-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathtest.json
27 lines (27 loc) · 1.03 KB
/
test.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"body": {
"data": {
"detections.action_taken": "Detection, standard detection.",
"detections.command_line": "choice /m crowdstrike_sample_detection",
"detections.file_name": "choice.exe",
"detections.file_path": "\\Device\\HarddiskVolume2\\Windows\\System32",
"detections.ioc_type": "<nil>",
"detections.ioc_value": "<nil>",
"detections.objective": "Falcon Detection Method",
"detections.parent_command_line": "cmd.exe",
"detections.parent_image_file_name": "\\Device\\HarddiskVolume2\\Windows\\System32\\cmd.exe",
"detections.severity": "Low",
"detections.tactic": "Malware",
"detections.technique": "Malicious File",
"detections.url": "https://www.example.com",
"detections.user_name": "TEST_USERNAME",
"devices.hostname": "TEST_COMPUTER"
},
"meta": {
"event_reference_url": "https://www.example.com",
"timestamp": 1633379588,
"trigger_name": "detections.new",
"workflow_id": "12314515135113241231234124312346"
}
}
}