Syslog
"<13>Mar 30 19:02:00 <VM-SVR-Update> 916, Vm-svr-update / vm7-xxxxx, 2016-03-30 18:54:30 , lpserver\c.spinks, POP3 filter, Warning, email message, from: "xxxx" <[email protected]> to: [email protected] with subject SUBJECT, Delivery Notification, ID xxxxxxxxxxx dated Thu, 24 Mar 2016 22:24:27 +0000 MME Delivery_Notification_xxxx.zip, JS/Danger.DoubleExtension trojan, deleted, Threat was detected upon receiving email by the application: C:\Program Files\Microsoft xxx\xxxx\xxxx.EXE."
JSON
"Mar 19 11:22:29 ABC ERAServer[8996]: {"event_type":"Audit_Event","ipv4":"1.1.1.1","hostname":"ABC","source_uuid":"xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxx","occured":"19-Mar-2021 10:22:29","severity":"Information","domain":"Domain group","action":"Login attempt","target":"xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxx","detail":"Authenticating domain user 'bcd\\logpoint.com'.","user":"","result":"Success"}"