effcc6eb063b438b67650.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":168, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":165, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":165, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":165, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744286254, "EventMicrosecond":861253, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744286254, "ConnectionID":12035, "InitiatorIP":"23.220.206.38", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54048, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/43a7c051-6388-4a9a-8ad0-320b591e5520?P1=1744891054&P2=404&P3=2&P4=auXfBYg4cZQZ%2fiMWXgRccbyPix5d7v%2bh9Xd7zgHiLBJSKBRD9qoJWC7MomiKBaQsoxulcQCIReFlv5VHSv7EMQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":165, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":163, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":163, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":163, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744233650, "EventMicrosecond":262452, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744233650, "ConnectionID":10805, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52588, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.136.0_2d0c7b5cc158b1fb15a022cdd1c5ee160bee7a46.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":163, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f639a9", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":124, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":124, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":124, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744139384, "EventMicrosecond":273774, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744139384, "ConnectionID":7258, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":9152, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_213005cf246fa80b43b8841a8dba11aa130cb9ef.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":124, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":53, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":53, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":53, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744052983, "EventMicrosecond":544649, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744052983, "ConnectionID":4218, "InitiatorIP":"23.46.30.23", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":6122, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.94.0_73f3ad4f0912a35ba4fbac67e9437e49a176965a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":53, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":23, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":23, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":23, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743966602, "EventMicrosecond":774374, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743966602, "ConnectionID":1614, "InitiatorIP":"23.215.11.159", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":3435, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.67.0_5f44b911b39a95522cef054ac4c2559d2f7dbd01.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":23, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":874, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":874, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":874, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832649, "EventMicrosecond":770605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832649, "ConnectionID":16400, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62904, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/4d3f2455-4441-4d0e-81b1-30954ad38b72?P1=1744437445&P2=404&P3=2&P4=nEpkS9WmqK1bNlo%2fesnaUDs0kYSYOanimieSOPU1Fd6vY5xFAvx%2fRWGlpMh%2bbst7IivnXoQLFOSJAoUFipmkBA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":874, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":872, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":872, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":872, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743832319, "EventMicrosecond":400629, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743832319, "ConnectionID":16382, "InitiatorIP":"217.20.63.35", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16c9e56e-be3c-4e11-a9dc-a49e149a46d6?P1=1744437118&P2=404&P3=2&P4=QytfcvXlr2HdwqkvZXHMF6Bwh3Xoljg57QtxDPUGUFzx6gemaDoJwK0GSRhN3Q6nix7sN9AqR4LBgu0ScYNm2w%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":872, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":856, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":856, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":856, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743793785, "EventMicrosecond":751471, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743793785, "ConnectionID":15346, "InitiatorIP":"23.54.78.50", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":61786, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.39.0_65231622d63f2c7a8d2a0e840f149c6475ccf5ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":856, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":824, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":824, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":824, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743707406, "EventMicrosecond":343427, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743707406, "ConnectionID":12990, "InitiatorIP":"23.46.30.27", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59265, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_patch_1.427.23.0_7d013a1af8e6e98c2292d1f16a35d9457046119f.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":824, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":723, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":723, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":723, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743620979, "EventMicrosecond":745338, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743620979, "ConnectionID":10042, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":56363, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/04/am_delta_5671f2689f6adf551680e27d34c5816812dcfc18.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":723, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ed7073", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":686, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":686, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":686, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743533941, "EventMicrosecond":209644, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743533941, "ConnectionID":7458, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53644, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_00f5d71b0ba4329517a4e572a952bd7510915927.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":686, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ebe52b", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":621, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":621, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":621, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743447538, "EventMicrosecond":331571, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743447538, "ConnectionID":64199, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60671, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.340.0_a244f00c7fceab434c65e351602b9ef628908c5d.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":621, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":594, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":594, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":594, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743361144, "EventMicrosecond":243502, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743361144, "ConnectionID":61982, "InitiatorIP":"23.48.99.75", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58183, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.334.0_fab809c88128bc3b5d9036d420d15b5e5fc8558b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":594, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":564, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":564, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":564, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743274738, "EventMicrosecond":880142, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743274738, "ConnectionID":59724, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.313.0_4851ec7fcf2f35b41666f0b22df49fcec707453c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":564, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":533, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":533, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":533, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743188355, "EventMicrosecond":652081, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743188355, "ConnectionID":57519, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53196, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.286.0_b3a37e7a87116af846426dd568a129166492550b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":533, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":503, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":503, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":503, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743108739, "EventMicrosecond":446388, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743108739, "ConnectionID":55479, "InitiatorIP":"23.220.206.34", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50889, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/fef20fdd-9331-42a4-890f-e0813064af88?P1=1743713538&P2=404&P3=2&P4=Mt3Bwd1vGd%2bWyuOEe%2bYx%2bs1BPfUBwlJnXDGomdt8QtfiPF50UYZjgr%2fwpR8RYfdU6OqrLPs0QXrJrfCjo7cBfA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":503, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":499, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":499, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":499, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743101936, "EventMicrosecond":766516, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743101936, "ConnectionID":55292, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50689, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.266.0_8363ceaf5befe2af7f234734a2be03e21b060738.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":499, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":470, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":470, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":470, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1743015537, "EventMicrosecond":208485, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743015537, "ConnectionID":53068, "InitiatorIP":"23.51.25.80", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64562, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.238.0_cdc121010c0ba4252fa85df8e6b88acabb21be75.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":470, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":450, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":450, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":450, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742961134, "EventMicrosecond":89701, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742961134, "ConnectionID":51644, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62975, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/7a7af394-5875-4336-9386-71119b964509?P1=1743565934&P2=404&P3=2&P4=ZRliMKgyJS4x2S2%2frI7L9KGF8OsGZRODVbv8XwhUGuOPoQBc0iJSZIMysqAUw2Ux%2fZi5HMI8LFm69SOg6ydPug%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":450, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":438, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":438, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":438, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742929142, "EventMicrosecond":481908, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742929142, "ConnectionID":50832, "InitiatorIP":"23.46.30.22", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62059, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.214.0_2e851418e36c9842dc6207bc039c1adfb8bd14fd.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":438, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":405, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":405, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":405, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742842736, "EventMicrosecond":623838, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742842736, "ConnectionID":48605, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59549, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.191.0_a8d7d456a2776c93cfbe0f2e2e3ca81e7e182f34.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":405, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":376, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":376, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":376, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742756339, "EventMicrosecond":435768, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742756339, "ConnectionID":46387, "InitiatorIP":"23.35.69.138", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57056, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.176.0_265ad75b48dca1c72b2d5ffef90c6b13f04c1a29.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":376, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":349, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":349, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":349, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742673116, "EventMicrosecond":737617, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742673116, "ConnectionID":44247, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54650, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/c5c520bd-2aa7-43b1-989d-9753c778c5f7?P1=1743277916&P2=404&P3=2&P4=KqLSGUn%2b7DWry3BeCvjmRQu37jA35uz86UVF7puBy26uPOsRsfHJD%2bfA3Tl5v0AwJJenN1WamTdJxDVth3vJpg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":349, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":346, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":346, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":346, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742669937, "EventMicrosecond":997674, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742669937, "ConnectionID":44161, "InitiatorIP":"217.20.51.20", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":54561, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.157.0_c1ff77287079109c286269f5ea7e0dec83191a1a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":346, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":318, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":318, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":318, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742583537, "EventMicrosecond":689631, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742583537, "ConnectionID":41954, "InitiatorIP":"23.35.69.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52069, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.130.0_0a9423183e842c7a0a28b24b75c7af63fa6bce4a.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":318, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":287, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":287, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":287, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742497139, "EventMicrosecond":794011, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742497139, "ConnectionID":39739, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49557, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.106.0_8cdfe1291d908fd22c8f5aaf0ac431b9c9ef1fe9.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":287, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":253, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":253, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":253, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742410750, "EventMicrosecond":645947, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742410750, "ConnectionID":37494, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":63443, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.90.0_79865213fc99d48492f835ed55bb6ea12f210db3.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":253, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":225, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":225, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":225, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742324337, "EventMicrosecond":631040, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742324337, "ConnectionID":35225, "InitiatorIP":"208.89.73.145", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.76.0_166e30254a978a8e91e9fc013b0da8dc439dc5e1.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":225, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":192, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":192, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":192, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742237939, "EventMicrosecond":752967, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742237939, "ConnectionID":32970, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":58356, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.59.0_937767ed8519c8aba4e95a2c9eed2e289d1bc134.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":192, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d80eb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":151, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":151, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":151, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742151540, "EventMicrosecond":55691, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742151539, "ConnectionID":30463, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55583, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.41.0_691683dd1e4b3f9b294bdf226962a39a785cea04.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":151, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":148, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":148, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":148, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742089937, "EventMicrosecond":217060, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742089937, "ConnectionID":29198, "InitiatorIP":"23.55.241.153", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53915, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/521eaf0a-f25d-446e-8f63-db91621bb8c0?P1=1742694736&P2=404&P3=2&P4=m3BrNMvh%2buKlT1TKjmwBzvciOydrUkdTYUZpdf5wO%2bG3NORFKpg5l8CFh0GRELfc9T87j9XX0mzrAXwEjRw4VA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":148, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":146, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":146, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":146, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1742065146, "EventMicrosecond":67623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1742065145, "ConnectionID":28678, "InitiatorIP":"23.51.25.94", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53216, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.32.0_9ec6aaa0f48107b7f79cab1985b0250fa4827211.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":146, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":143, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":143, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":143, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741978736, "EventMicrosecond":249544, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741978736, "ConnectionID":26846, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50852, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.425.14.0_613f7b236e244bfac6f6f3bc87214560ebf7f50e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":143, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":140, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":140, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":140, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741892339, "EventMicrosecond":363827, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741892339, "ConnectionID":25011, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64870, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_807ed7223c3256ed53c08dd2aca7e3ee5054643b.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":140, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d32742", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":126, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":126, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":126, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741805936, "EventMicrosecond":675731, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741805936, "ConnectionID":22926, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62482, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.344.0_411befa44679b3174bdac7093c9e2680883147ca.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":126, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":121, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":121, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":121, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741798325, "EventMicrosecond":475912, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741798325, "ConnectionID":22706, "InitiatorIP":"23.48.99.25", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62238, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/95d0c8ca-690a-4008-a592-8ae686beaea9?P1=1742403125&P2=404&P3=2&P4=mU60MBXgeIOICvawv8LCzCcEOeZblsr9rWYusmp298m89mmpErVNCoVgWnrB%2fD4BirIY1St9PIL1BPmksHYhtw%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":121, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067d197b0", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":111, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":111, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":111, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741719539, "EventMicrosecond":708444, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741719539, "ConnectionID":20867, "InitiatorIP":"23.51.25.207", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":60079, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.328.0_bf4538ffc8f752412935b92180bad3a84dde8b6e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":111, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":108, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":108, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":108, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741633139, "EventMicrosecond":130410, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741633139, "ConnectionID":19076, "InitiatorIP":"23.215.11.143", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57731, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.310.0_3c42b1124c5b74961f67b85c23a3433416561733.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":108, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":106, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":106, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":106, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":106, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741546735, "EventMicrosecond":622312, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741546735, "ConnectionID":17291, "InitiatorIP":"208.89.73.147", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55388, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.295.0_df96886607cfb3a4aecec53ac04e7172dfaa096c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":106, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":103, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":103, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":103, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":103, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741460338, "EventMicrosecond":694315, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741460338, "ConnectionID":15518, "InitiatorIP":"23.215.11.137", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":53033, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.281.0_45ff3594e65b03a4f75fd8d367c59d8a65fca252.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":103, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":100, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":100, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":100, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741402339, "EventMicrosecond":295623, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741402339, "ConnectionID":14305, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51457, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Chrome", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/67dcd1e7-68e4-41fe-bc8a-ed312c5f0933?P1=1742007139&P2=404&P3=2&P4=Y%2fMM15IAZsf3JGoTwpSbIYdZpdP89eZAMfLc1p1Wd4BWUBq%2bpQyzNQ5gbDpJlf0Iq8SOUzBV%2f7AHVewjTsnFFg%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":589, "ClientApplicationProductivityIndex":3, "ClientApplicationRiskIndex":3, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":100, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":98, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":98, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":98, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741373958, "EventMicrosecond":56271, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741373958, "ConnectionID":13723, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":50683, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.261.0_25112a9eeca8ef64673ea6177bc2be20bc95be6c.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":98, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":95, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":95, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":95, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741326379, "EventMicrosecond":478765, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741326379, "ConnectionID":12732, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":49369, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/16838e89-634a-4a9b-89e8-f209f4ea4868?P1=1741931177&P2=404&P3=2&P4=d1xJTn6rKEAPgbSLSU55%2fXrMgJsmGQzrpcEK81ce3L5uLLGMYLRu1iVctP4SR0fN35IliR6s8eT9aunOVr34JQ%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":95, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":93, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":93, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":93, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741287533, "EventMicrosecond":909605, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741287533, "ConnectionID":11934, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64697, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.245.0_bcd51623ad99d9e3a2b64a53f81ddc95bc8d9188.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":93, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":90, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":90, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":90, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741286896, "EventMicrosecond":89671, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741286895, "ConnectionID":11908, "InitiatorIP":"23.35.68.210", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":64670, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/updateplatform.amd64fre_a0f38999512272f4461ac8d7ce8069209984343e.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":90, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":87, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":87, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":87, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741200494, "EventMicrosecond":891555, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741200494, "ConnectionID":10120, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":62318, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.227.0_355a01f4bfbee207918a3c1aa8a226ba59c87b10.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":87, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":82, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":82, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":82, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741114098, "EventMicrosecond":876968, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741114098, "ConnectionID":8284, "InitiatorIP":"23.48.99.68", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":59940, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.210.0_628f364c0a84311785a91ec6d33b4a0caece53cb.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":82, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":79, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":79, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":79, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1741027711, "EventMicrosecond":458914, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1741027711, "ConnectionID":6513, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":57598, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.196.0_dd644a93f02974830a360ffc327d462948f1a321.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":79, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c5de35", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":77, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":77, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":77, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740941320, "EventMicrosecond":303008, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740941320, "ConnectionID":4731, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":55226, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/c/msdownload/update/software/defu/2025/03/am_delta_patch_1.423.180.0_c3ba10bb7873f52510bc7bb236d65dc06105c8de.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":77, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":74, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":74, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":74, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740854895, "EventMicrosecond":694910, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740854895, "ConnectionID":2925, "InitiatorIP":"146.75.78.172", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":52880, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"au.download.windowsupdate.com", "HTTP_URI":"/d/msdownload/update/software/defu/2025/03/am_delta_1e26a6832fc6c5d607c27444c1a5e7c25c9a88ed.exe", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":74, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":15306, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"FILE-EXECUTABLE Portable Executable binary file magic detected", "Classification":"Potential Corporate Policy Violation", "WebApplication":"Microsoft Update", "ClientApplication":"Parallels", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"msedge.b.tlu.dl.delivery.mp.microsoft.com", "HTTP_URI":"/filestreamingservice/files/2619d5fd-eb83-471e-8036-a8c6ca0a212e?P1=1741409144&P2=404&P3=2&P4=nLqat3njtfkR%2fqPFCUUsv8k%2brezFsbd7D5fTJPM03XW7%2fFhKj1zTOd0uVbPdfJPySWAN3iod2N67Qo51aQWhsA%3d%3d", "SnortRuleGroups":"Rule Categories>File>Executable", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Execution>User Execution>Malicious File", "ApplicationID":676, "ApplicationProductivityIndex":3, "ApplicationRiskIndex":1, "ClientApplicationID":2802, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"Microsoft Update", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":64795, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt", "Classification":"Attempted User Privilege Gain", "WebApplication":"", "ClientApplication":"", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"", "HTTP_URI":"", "SnortRuleGroups":"Rule Categories>Server>Other", "MitreAttackGroups":"", "ApplicationID":-, "ApplicationProductivityIndex":-, "ApplicationRiskIndex":-, "ClientApplicationID":-, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":61514, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"Veeam Backup and Replication credential dump attempt", "Classification":"Potential Corporate Privacy Violation", "WebApplication":"", "ClientApplication":"", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"", "HTTP_URI":"", "SnortRuleGroups":"Rule Categories>Policy>Other", "MitreAttackGroups":"", "ApplicationID":-, "ApplicationProductivityIndex":-, "ApplicationRiskIndex":-, "ClientApplicationID":-, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1744122060, "EventMicrosecond":514148, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744122060, "ConnectionID":6314, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":8342, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":84, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997}
{"EventType":"IntrusionEvent", "EventSecond":1744122060, "EventMicrosecond":514148, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744122060, "ConnectionID":6314, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":8342, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":84, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997}
{"EventType":"IntrusionEvent", "EventSecond":1744122060, "EventMicrosecond":514148, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744122060, "ConnectionID":6314, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":8342, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":84, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997}
{"EventType":"IntrusionEvent", "EventSecond":1744122060, "EventMicrosecond":514148, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1744122060, "ConnectionID":6314, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":8342, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":84, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067f51d3c", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997}
{"EventType":"IntrusionEvent", "EventSecond":1743672850, "EventMicrosecond":964168, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743672850, "ConnectionID":11819, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":58090, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":783, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "SensorID":2, "SnortVersionID":3, "UserID":9999997}
{"EventType":"IntrusionEvent", "EventSecond":1743672850, "EventMicrosecond":964168, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743672850, "ConnectionID":11819, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":58090, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":783, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997}
{"EventType":"IntrusionEvent", "EventSecond":1743672850, "EventMicrosecond":964168, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743672850, "ConnectionID":11819, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":58090, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":783, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997}
{"EventType":"IntrusionEvent", "EventSecond":1743672850, "EventMicrosecond":964168, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1743672850, "ConnectionID":11819, "InitiatorIP":"3.124.41.193", "ResponderIP":"172.16.3.110", "InitiatorPort":4444, "ResponderPort":58090, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46983, "SignatureRevision":1, "Impact":5, "IntrusionRuleMessage":"INDICATOR-COMPROMISE Microsoft cmd.exe banner", "Classification":"Successful Administrator Privilege Gain", "Application":"Unknown", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "SnortRuleGroups":"Rule Categories>Indicator>Compromise", "MitreAttackGroups":"MITRE>ATT&CK Framework>Enterprise>Command and Control>Application Layer Protocol", "ApplicationID":4294967295, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":783, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067ee50e7", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"Europe", "InitiatorContinentCode":"eu", "InitiatorCountry":"Germany", "InitiatorCountryCode":"deu", "InitiatorCountryID":276, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997}