elasticmachine
commented
2 weeks ago Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
Open willemri opened 2 weeks ago
elasticmachine
commented
2 weeks ago Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
elasticmachine
commented
2 weeks ago Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
Integration Name
1Password [1password]
Dataset Name
panw.panos.threat_critical
Integration Version
4.0.3
Agent Version
8.14.3
Agent Output Type
elasticsearch
Elasticsearch Version
8.14.3
OS Version and Architecture
RedHat 9
Software/API Version
No response
Error Message
No response
Event Original
<14>Oct 16 11:30:08 pa820 1,2024/10/16 11:30:07,012001004037,THREAT,wildfire,2562,2024/10/16 11:30:07,10.44.32.33,10.111.18.180,0.0.0.0,0.0.0.0,myrulename-1,,,ms-ds-smbv3,vsys1,ZONE,EX_ZONE,ethernet1/2.438,ethernet1/1.317,Panorama-Elastic,2024/10/16 11:30:07,130783,1,50724,445,0,0,0x2000,tcp,allow,"Bedrijfsportal.lnk",LNK File(52094),benign,informational,server-to-client,7405726561341530378,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,,,0,e8f2b0d92350638a371933e26c44d37c7ae7009e3507b8a87432c130e8569dff,eu.wildfire.paloaltonetworks.com,0,,pe,,,,,,12617526913,1433,0,0,0,,pa820,,,,,0,,0,,N/A,N/A,WildFire-0,0x0,0,4294967295,,,b2507f73-978c-41ed-8a30-e531fb2df8ee,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-10-16T11:30:08.018+02:00,,,,storage-backup,business-systems,client-server,3,"able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",ms-ds-smb,untunneled,no,no, ### What did you do? _ see "what did you expect to see" ### What did you see? no file.name ### What did you expect to see? file.name: Bedrijfsportal.lnk ### Anything else? _No response_