SentinelOne Log Reference

<123>CEF:0|SentinelOne|MGMT|Windows 8.1|19|Threat Detected|11|rt=Jul 14 2017 14:10:00 HelloKey=hello filehash=8abb0a6ace21a12bea2df4fd3b126a5fc5469ffc duid=54f6ce66dfa494cf81159ed8 destinationServiceName=sneezingpanda2006.exe msg=sneezingpanda2006.exe has been detected as malware filePath=\Device\HarddiskVolume1\Users\JohnDoe\Downloads\sneezingpanda2006.exe cs1=Test value1 cs1Label=Test Key1 cn1=1000 cn1Label=Test Key2

<38>1 2024-03-19T07:00:00.000000Z 127.0.0.1 SentinelOne 474bffa249fsadjjkadhjkaskjh191e27a7bdd60ed 1839709025481707843 [activityType@53163 activityType="5126"][activityId@53163 activityId="1839709025481707843"][siteId@53163 siteId="764204929626831137"][siteName@53163 siteName="IT-Total Internal (IT_00000000)"][accountId@53163 accountId="21212xxx32323232323"][accountName@53163 accountName="aaaaa"][notificationScope@53163 notificationScope="SITE"][activityUuid@53163 activityUuid="cf9b8fa5-b67e-46d9-9179-08074556cf64"][userId@53163 userId="-"][updatedAt@53163 updatedAt="2024-03-19T07:00:00.000000Z"][groupName@53163 groupName="Test Group"][accountName@53163 accountName="aaaaa"][groupId@53163 groupId="1312929sdsadas2659313"][secondaryDescription@53163 secondaryDescription="-"][agentUpdatedVersion@53163 agentUpdatedVersion="-"][createdAt@53163 createdAt="2024-03-19T07:00:00.000000Z"][hash@53163 hash="-"][threatId@53163 threatId="-"][comments@53163 comments="-"][description@53163 description="-"][accountId@53163 accountId="21212xxx32323232323"][data.uid@53163 data.uid="05022016"][data.creator@53163 data.creator="N/A"][data.osType@53163 data.osType="windows"][data.ruleId@53163 data.ruleId="-1"][data.version@53163 data.version="N/A"][data.eventId@53163 data.eventId="{f21c2b69-9a52-11ee-bfa5-806e6f6e6963}"][data.groupId@53163 data.groupId="1312929715812659313sdsadasta.interface@53163 data.interface="USB"][data.realUser@53163 data.realUser="-"][data.ruleName@53163 data.ruleName="-"][data.ruleType@53163 data.ruleType="productId"][data.siteName@53163 data.siteName="IT-Total Internal (IT_00000000)"][data.vendorId@53163 data.vendorId="8087"][data.eventTime@53163 data.eventTime="2024-03-19T07:32:44.717+00:00"][data.eventType@53163 data.eventType="connected"][data.groupName@53163 data.groupName="Test Group"][data.ipAddress@53163 data.ipAddress="-"][data.productId@53163 data.productId="AF1"][data.scopeName@53163 data.scopeName="Test Group"][data.deviceName@53163 data.deviceName="INTEL XMM7360"][data.lmpVersion@53163 data.lmpVersion="N/A"][data.minorClass@53163 data.minorClass="N/A"][data.scopeLevel@53163 data.scopeLevel="Group"][data.sourceType@53163 data.sourceType="API"][data.accountName@53163 data.accountName="aaaaa"][data.deviceClass@53163 data.deviceClass="00h"][data.gattService@53163 data.gattService=""][data.computerName@53163 data.computerName="IT-246"][data.profileUuids@53163 data.profileUuids="N/A"][data.ruleScopeName@53163 data.ruleScopeName="-"][data.bluetoothAddress@53163 data.bluetoothAddress=""][data.manufacturerName@53163 data.manufacturerName=""][data.fullScopeDetails@53163 data.fullScopeDetails="Group Test Group in Site IT-Total Internal (IT_00000000) of Account aaaaa"][data.physicalDeviceId@53163 data.physicalDeviceId="-"][data.fullScopeDetailsPath@53163 data.fullScopeDetailsPath="Global / aaaaa / IT-Total Internal (IT_00000000) / Test Group"][data.lastLoggedInUserName@53163 data.lastLoggedInUserName="martin.holm-sjolin"][siteName@53163 siteName="IT-Total Internal (IT_00000000)"][agentId@53163 agentId="1241785284218180912"][osFamily@53163 osFamily="-"][siteId@53163 siteId="764204929626831137"] ???USB device INTEL XMM7360 was connected on IT-246.