File tree Expand file tree Collapse file tree 1 file changed +57
-0
lines changed Expand file tree Collapse file tree 1 file changed +57
-0
lines changed Original file line number Diff line number Diff line change @@ -12,5 +12,62 @@ supported_TA:
1212 url : https://splunkbase.splunk.com/app/4055
1313 version : 4.8.0
1414fields :
15+ - FromIP
16+ - Index
17+ - MessageId
18+ - MessageTraceId
19+ - Organization
20+ - Received
21+ - RecipientAddress
22+ - SenderAddress
23+ - Size
24+ - Status
25+ - Subject
26+ - ToIP
27+ - _bkt
28+ - _cd
29+ - _eventtype_color
30+ - _indextime
31+ - _raw
32+ - _serial
33+ - _si
34+ - _sourcetype
35+ - _subsecond
1536- _time
37+ - action
38+ - date_hour
39+ - date_mday
40+ - date_minute
41+ - date_month
42+ - date_second
43+ - date_wday
44+ - date_year
45+ - date_zone
46+ - dest
47+ - eventtype
48+ - host
49+ - index
50+ - internal_message_id
51+ - linecount
52+ - message_id
53+ - punct
54+ - recipient
55+ - recipient_count
56+ - recipient_domain
57+ - size
58+ - source
59+ - sourcetype
60+ - splunk_server
61+ - splunk_server_group
62+ - src
63+ - src_user
64+ - src_user_domain
65+ - status_code
66+ - subject
67+ - tag
68+ - tag::action
69+ - tag::eventtype
70+ - timeendpos
71+ - timestartpos
72+ - vendor_product
1673example_log :
' {"Organization": "attackrange.onmicrosoft.com", "MessageId": "<BY5PR08MB62304A5BB7F9EE555B4CEA26DC1C2@BY5PR08MB6230.namprd08.prod.outlook.com>", "Received": "2025-01-16T21:06:46.832439", "SenderAddress": "victim_2@attack_range.lan", "RecipientAddress": "[email protected] ", "Subject": "Accounts and Passwords", "Status": "Delivered", "ToIP": "2607:f8b0:400e:c0d::1a", "FromIP": "189.135.168.197", "Size": 33584, "MessageTraceId": "3567c8ef-cc17-4a3f-d166-08dd3161e4fc", "Index": 3035}'
You can’t perform that action at this time.
0 commit comments