Sample result by running siem.py as you can see dhost contains - wherein it should be on _
{"endpoint_id": "946955e1-7816-4a26-9c64-cc0d08ca2697", "endpoint_type": "computer", "type": "Event::Endpoint::WebFilteringBlocked", "severity": "low", "name": "Access was blocked to \"https://secure.eicar.org/eicar.com.txt\" because of \"Mal/HTMLGen-A\".", "id": "fd757929-26ce-4fb3-8667-1f9ae1e447a0", "source_info": {"ip": "192.168.1.3"}, "customer_id": "31f3dee5-3097-4ab9-97a3-51d5f2e4ef88", "group": "WEB", "datastream": "event", "duid": "6042f29bf6c2b9241f807096", "end": "2024-03-05T00:57:50.000Z", "dhost": "yeznpogi-123", "suser": "Yeznpogi_123\Yenz", "rt": "2024-03-05T00:57:54.493Z"}
using postman we got this result.
"type": "Event::Endpoint::WebFilteringBlocked",
"source": "Yeznpogi_123\Yenz",
"location": "Yeznpogi_123",
"id": "fd757929-26ce-4fb3-8667-1f9ae1e447a0",
"group": "WEB",
Sample result by running siem.py as you can see dhost contains - wherein it should be on _ {"endpoint_id": "946955e1-7816-4a26-9c64-cc0d08ca2697", "endpoint_type": "computer", "type": "Event::Endpoint::WebFilteringBlocked", "severity": "low", "name": "Access was blocked to \"https://secure.eicar.org/eicar.com.txt\" because of \"Mal/HTMLGen-A\".", "id": "fd757929-26ce-4fb3-8667-1f9ae1e447a0", "source_info": {"ip": "192.168.1.3"}, "customer_id": "31f3dee5-3097-4ab9-97a3-51d5f2e4ef88", "group": "WEB", "datastream": "event", "duid": "6042f29bf6c2b9241f807096", "end": "2024-03-05T00:57:50.000Z", "dhost": "yeznpogi-123", "suser": "Yeznpogi_123\Yenz", "rt": "2024-03-05T00:57:54.493Z"}
using postman we got this result. "type": "Event::Endpoint::WebFilteringBlocked", "source": "Yeznpogi_123\Yenz", "location": "Yeznpogi_123", "id": "fd757929-26ce-4fb3-8667-1f9ae1e447a0", "group": "WEB",